-
Certificates: Data protection officer" certificate
-
Additional Certificates: Certificate "Data protection officer with TÜV Rheinland-certified qualification"
Certificate "Data protection auditor with TÜV Rheinland certified qualification"
Certificate "Compliance Officer with TÜV Rheinland-certified qualification" -
Examination: Practical project work with final presentations
Data protection officer with TÜV Rheinland-certified qualification
Data protection auditor with TÜV Rheinland-certified qualification
Compliance Officer with TÜV Rheinland-certified qualification -
Teaching Times: Full-timeMonday to Friday from 8:30 a.m. to 3:35 p.m. (in weeks with public holidays from 8:30 a.m. to 5:10 p.m.)
-
Language of Instruction: German
-
Duration: 12 Weeks
Data protection officer with TÜV Rheinland-certified qualification
Data protection in the company - basics (approx. 2 days)
Structure of the European General Data Protection Regulation
The Federal Data Protection Act - subject matter and objectives
GAP analysis between BDSG and GDPR
Areas of application
Definitions of terms
Principles and rights of data subjects (approx. 1 day)
Principles for the processing of personal data
Legitimate interests
Consent
Transparency requirement
Duty to inform
Rights of data subjects
Rectification and erasure
Right to object
Restrictions
Responsible persons and data processors (approx. 2 days)
Privacy by design & default, risk assessments
Order processing
Register of processing activities
Security of processing
Entry, access and access controls
Data protection impact assessment
Data protection officer (appointment, position, tasks, attitude, probationary period)
Other bodies with a data protection function
The role of the works council (co-determination)
Code of conduct, certification, pre-audit, main audit, post-audit
Artificial intelligence (AI) in the work process
Presentation of specific AI technologies
and possible applications in the professional environment
Transfer of personal data (approx. 2 days)
General principles of natural transfers
Data transfers to third countries
Supervisory authorities
Responsibilities, tasks, powers
Legal remedies, liability and sanctions (approx. 2 days)
Legal remedies
Liability, fines, sanctions
Special processing situations
Final provisions
Federal Data Protection Act (approx. 1 day)
Scope of application, video surveillance of public areas
Exceptions to the rights of data subjects
DPOs of public and non-public bodies
LDAs, fine regulations, sanctions
IT security and data protection (approx. 3 days)
Network components, storage components (RAID)
Basics of access management
IT security basics
IT baseline protection standards
Risk factors
Improvement options
Other areas of responsibility (approx. 3 days)
Basics of social data protection
Basics of employee data protection
Personnel file, data access and information rights
Setting up and operating a data protection management system and SDM
The legal framework of outsourcing from a data protection perspective
Data protection in the area of marketing and advertising measures
TDDDG (approx. 1 day)
Structure and contents of the Telecommunications Digital Services Data Protection Act
Project work, certification preparation and certification exam "Data Protection Officer with TÜV Rheinland certified qualification" (approx. 3 days)
Data protection auditor with TÜV Rheinland-certified qualification
Basics (approx. 2 days)
Objectives of data protection audits
Basic knowledge of data protection policy (company objectives, principles of action)
EU-DSGVO
Requirements for internal audits and auditors
Data protection management system (approx. 3 days)
Requirements for setting up a data protection management system
Process models for setting up and introducing a data protection management system
Methods, techniques and tools
As-is recording and analysis, identification of weak points, risk analysis
Artificial intelligence (AI) in the work process
Presentation of specific AI technologies
and possible applications in the professional environment
Standard data protection model (approx. 1 day)
Current status and introduction
SDM implementation and requirements from GDPR
Warranty objectives of the SDM
Generic measures
SDM building blocks
Data protection concept (approx. 2 days)
Relationships to other operational management systems (DIN EN ISO 9000ff., 27001ff.)
Creation of an audit program (approx. 2 days)
Preparation of an audit program
Creation of audit questionnaires
Audit depth
Audit implementation (approx. 4 days)
Interviews as a source of information
Document review on site
Inspection of technical equipment
Examination of the structural and process organization
Examination of technical and organizational security measures
Inspections
Audit evaluation (approx. 3 days)
Evaluation, audit report and follow-up measures
Preparation of an audit report
Tracking of measures
Presentation of possible tools (checklists, questionnaire, audit plans, deviation reports)
Corrective measures
Project work, certification preparation and certification exam "Data protection auditor with TÜV Rheinland certified qualification" (approx. 3 days)
Compliance Officer with TÜV Rheinland-certified qualification
Compliance basics (approx. 1 day)
Differentiation from ethics
Importance of corporate culture
Change management for a practiced compliance culture
Historical background and international development of compliance
Compliance challenges in the context of globalized markets
Compliance as a competitive advantage
Compliance culture (approx. 3 days)
Compliance culture as an elementary prerequisite for a CMS
Values and integrity management (tone from the top/tone at the top)
Leadership commitment and awareness building
DCGK - Corporate Governance vs. Compliance Management
Code of conduct and compliance policy as the "moral backbone" of a company
Code of Conduct - manifestations and benefits - obligation or "window dressing"?
