Successful training and exchange series for data protection coordinators – continuation planned for 2026

Strong need for exchange and guidance

Originally designed as training courses on basic data protection topics – such as the register of processing activities (RPA), data subject rights, data protection impact assessments and how to deal with data breaches – the sessions very quickly developed into intensive exchange formats.

The introductory rounds revealed how diverse the data protection issues are in the individual organisational units. The participants contributed specific cases, challenges and questions from their everyday work, so that the introductory round often filled the entire session.

The feedback was consistently positive: the opportunity for collegial exchange, the joint classification of specific cases and the chance to clarify uncertainties immediately were particularly appreciated.

Recurring topics and unresolved issues

Across all three dates, several topics emerged that are of equal concern to many DSKs:

• Maintaining the Records of processing activities (VVT): There is particular uncertainty regarding the distinction between procedures and software, as well as when creating new entries.
• Transparency in the VVT: Currently, data protection coordinators can only view their own procedures. Some DSKs find it helpful to have a broader view of university-wide entries.
• Need for clarification on everyday issues: Many data protection-related issues arise spontaneously in practice and affect organisational, technical and communicative aspects in equal measure.

The intensive participation shows how important the role of the DSK is for data protection-compliant work in the areas – and how high the need for guidance, exchange and mutual support remains.

Further development of the format in 2026

Based on the positive experiences, the series will be continued and further developed in 2026.
Several compact face-to-face sessions (approx. 90 minutes) are planned, each with a thematic focus, e.g.:

• VVT and new procedures
• Deletion concepts
• Rights of data subjects and requests for information
• Reporting obligations in the event of data breaches
• Data protection impact assessments (DSFA)
• Technical and organisational measures (TOMs) and otris privacy (in cooperation with the GDPR team at IT-S)

The events will take place throughout the year. Each event will consist of a short technical presentation followed by a moderated Q&A session – both on the respective focus topic and on current practical issues.

The specific schedule for 2026 will be communicated in advance via the intranet.

Many thanks to the data protection coordinators

The high level of participation and openness in the discussions shows how committed the data protection coordinators at the university are and how essential their role is for the secure and legally compliant handling of personal data.

We would like to express our sincere thanks to all participants for their contributions, questions and commitment.

If you have any questions or suggestions, please do not hesitate to contact the data protection officer, Manfred Höffken.