Logo UAB

Computer and Documentary Security

Code: 101857 ECTS Credits: 6
Degree Type Year Semester
2502501 Prevention and Integral Safety and Security OB 3 1
The proposed teaching and assessment methodology that appear in the guide may be subject to changes as a result of the restrictions to face-to-face class attendance imposed by the health authorities.


Carles San José Amat

Use of Languages

Principal working language:
catalan (cat)
Some groups entirely in English:
Some groups entirely in Catalan:
Some groups entirely in Spanish:


No previous requisites are required

Objectives and Contextualisation

- Know and know how to use the main legal norms that affect computer and document security.
- Analyze and resolve specific assumptions.
- Acquire the ability to access relevant legal materials.
- Understand, prepare and manage the necessary documentation to comply with the requirements established in data protection legislation from the perspective of a Data Protection Officer.


  • Be able to adapt to unexpected situations.
  • Generate innovative and competitive proposals in research and in professional activity developing curiosity and creativity.
  • Have a general understanding of basic knowledge in the area of prevention and integral safety and security.
  • Respond to problems applying knowledge to practice.
  • Use the capacity for analysis and synthesis to solve problems.
  • Work and learn autonomously.

Learning Outcomes

  1. Be able to adapt to unexpected situations.
  2. Generate innovative and competitive proposals in research and in professional activity developing curiosity and creativity.
  3. Identify the key elements in processes to define the security policies of organisations.
  4. Respond to problems applying knowledge to practice.
  5. Use the capacity for analysis and synthesis to solve problems.
  6. Work and learn autonomously.


Teaching Unit 1
Introduction: the General Data Protection Regulation (Regulation (EU) 2016/679), the Directive on the protection of personal data in criminal matters (Directive (EU) 2016/680) and the new LOPDGDD (Organic Law 3/2018) .
1. Introduction
2. The right to data protection and regulatory background.
3. First approach to the General Data Protection Regulation (RGPD), Directive (EU) 2016/680 and the LOPDGDD.

Teaching Unit 2
1. Responsible for the Treatment
2. Manager of the Treatment
3. Data Protection Officer
4. Representative.

Didactic Unit 3
1. Principles relating to treatment.
2. Legality, loyalty, transparency, purpose, etc.
3. Special categories of data

Teaching Unit 4
1. Transparency and information
2. Access and portability
3. Suppression
4. Limitation of treatment
5. Opposition
6. Automated individual decisions (profiles)

Teaching Unit 5
1. Proactive liability
2. Data protection from design and default
3. Record of treatment activities
4. Prior consultation
5. Impact assessment of data protection
6. Security
7. Notification of security breaches

Teaching unit 6
International transfers, self-regulation and sectoral regulations.
1. International transfers
1.1. General principle and adequacy decisions
1. 2. Adequate guarantees
1.3. Binding corporate rules
1.4. Exceptions for specific situations
2. Self-regulation
2.1. Codes of conduct
2.2. Certifications
3. Sectoral regulations (video surveillance, police data processing, etc.)

Teaching unit 7
Liability regime and guarantee system
1. Control authorities
2. The sanctioning regime: infractions, sanctions and other corrective measures.
3. Rights of claim of the interested parties.


The learning process is focused on student work and the mission of the teaching staff is to help them in this task by providing information and showing them the sources where it can be obtained. The development of teaching of the subject and student training is based on the following activities:

1. Directed activities:

1.1. Master classes: in which the student obtains the conceptual bases of the subject.

1.2. Practical classes: in which the students analyze and solve together with the teacher previously elaborated practical cases. The basis of practical work is the critical understanding and application of the theory.

2. Supervised activities: These are activities that students will develop in the classroom, with the supervision and support of the teacher.

