Data Privacy and Protection

Objectives

This course will cover not only founding principles behind the GDPR but also plant
new thinking and tools on how best to meet this challenge of adhering to the
requirements of the EU GDPR especially if tasked with the role of a DPO.
The programme will equip participants with the knowledge and practical skills
required for developing, implementing and proactively managing a successful GDPR
strategy for their own organisation.
At the end of the course, the learner will have acquired the following competencies
allowing him/her the responsibility and autonomy to:
. Present a GDPR privacy program approach/framework to the board.
. Articulate privacy risks in relation to other organisational risks, e.g. corporate,
IT, security, etc., to the board.
. Communicate with legal on GDPR compliance

General characterization

Code

200182

Credits

7.5

Responsible teacher

Karen Öqvist

Hours

Weekly - Available soon

Total - Available soon

Teaching language

Portuguese. If there are Erasmus students, classes will be taught in English

Prerequisites

None.

Bibliography

A HANDS-ON GUIDE TO GDPR COMPLIANCE: Putting the Theory into Practice.
Authors: Karen Lawrence Öqvist MBA MSc FIP CIPP/E CIPM CIPT and Filip Johnssén
LL.M FIP CIPP/E CIPM CIPT (publisher IAPP, in print)

Teaching method

The five main teaching and learning methods used in the class will be:
1. lectures and related support material available online;
2. open discussion and debate in class;
3. group work in developing solutions to case problems (and presentations);
4. computer workshops with hands-on access to best-in-class digital tools;
Guest speakers from industry will also be invited to speak to the participants in class.
At the end of the course the participants will sit for a 2.5-hour online exam with
instant results. A pass is awarded if the participant obtains 70% correct answers,
overall in the three sections (covering the 3 modules) of the exam.
Participants who fail to pass the exam will have the possibility of a resit.

Evaluation method

At the end of the course the participants will sit for a 2.5-hour online exam with
instant results. A pass is awarded if the participant obtains 70% correct answers,
overall in the three sections (covering the 3 modules) of the exam.
Participants who fail to pass the exam will have the possibility of a resit.

Subject matter

1. Module 1 : Privacy & GDPR Foundations
1.1 Privacy is individual-centric!
1.2 Getting the basics of GDPR
2. Module 2 : Accountability and Privacy Risk
2.1 A Risk-based approach to privacy
2.2 Are you a Controller?
2.3 Are you a Processor?
2.4 There¿s been a breach!
2.5 Accountability
2.6 The role of the DPO
3. Module 3 : Getting the Privacy Program Right!
3.1 Data Protection by Design (DPbD) as a default
3.2 Get it right with the privacy program
3.3 GDPR as a change management vehicle
3.4 Achieving operational efficiencies through GDPR