Images

Data Protection Management

The Big Data for Civil Engineering and Architecture- B.I.M. MASTER

Description of the course

Since the full application of Regulation (EU) 2016/679 on the protection of personal data, the GDPR introduced a real change in the treatment of data subjects' information by data controllers or data processors: from the principle of accountability, to the risk-based approach to data management.
This set of activities is part of an organic system called the Personal Data Management System (PDMS), which, in turn, requires management figures able to design, implement and maintain it, also thanks to the delicate and daily task of interpreting legislation and practical formulation of privacy regulations.
In this new framework of accountability, one of the emerging trends in the Italian labor market landscape is two key figures, on the one hand the Data Protection Officer (DPO), on the other hand the Privacy Manager. The one with the tasks of ensuring, independently, the full application of the provisions of the GDPR in the respective organization, the other with the objective of following the implementation of data flow management measures in accordance with the Regulation, including those of risk mitigation.
The course offers a wide range of topics and examples brought by the faculty in the field of personal data management, in particular, through the study program, the profiles prepared by the Training Course for Privacy Manager and Data Protection Officer in "Privacy & Data Protection Management" will be able to develop a concrete professionalism aimed at the following activities:

  • design, implementation and management of a Privacy Management System (PMS)
  • definition of the privacy organization chart and management of customer/supplier relations
  • mapping of personal data flows, treatment records
  • design and management of a process for the management of the rights of the interested parties, communication and transparency with the interested parties
  • management of consent in the company
  • analysis and definition of context for the transfer of personal data to non-EU countries
  • management of personal data risk assessment
  • analysis and coordination with information security and cyber security areas for effective response to cyber threats
  • understanding and management of processing risks, appropriate security measures and the role of encryption
  • managing activities in response to privacy inspections and requests for information from the Privacy Guarantor
  • management of disputes and brand-reputation following sanctions or data breaches

Why it is important to attend a Data Protection Management course

With the GDPR, organizations need professionals trained and adapted to the role of manager of the Personal Data Management System, able to enhance the value of information as a key business asset. All this through specific competences and practical implementation skills, i.e. a balance of knowledge and experience, theory and applicability, as well as the ability to dialogue and interact with the Guarantor Authority for the protection of personal data.
For this reason was born the Training Course for Privacy Manager and Data Protection Officer in "Privacy & Data Protection Management", sponsored by the Guarantor for the protection of personal data.
The teaching program offers the possibility to draw from the remote access to the e-learning platform of the University UNINETTUNO, the multi-year experience of the prestigious teaching staff in the field of data protection management: DPOs and Privacy Officers of primary Italian companies, both public and private, and members of the Guarantor Authority for the protection of personal data.
Thanks to the patronage of the Guarantor for the protection of personal data, the faculty, as well as all the material available to the learner (ex, regulations, case law, case studies, etc.), the course offers a preferential title for the demonstration of compliance with Art. 37 of the GDPR (competences of the DPO) both in public and private sectors, with particular reference to the enhancement of professional qualities, specialized knowledge of legislation and practices in the field of data protection, including tools that can support the ability to perform the tasks of the data protection officer and privacy manager in complex situations.

Enrollment Information

It is possible to enroll throughout the year.

Course duration

The course is available for one year from the date of enrollment.

Certification

Upon completion of the course will be possible to download from the portal the certificate of completion of the course.

Costs

The enrollment fee for the course is 399 €. + VAT

Access qualifications

The minimum requirement for enrollment in the course is the possession of a:

  • Three-year (Bachelor's) degree
  • Second-Level (Master's) degree
  • Equivalent foreign university degree

How to study

The training course is divided into 22 lessons, organized in a part of online teaching activities through video lessons, linked to educational materials.
Each module envisages a video professor and in order to obtain the course title, which will be issued by the International Telematic University UNINETTUNO, it is necessary to pass the final exam.

Video lessons program

Program

Lesson 1. Privacy in the Digital Era and the GDPR

Contents: The module provides an overview of the current rules in the field of personal data protection and the institutions responsible for safeguarding the rights of those concerned. An overview of the current regulatory framework and possible scenarios of evolution, from the ePrivacy Regulation to the Directive on Electronic Commerce. The learner will have the opportunity to acquire different insights to understand how the digitization and online presence of companies must be designed in function of the data exchanged on the network of users.

Lesson 2: Privacy Roles and Responsibilities

Contents: The content of the lessons will deepen the aspects related to the correct identification of privacy profiles. It will be analyze the proper allocation of roles and responsibilities between owner, joint owner and controller, not only aimed at the preparation of deeds between the parties, but compliance with the principles of privacy-by-default and privacy-by-design. A path that will allow to acquire the right awareness in the management of relations with third parties than the owner of the treatment, even in the presence of Internet providers located in non-EU countries.

Lessons 3-5. The principles applicable to the treatment

Contents: The lessons explore the principles applicable to the processing of personal data, then the adjustment operations for compliance with Art. 5 and 6 of the GDPR. The learner will be able to deepen important notions useful for the practical application of the principles of lawfulness and fairness of treatment, as well as the proper management of consent. The lessons include an in-depth study of the legal basis for the treatment and the importance of proper management of treatment flows in real contexts.

Lessons 6-8. The rights of data subjects and the transfer of data outside the EU

Contents: The aspects related to the proper relationship between the data controller and the data subject include a variety of compliance actions ranging from the implementation of internal procedures specifically defined and the proper management of processing flows, including those extra-EU. The body of the lessons aims to provide an in-depth study of the measures provided for in sections 2-4 and Chapter V of the GDPR, then the rights of the data subject, to facilitate the exercise of the latter with particular focus on the right to be forgotten. There will be an in-depth look at how to manage cross-border data flows, from BCRs to possible exemptions, as well as the conditions for transferring data to the US and UK.

