VinciWorks’ GDPR data protection course is now available in German. The course combines the latest in policy and law with best practice guidelines. It provides real-world scenarios, interactive features and review questions to test understanding of key points. By completing this course users will learn how to comply with data protection laws for their specific role in the organisation. The online training is based on the General Data Protection Regulations (GDPR).

German Data Protection Amendment Act

While GDPR will be coming into force across Europe on 25 May 2018, Germany has already enacted a new data protection law to prepare for the new regime. The German Data Protection Amendment Act (GDPAA) enters into force on 25 May 2018 and contains some key national differences with GDPR.

The processing of employee data is generally allowed if it is necessary for establishing or carrying out an employment relationship. Sensitive personal data can be processed for a variety of health reasons. However, safeguards must be in place to protect the data, including the appointment of a data protection officer.

Subject Access Requests are also restricted somewhat by the GDPAA. If the data is stored only to comply with statutory retention provisions or for data backup, then an exemption to complying with an SAR may apply.

The right to erasure under GDPAA, one of the key features of GDPR, has been the subject of much controversy and criticism from the European COmmission. German law exempts the data controller from the obligation to erase personal data where this would be impossible or where it would constitute a disproportionately high effort when compared to the data subject’s minor interest. It is likely this point will be the subject of ongoing litigation.

The GDPAA also contains a much lower threshold for appointing a data protection officer (DPO) than GDPR. In Germany, if the business would be subject to a Privacy RIsk Assessment or if it conducts commercial data processing, then it will be required to appoint a DPO. Otherwise, a business with a minimum of ten employees who carry out automatic processing of personal data on an ongoing basis must appoint a DPO.

Large fines and possible imprisonment

Along with GDPR fines of up to 4% of annual turnover, under GDPAA, a fine of €50,000 can be levied against anyone who breaches the legislation either intentionally or through negligence. More serious breaches are subject to criminal prosecution which could result in three years imprisonment.

Fully customisable data protection course in German

Anyone working in Germany should familiarise themselves with the latest in data protection and ensure they are ready. VinciWorks’ Data Protection: Privacy at Work (German) course is fully customisable. A ‘personal learning path builder’ tailors the content to a user’s role. It can be configured into over 1,000 individualised courses, including for IT, HR, marketing, HIPAA and more. It can easily be tailored to include internal training material such as: important contact information, links to internal policies and custom learning modules.