Logo UAB
2021/2022

Computer and Documentary Security

Code: 104019 ECTS Credits: 6
Degree Type Year Semester
2502501 Prevention and Integral Safety and Security OB 3 1
The proposed teaching and assessment methodology that appear in the guide may be subject to changes as a result of the restrictions to face-to-face class attendance imposed by the health authorities.

Contact

Name:
Carles San José Amat
Email:
Carles.SanJose@uab.cat

Use of Languages

Principal working language:
spanish (spa)
Some groups entirely in English:
No
Some groups entirely in Catalan:
No
Some groups entirely in Spanish:
Yes

Prerequisites

No previous requisites are required

Objectives and Contextualisation

- Know and know how to use the main legal norms that affect computer and document security.
- Analyze and resolve specific assumptions.
- Acquire the ability to access relevant legal materials.
- Understand, prepare and manage the necessary documentation to comply with the requirements established in data protection legislation from the perspective of a Data Protection Officer.

Competences

  • Be able to adapt to unexpected situations.
  • Generate innovative and competitive proposals in research and in professional activity developing curiosity and creativity.
  • Have a general understanding of basic knowledge in the area of prevention and integral safety and security.
  • Respond to problems applying knowledge to practice.
  • Use the capacity for analysis and synthesis to solve problems.
  • Work and learn autonomously.

Learning Outcomes

  1. Be able to adapt to unexpected situations.
  2. Generate innovative and competitive proposals in research and in professional activity developing curiosity and creativity.
  3. Identify the key elements in processes to define the security policies of organisations.
  4. Respond to problems applying knowledge to practice.
  5. Use the capacity for analysis and synthesis to solve problems.
  6. Work and learn autonomously.

Content

Teaching Unit 1
Introduction: the General Data Protection Regulation
1. Introduction
2. The right to data protection and regulatory background of the RGPD
3. First approach to the General Data Protection Regulation

Teaching Unit 2
Subjects
1. Responsible for the Treatment
2. Manager of the Treatment
3. Data Protection Officer
4. Representative

Didactic Unit 3
Beginning
1. Principles of treatment
2. Legality
3. Special categories of data

Teaching Unit 4
Rights
1. Transparency and information
2. Access and portability
3. Suppression
4. Limitation of treatment
5. Opposition
6. Automated individual decisions (profiles)

Teaching Unit 5
Obligations
1. Proactive liability
2. Data protection from design and default
3. Record of treatment activities
4. Prior consultation
5. Impact assessment of data protection
6. Security
7. Incident reporting

Teaching unit 6
International transfers and self-regulation
1. International transfers
1.1. General principle and adequacy decisions
1. 2. Adequate guarantees
1.3. Binding corporate rules
1.4. Exceptions for specific situations
2. Self-regulation
2.1. Codes of conduct
2.2. Certifications

Methodology

The learning process focuses on the student's work and the teacher's mission is to help him in this task by providing him with information and showing him the sources where it can be achieved. The development of the teaching of the subject and the training of the student is based on the following activities:

1. Directed activities:

1.1. Master classes: in which the student obtains the conceptual bases of the subject.

2. Autonomous activities: based on the resolution by the student of practical cases

It is important to mention that the main objective of the video classes is to resolve the doubts related to the syllabus, therefore it is essential to prepare the topics before each session.

Annotation: Within the schedule set by the centre or degree programme, 15 minutes of one class will be reserved for students to evaluate their lecturers and their courses or modules through questionnaires.

