Certified:r data protection auditor

Introduction and basics of the data protection audit

• Sense, purpose and objectives of an audit.
• Professional and personal requirements for the:internal:n/external:n data protection officer:n/datadata protection auditor.
• Position of data protection auditors.
• Audit types and audit types.
• Determination of the scope of audits.

The internal data protection officer (DPO) as an auditor in the company

• Legal obligations of the DPO - reviewing, advising and monitoring a DMS.
• Position and role of the internal DPO as data protection auditor:in.
• DPO procedure for new appointments: inventory audit and ongoing re-monitoring audits.

Legal framework and requirements for an operational data protection management system (DSMS)

• In-depth study of the legal foundations of data protection law using case studies: General requirements and areas of application, legal bases and significance of data protection principles, rights of data subjects, data protection contract typologies.
• data privacy through technology design, data security and data breach.
• Special laws and legal peculiarities.
• Current rulings in data protection law and the views of the supervisory authorities.
• Structure and elements of a DSMS.
• Relationship to other operational management systems (e.g.: ISO 9000 ff.; ISO 27001 ff.; BS; IDW PS 980) and recognized standards in the area of data privacy (standard data protection model).

Planning and preparation of a data protection audit

• Methods and tools for the data protection audit.
• Development of an audit program - determination of the subject of the audit, including clarification of responsibilities.
• Preparation of the contacts.
• Pre-audit by the auditor, including elements of a short checklist.
• Development of a list of questions for the audit.

Implementation of a data protection audit

• Examination of the structural and process organization - structure and inspection.
• Interviews as a source of information - content and procedure.
• Documents as a source of information.
• Review and examination of data protection documents and contracts.
• Processes and design as a source of information.
• Checking the technical/organizational security measures.
• Inspection and own perception as a source of information.

Completion/termination of a data protection audit

• As-is recording and analysis; weak point and risk analysis.
• Design of the audit documentation (findings).
• Evaluation and assessment of the results: Formation of a score value/scale for the level of data protection.
• Handling of deviations and conformities.
• Development of an action plan to harmonize/raise the level of data protection - post-audit after harmonization.
• The audit report - structure, content and requirements.
• Final meeting on the audit - explanation and presentation of the report.
• Proof of effectiveness - certificates, seals & co. at the end of the audit.

Critical audit situations - behavior and possible solutions

Recommendations and guidelines for practice

Explanation of sample processes in day-to-day business operations and presentation of tools (questionnaire, test criteria for individual processing operations, sample reports).

Conclusion, discussion of open questions and exam preparation