Lesson 9. Communication and Transparency

Contents: The principle of transparency is fundamental to managing the relationship with the data subjects whose data your organization processes. The module provides insights and practical applications on how to implement a proper transparency process and comply with the principles enshrined in Articles 14-15 of the GDPR. The notions provided are also aimed at the declination of the obligations of transparency and communication in case of online management of information, first of all cookies, up to the management of crisis communication, as in the case of the so-called data breach.

Lesson 10: The Personal Data Management System and Audit

Content: The lessons aim to provide the basic elements for understanding the usefulness of a Personal Data Management System (PDMS), in view of the specific context in which the organization operates. The principle of accountability is the cornerstone of the PDMS, which consists of ordinary procedures, policies, but also extraordinary, as in the case of Data Breach. Thanks to an examination of the main processes involving personal data, the lessons lead the learner to understand the usefulness of document management also aimed at auditing in the GDPR area. 

Lesson 11: The DPO and Risk Assessment

Content: The risk assessment is an essential activity for the choice of appropriate security measures. The lesson aims to provide a set of practical elements for compliance with sections 2 and 3 of the GDPR, providing an overview of the guidelines and standards that can be used, and then deepen  the most relevant aspects of risk assessment, the applicable methodology, and the role of the DPO.

Lectures 12-13. Information Security and Data Management

Contents: The module allows the learner to receive a set of fundamental notions to understand the role of information security in the company, including the synergies with the activities in the field of data protection. The material available and the insights provided will give the opportunity to fully understand what are the main mechanisms for the management of information security, where processes, assets and information flows are analyzed in function of the possibility to implement an integrated data management process.

Lesson 14. Risk management

Contents: The module aims to provide a set of useful tools for the implementation of a Personal Data Management System based on risk management. In this sense it will be analyzed the role of risk in the company, the current regulatory landscape and the reference standards for the protection of personal data.  The lesson also includes a focus on compliance with Art. 32 of the GDPR, as a fundamental step to ensure the lawfulness of treatment and comply with the principle of accountability in the company.  

Lesson 15. Encryption of information

Contents: This lesson is designed to explore one of the lesser-known aspects of the GDPR, namely the possibility of pseudonymizing information through encryption techniques. The basics of cryptography will be covered, as well as the methodologies currently used, and several practical examples, from digital signature to transmission security.

Lecture 16-18. Inspections, Sanctions and Legal Action

Contents: The lessons are set on the basis of theoretical and practical concepts for the management of the relationship with the Guarantor Authority for the protection of personal data, from the management of an inspection activity, to the activities in case of judgements of the Guarantor. In particular, it will be deepened the aspects related to the inspection powers of the Authority to the operations and the activities to carry out in company in case of inspections, as well as the modalities of implementation of the sanctions of the Guarantor.

Lesson 19-22. Legal protection, dispute and privacy reputation management

Contents: The lessons provide a broad overview of the legal scenarios arising from relations with the Guarantor Authority for the protection of personal data and with the interested parties, in particular following the judgements of the same, in case of complaint or violation of personal data. There will also be an in-depth examination of the aspects linked to legal recourse to the decisions of the Authority and to the protection of the owner of the data processing, as well as those linked to the management of dispute following the Authority's pronouncements and in the case of privacy "accidents", or aspects linked to damage to the company's reputation.

Video lessons

  1. PRIVACY IN THE DIGITAL ERA AND THE GDPR
  2. PRIVACY ROLES ANDE RESPONSIBILITY
  3. THE PRINCIPLES APPLICABLE TO THE TREATEMENT OF PERSONAL DATA
  4. THE LAWFULNESS OF THE TREATEMENT OF PERSONAL DATA
  5. CONDITIONS FOR CONSENT, REVOCATION OF CONSENT AND MINORS’ DATA
  6. THE RIGHTS OF THE DATA SUBJECTS
  7. THE RIGHT TO BE FORGOTTEN
  8. INTERNATIONAL TRANSFER OF PERSONAL DATA
  9. COMMUNICATION AND TRANSPARENCY
  10. PERSONAL DATA PROTECTION MANAGEMENT SYSTEMS
  11. THE DPO AND RISK ASSESSMENT
  12. INFORMATION SECURITY E DATA MANAGEMENT – First Part
  13. INFORMATION SECURITY E DATA MANAGEMENT – Second Part
  14. DATA PROTECTION, SECURITY & RISK MANAGEMENT
  15. INTRODUCTION TO ENCRYPTION
  16. POWERS AND INSPECTIVE ACTIVITIES OF THE AUTHORITY
  17. THE INPUTS OF ACTIVITIES AND THE RESPONSIBILITY OF THE OWNER  
  18. THE GDPR SANCTIONING SYSTEM
  19. LEGA AND JURISDICTIONAL PROTECTION IN PERSONAL DATA TREATEMENT – First Part
  20. LEGA AND JURISDICTIONAL PROTECTION IN PERSONAL DATA TREATEMENT – Second Part
  21. MANAGING DISPUTES WITH THE CONCERNED PEOPLE
  22. PRIVACY “ACCIDENTS” AND COMPANY REPUTATON

Final exam:

Once all video lessons have been viewed (at least once), the student will have access to the 45-question final exam.

How to enroll:

For further information, please contact:
Dr. Marianna Leonetti
Tel. : 39 06 69207688
email: m.leonetti@uninettunouniversity.net