Activities

Title Hours ECTS Learning Outcomes
Type: Directed      
Theorical class 5.75 0.23 1, 4, 3, 6, 5
Type: Supervised      
Discussion of concrete problems 15 0.6 1, 4, 3, 5
Evaluation 4 0.16 1, 4, 3, 5
Type: Autonomous      
Personal study 87.5 3.5 3, 6
Resolution of practical cases 37.5 1.5 1, 4, 2, 3, 6, 5
Teaching performance evaluation survey and subject / module evaluation (last class) 0.25 0.01

Assessment

The system is for continuous evaluation.
If a student has not been able to provide sufficient evidence of assessment that allows the overall grade of the subject, it will be graded as a final grade "not assessable". This will happen if the activity carried out by the student represents less than 30% of all the evaluable activities of the subject, as indicated in this section.
If the continuous assessment is not passed, the student will be able to take the final exam and if he / she passes it, the final mark of the subject will be 5.
EVALUATION SYSTEM:

1. Continuous evaluation:

There will be two activities during the course, which may consist of solving test-type questions or activities with answers or solving practical cases. The weight of these two activities is 60% on the final grade.

2. Final exam:

The final test can consist of test-type questions, questions to be answered in a reasoned way or solving practical cases, or a combination of the activities mentioned. The weight of the exam is 40% on the final grade.

In case of not passing the subject in accordance with the criteria mentioned above (continuous assessment), a recovery test can be done on the date scheduled in the schedule, and which will be about all the contents of the program.

To participate in the recovery students must have been previously assessed in a set of activities, the weight of which is equivalent to a minimum of two thirds of the total grade of the subject. However, the grade that will appear in the student's transcript is a maximum of 5-Passed.

Students who need to change an assessment date must submit the application by filling out the document found in the EPSI Tutorial moodle space.

Without prejudice to other disciplinary measures deemed appropriate, and in accordance with current academic regulations, "in the event that the student commits any irregularity that may lead to a significant variation in the grade of an assessment act. , this assessmentact will be graded with a 0, regardless of the disciplinary process that may be instructed In case there are several irregularities in the assessment acts of the same subject, the final grade of this subject will be 0 ".

The tests / exams may be written and / or oral at the discretion of the teacher.

Assessment Activities

Title Weighting Hours ECTS Learning Outcomes
Delivery of exercises and works 60% 0 0 1, 4, 2, 3, 6, 5
Final exam 40% 0 0 1, 4, 2, 3, 5

Bibliography

Manuals and studies:

  •  Durán, B.. (2016). La figura del responsable en el derecho a la protección de datos. Madrid: Wolters Kluwer.
  • Lopez, J.. (2017). Comentarios al Reglamento Europeo de protección de datos. Madrid: Sepin.
  • Piñar, J.L. (Dir.). (2016). Reglamento general de protección de datos: hacia un nuevo modelo europeo de privacidad. Madrid: Reus.
  • Troncoso, A. (Dir). (2021). Comentarios al Reglamento General de Protección de Datos y a la Ley Orgánica de Protección de Datos y Garantia de Derechos Digitales. Pamplona: Civitas. 

 Normative:

 Constitución Española, Boletín Oficial del Estado, 311 § 31229 (1978)

  • Real Decreto 3/2010, de 8 de enero, por el que se regula el Esquema Nacional de Seguridad en el ámbito de la Administración Electrónica, Boletín Oficial del Estado, 25 § 1330.
  • Reglamento(UE) 2016/679 del Parlamento Europeo y del Consejo de 27 de abril de 2016 relativo a la protección de las personas físicas en relación al tratamiento de los datos personales y a la libre circulación de estos datos y por el que se deroga la Directiva 95/46/CE (Reglamento general de protección de datos)
  • Directiva(UE) 2016/1148 del Parlamento Europeo y del Consejo de 6 de julio de 2016 relativa a las medidas destinadas a garantizar un elevado nivel común de seguridad de las redes y sistemas de información en la Unión.
  • Ley orgánica 3/2018, de 5 de diciembre, de protección de datos personales y garantía de los derechos digitales. 

Electronic resources:

 Agencia Española de Protección de Datos: https://www.agpd.es/

Autoritat Catalana de Protecció de Dades: https://apdcat.gencat.cat/ca/inici

AgenciaVasca de Protección de Datos: https://www.avpd.euskadi.eus/s04-5213/es/

Consejo de Transparencia y Protección de Datos de Andalucía: https://www.ctpdandalucia.es/

Software

No