Implementation of a Code of Conduct: Employment law perspective, co-determination obligations under employment law
LkSG - Supply Chain Due Diligence Act
Artificial intelligence (AI) in the work process
Presentation of specific AI technologies
and possible applications in the professional environment
Compliance risk (approx. 2 days)
Risk perception and risk psychology
Strategic risk management and enterprise risk management
Risk management as a mandatory management task §§91 and 93 AktG
Compliance risk - terminology and analysis
Compliance risk identification - top-down and bottom-up methods
Compliance risk management - procedures and instruments
Antitrust compliance (approx. 1 day)
European antitrust law under the TFEU and German antitrust law under the GWB
From the "independence postulate" to the "impact principle"
Antitrust law risks - restriction of competition by object or effect
Corruption prevention (approx. 1 day)
Corruption of public officials vs. private corruption
Relationship management, social adequacy and zero tolerance - problem outline
5-step plan
Money laundering prevention (approx. 1 day)
From the catalog of predicate offenses to the all-crime approach
Causal chain, FATF, EU directives, GWG
Obligations under the GWG and the fulfillment of due diligence and reporting obligations
Export control (approx. 1 day)
Principle of free foreign trade and associated restrictions
Basic questions of export compliance, possible legal consequences and sanctions to be observed
Internal Export Compliance Program
Compliance Organization (approx. 2 days)
Compliance as an interface task in the external and internal relationship of a company
Stakeholder analysis and the importance of the concept of corporate social responsibility for compliance management
Importance of the supervisory board in particular for compliance management
Compliance documentation: functions, security measures and documentation content
Whistleblower systems: origins, criteria, benefits, international legal framework (SOX, Dodd-Frank Act, UKBA, Sapin II)
Whistleblower systems (approx. 1 day)
GeschGehG - betrayal of secrets and whistleblowing, justification solutions §§ 138, 34 StGB, criminal law risks for whistleblowers
Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019
Whistleblower Protection Act - HinSchG 2022 - Practical relevance for companies and actual effectiveness with regard to effective whistleblower protection
Options for setting up a whistleblower system and their advantages and disadvantages
Compliance Officer (approx. 2 days)
Classification of the compliance structure, understanding of roles
CMS and Compliance Board as instruments for reducing information asymmetries and establishing effective compliance structures
Tasks and personality profile
BAFIN's MaComp as orientation for the employment contract and job description of a CO
Civil and criminal liability risks of a CO - position of guarantor under Section 13 StGB
Reflections on standing and positioning in the future
Compliance control (approx. 1 day)
Standards ISO 37301 and IDW PS 980
Implementation and testing of a CMS incentive model in accordance with BGH case law
Management and organizational specifications, as well as necessary measures for the implementation of a CMS
High-level structure and PDCA cycle as defining characteristics of ISO 37301
Adequacy and effectiveness checks, internal and external audits, certification of a CMS
Reactions to compliance violations (approx. 2 days)
Internal investigation: right or duty?
VerSanG - driver for compliance?
Conducting an internal investigation - essentials: decision-making authority, urgent measures, emergency plan, data protection, employment law, co-determination obligations, employee surveys
Sanctions and liability
Amnesty programs, termination as a last resort, alternatives: Release, reassignment, transfer, recourse claims
Liability of the management board of the AG, business judgment rule and reversal of the burden of proof
Liability of GmbH managing directors, role of D&O insurance and criminal liability insurance in cases of non-compliance
Crisis communication: principles and strategies
Project work, certification preparation and certification exam "Compliance Officer with TÜV Rheinland certified qualification" (approx. 2 days)
Changes are possible. The course content is updated regularly.
After completing the course, you will be familiar with the essential tasks in data protection. You will have the necessary knowledge based on the current EU GDPR for the legally compliant handling of personal data as well as knowledge of data protection organization and IT security. You will also have specialist knowledge of an efficient data protection management system and be able to successfully plan, carry out and evaluate data protection audits.
You will also be prepared for your duties as a compliance officer. You know the basics of company law and can thus minimize liability risks. You will also be familiar with the requirements of a compliance management system.
The course is aimed at employees from the areas of human resources, administration, quality management or the legal department.
The compliance officer's area of responsibility is growing all the time. Companies in the banking and financial services, insurance and service industries are therefore increasingly reliant on their services. Compliance officers are also increasingly sought after in public administrations, associations and some organizations and corporations.
Didactic concept
Your lecturers are highly qualified both professionally and didactically and will teach you from the first to the last day (no self-study system).
You will learn in effective small groups. The courses usually consist of 6 to 25 participants. The general lessons are supplemented by numerous practical exercises in all course modules. The practice phase is an important part of the course, as it is during this time that you process what you have just learned and gain confidence and routine in its application. The final section of the course involves a project, a case study or a final exam.
Virtual classroom alfaview®
Lessons take place using modern alfaview® video technology - either from the comfort of your own home or at our premises at Bildungszentrum. The entire course can see each other face-to-face via alfaview®, communicate with each other in lip-sync voice quality and work on joint projects. Of course, you can also see and talk to your connected trainers live at any time and you will be taught by your lecturers in real time for the entire duration of the course. The lessons are not e-learning, but real live face-to-face lessons via video technology.
The courses at alfatraining are funded by Agentur für Arbeit and are certified in accordance with the AZAV approval regulation. When submitting a Bildungsgutscheinor Aktivierungs- und Vermittlungsgutschein, the entire course costs are usually covered by your funding body.
Funding is also possible via Europäischen Sozialfonds (ESF), Deutsche Rentenversicherung (DRV) or regional funding programs. As a regular soldier, you have the option of attending further training courses via Berufsförderungsdienst (BFD). Companies can also have their employees qualified via funding from Agentur für Arbeit (Qualifizierungschancengesetz).