DSGVO (GDPR) Fundamentals for Businesses

Target Group:
This seminar is aimed at professionals, managers, and data protection officers within companies who wish to develop a fundamental understanding of the General Data Protection Regulation (DSGVO / GDPR). It is particularly suitable for beginners, but also for individuals who want to deepen their knowledge of how to implement the DSGVO/GDPR in practice.

Module 1: Introduction to the DSGVO/GDPR – Basics

  • What is the DSGVO/GDPR?
    An overview of the General Data Protection Regulation and its importance for businesses and individuals, both within the EU and globally.

  • Goals and Principles of the DSGVO/GDPR
    The protection of privacy and the rights of data subjects, as well as fostering a harmonized data protection framework across the EU.

  • Key Terms of the DSGVO/GDPR
    Definitions of essential terms such as "personal data," "processing," "data subject," "controller," and "processor."

  • The History of the DSGVO/GDPR
    The evolution of European data protection law and the driving forces behind the introduction of the DSGVO.

Module 2: Rights of Data Subjects

  • Right to Access
    How data subjects can request information about the processing of their personal data.

  • Right to Rectification and Erasure
    When and how data subjects can have their data corrected or deleted under the DSGVO.

  • Right to Data Portability
    How personal data can be transferred from one system to another in a structured and accessible format.

  • Right to Object
    How and when data subjects can object to data processing activities.

  • Right to Restrict Processing
    How data subjects can limit the scope or processing of their data under certain conditions.

Module 3: Responsibilities of Controllers and Processors

  • Controller and Processor
    Who is responsible for ensuring compliance with the DSGVO/GDPR? Understanding the roles of the controller and processor.

  • Record of Processing Activities
    How to maintain a record of all data processing activities, and the essential information that must be documented.

  • Data Protection Impact Assessment (DPIA)
    When is a DPIA necessary, and how should it be conducted to assess the impact on data subjects' privacy?

  • Data Processing Agreements (DPA)
    What must be included in contracts between controllers and processors to ensure DSGVO compliance?

Module 4: Data Protection Organization within the Company

  • Data Protection Officer (DPO)
    When and why businesses need to appoint a Data Protection Officer (DPO) to oversee DSGVO compliance.

  • Creating a Data Protection Policy
    How businesses can develop, implement, and maintain a comprehensive data protection policy aligned with the DSGVO.

  • Employee Training and Awareness
    The importance of employee education on data protection and privacy to ensure a culture of compliance.

  • Documentation Obligations
    The types of documentation required to demonstrate DSGVO compliance in the event of an audit or investigation.

Module 5: Data Protection in Data Processing

  • Processing Personal Data
    Which data can be processed under the DSGVO and what specific security measures must be in place to safeguard personal data?

  • Consent for Data Processing
    How to ensure valid, informed consent is obtained from data subjects for processing their personal data.

  • Automated Decision-Making and Profiling
    The implications of automated decisions and profiling under the DSGVO, and how companies should handle them in accordance with the regulation.

Module 6: Technical and Organizational Measures (TOM)

  • Security Requirements under the DSGVO/GDPR
    What technical and organizational measures businesses need to take to protect personal data, including encryption, anonymization, and data minimization.

  • Encryption and Pseudonymization
    The importance of data encryption and pseudonymization as security measures, and how to implement them.

  • Data Backup and Recovery
    How to ensure the integrity and availability of personal data, with an emphasis on creating reliable data backup and disaster recovery plans.

Module 7: Data Breaches and Reporting Obligations

  • What is a Data Breach?
    Understanding the various types of data breaches and their potential impact on data subjects and organizations.

  • Reporting Obligations for Data Breaches
    How and when data breaches must be reported to supervisory authorities and affected individuals as per DSGVO requirements.

  • Incident Documentation
    How to document incidents of data breaches effectively and take the necessary corrective measures to prevent future occurrences.

Module 8: Data Protection in an International Context

  • Data Transfers to Third Countries
    What rules apply to the transfer of personal data outside of the EU/EEA, and how to ensure that such transfers are legally compliant with the DSGVO.

  • Standard Contractual Clauses and Privacy Shield
    How businesses can secure international data transfers using legal mechanisms such as standard contractual clauses or the EU-U.S. Privacy Shield (if applicable).

  • Role of Supervisory Authorities
    Understanding the responsibilities and powers of national and European data protection authorities in enforcing DSGVO compliance.

Module 9: Liability and Sanctions

  • Fines and Penalties
    What sanctions can businesses face if they fail to comply with the DSGVO, including potential fines, penalties, and reputational damage.

  • Liability for Data Protection Violations
    Who is liable in the event of a data protection breach under the DSGVO? This includes controllers, processors, and possibly third parties.

  • Limitation and Compensation Claims
    What are the timeframes for enforcement, and how can individuals seek compensation for GDPR violations?

Module 10: Practical Examples and Case Studies

  • Successful DSGVO Implementations
    Examples of businesses that have successfully implemented DSGVO-compliant processes and frameworks.

  • Common Pitfalls and Challenges
    Real-world analysis of common DSGVO violations and how to avoid them.

  • Current Developments and Outlook
    Updates on the latest developments in data protection law, including potential amendments to the DSGVO, and their impact on businesses.

Training Formats:

  • In-Person Training: Intensive on-site workshop with expert lectures, practical exercises, and interactive discussions.
  • Online Course: Flexible, interactive learning via live webinars, recorded sessions, and practical modules.
  • Inhouse Training: Custom-tailored training for your company, focusing on your specific data protection needs and challenges.

Duration:

  • 1 Day: Compact introduction to the DSGVO/GDPR and its core principles.
  • 3 Days: In-depth DSGVO/GDPR knowledge with practical applications, case studies, and hands-on activities.
  • 5 Days: Comprehensive training with interactive workshops, deep dives into GDPR-related topics, and scenario-based simulations.

Methods:

  • Theoretical insights from DSGVO/GDPR experts.
  • Practical workshops and exercises.
  • Group work, interactive discussions, and case studies.
  • Simulations of data breaches and crisis response scenarios.

Your Benefits:

  • In-depth understanding of the DSGVO/GDPR and its implementation within your organization.
  • Practical tools for ensuring GDPR compliance across departments and business processes.
  • Knowledge of GDPR rights, obligations, and penalties for both controllers and processors.
  • Best practices for data protection governance and how to avoid common compliance issues.

Costs:

The seminar costs vary depending on the format and scope. Please contact us for a tailored offer.

Registration:

Sign up now to ensure that your company is DSGVO/GDPR-compliant and well-prepared for any data protection challenges!

Menü