3. Autonomous activities: based on the student's resolution of practical cases


Title Hours ECTS Learning Outcomes
Type: Directed      
Clase teórica 30 1.2 1, 4, 3, 6, 5
Practical lesson 10 0.4 1, 4, 3, 6, 5
Type: Supervised      
Discussion of concrete problems 15 0.6 1, 4, 3, 5
Type: Autonomous      
Personal study 57.5 2.3 3, 6
Resolution of practical cases 37.5 1.5 1, 4, 2, 3, 6, 5


The system is for continuous evaluation.
If a student has not been able to provide sufficient evidence of assessment that allows the overall grade of the subject, it will be graded as a final grade "not assessable". This will happen if the activity carried out by the student represents less than 30% of all the evaluable activities of the subject, as indicated in this section.
If the continuous assessment is not passed, the student will be able to take the final exam and if he / she passes it, the final mark of the subject will be 5.

1. Continuous evaluation:

There will be two activities during the course, which may consist of solving test-type questions or activities with answers or solving practical cases. The weight of these two activities is 60% on the final grade.

2. Final exam:

The final test can consist of test-type questions, questions to be answered in a reasoned way or solving practical cases, or a combination of the activities mentioned. The weight of the exam is 40% on the final grade.

In case of not passing the subject in accordance with the criteria mentioned above (continuous assessment), a recovery test can be done on the date scheduled in the schedule, and which will be about all the contents of the program.

To participate in the recovery students must have been previously assessed in a set of activities, the weight of which is equivalent to a minimum of two thirds of the total grade of the subject. However, the grade that will appear in the student's transcript is a maximum of 5-Passed.

Students who need to change an assessment date must submit the application by filling out the document found in the EPSI Tutorial moodle space.

Without prejudice to other disciplinary measures deemed appropriate, and in accordance with current academic regulations, "in the event that the student commits any irregularity that may lead to a significant variation in the grade of an assessment act. , this assessmentact will be graded with a 0, regardless of the disciplinary process that may be instructed In case there are several irregularities in the assessment acts of the same subject, the final grade of this subject will be 0 ".

The tests / exams may be written and / or oral at the discretion of the teacher.

Assessment Activities

Title Weighting Hours ECTS Learning Outcomes
Delivery of exercises and works 60% 0 0 1, 4, 2, 3, 6, 5
Final exam 40% 0 0 4, 3, 5


Manuals and studies:

 Durán, B.. (2016). La figura del responsable en el derecho a la protección de datos. Madrid: Wolters Kluwer.

  • Lopez, J.. (2017). Comentarios al Reglamento Europeo de protección de datos. Madrid: Sepin.
  • Piñar, J.L. (Dir.). (2016). Reglamento general de protección de datos: hacia un nuevo modelo europeo de privacidad. Madrid: Reus.


 Constitución Española, Boletín Oficial del Estado, 311 § 31229 (1978)

  • Real Decreto 3/2010, de 8 de enero, por el que se regula el Esquema Nacional de Seguridad en el ámbito de la Administración Electrónica, Boletín Oficial del Estado, 25 § 1330.
  • Reglamento(UE) 2016/679 del Parlamento Europeo y del Consejo de 27 de abril de 2016 relativo a la protección de las personas físicas en relación al tratamiento de los datos personales y a la libre circulación de estos datos y por el que se deroga la Directiva 95/46/CE (Reglamento general de protección de datos)
  • Directiva(UE) 2016/1148 del Parlamento Europeo y del Consejo de 6 de julio de 2016 relativa a las medidas destinadas a garantizar un elevado nivel común de seguridad de las redes y sistemas de información en la Unión.
  • Ley orgánica 3/2018, de 5 de diciembre, de protección de datos personales y garantía de los derechos digitales. 

Electronic resources:

 Agencia Española de Protección de Datos: https://www.agpd.es/

Autoritat Catalana de Protecció de Dades: https://apdcat.gencat.cat/ca/inici

Agencia Vasca de Protección de Datos: https://www.avpd.euskadi.eus/s04-5213/es/

Consejo de Transparencia y Protección de Datos de Andalucía: https://www.ctpdandalucia.es/