Logo UAB
2022/2023

Data Protection and Information Security

Code: 106684 ECTS Credits: 6
Degree Type Year Semester
2502501 Prevention and Integral Safety and Security OB 3 1

Contact

Name:
Carles San José Amat
Email:
carles.sanjose@uab.cat

Use of Languages

Principal working language:
spanish (spa)
Some groups entirely in English:
No
Some groups entirely in Catalan:
No
Some groups entirely in Spanish:
Yes

Other comments on languages

The classes will be held in sppanish, and the activities the student can do in Catalan or Spanish.

Prerequisites

There are no prerequisites.

Objectives and Contextualisation

- Know and know how to use the main legal regulations that affect the processing of personal data contained in the documents and computer systems of organizations.
- Analyze and resolve specific assumptions that arise in the management of personal data.
- Acquire the ability to access relevant legal materials.
- Understand, prepare and manage the necessary documentation to comply with the requirements established in data protection legislation, from the perspective of a Data Protection Officer or any other job with responsibilities in the processing of personal data.

Competences

  • Act with ethical responsibility and respect for fundamental rights and duties, diversity and democratic values.
  • Be able to adapt to unexpected situations.
  • Carry out analyses of preventative measures in the area of security.
  • Generate innovative and competitive proposals in research and in professional activity developing curiosity and creativity.
  • Have a general understanding of basic knowledge in the area of prevention and integral safety and security.
  • Make changes to methods and processes in the area of knowledge in order to provide innovative responses to society's needs and demands.
  • Respond to problems applying knowledge to practice.
  • Students must be capable of applying their knowledge to their work or vocation in a professional way and they should have building arguments and problem resolution skills within their area of study.
  • Students must be capable of collecting and interpreting relevant data (usually within their area of study) in order to make statements that reflect social, scientific or ethical relevant issues.
  • Students must be capable of communicating information, ideas, problems and solutions to both specialised and non-specialised audiences.
  • Students must develop the necessary learning skills to undertake further training with a high degree of autonomy.
  • Take sex- or gender-based inequalities into consideration when operating within one's own area of knowledge.
  • Use the capacity for analysis and synthesis to solve problems.
  • Work and learn autonomously.

Learning Outcomes

  1. Analyse the sex- or gender-based inequalities and the gender biases present in one's own area of knowledge.
  2. Analyse the situation and identify the points that are best.
  3. Be able to adapt to unexpected situations.
  4. Critically analyse the principles, values and procedures that govern professional practice.
  5. Design and implement recovery plans following disasters and mechanisms for contingencies.
  6. Evaluate how gender stereotypes and roles affect professional practice.
  7. Evaluate the impact of problems, prejudices and discrimination that actions or projects may include in the short or long term in relation to certain people or groups.
  8. Generate innovative and competitive proposals in research and in professional activity developing curiosity and creativity.
  9. Identify situations in which a change or improvement is needed.
  10. Identify the key elements in processes to define the security policies of organisations.
  11. Respond to problems applying knowledge to practice.
  12. Students must be capable of applying their knowledge to their work or vocation in a professional way and they should have building arguments and problem resolution skills within their area of study.
  13. Students must be capable of collecting and interpreting relevant data (usually within their area of study) in order to make statements that reflect social, scientific or ethical relevant issues.
  14. Students must be capable of communicating information, ideas, problems and solutions to both specialised and non-specialised audiences.
  15. Students must develop the necessary learning skills to undertake further training with a high degree of autonomy.
  16. Use the capacity for analysis and synthesis to solve problems.
  17. Work and learn autonomously.

Content

 

This subject has a six teaching units.

 

Didactic Unit 1

Introduction: the General Data Protection Regulation (Regulation (EU) 2016/679), the Personal Data Protection Directive in the criminal field (Directive (EU) 2016/680) and the new LOPDGDD (Organic Law 3/2018) .

1. Introduction

2. The right to data protection and regulatory background.

3. First approximation to the General Data Protection Regulation (RGPD), Directive (EU) 2016/680 and the LOPDGDD.

 

Didactic Unit 2

subjects

1. Responsible for Treatment

2. Treatment Manager

3. Data Protection Delegate

4. Representative.

 

Didactic Unit 3

Beginning

1. Principles relating to treatment.

2. Legality, loyalty, transparency, purpose, etc.

3. Special categories of data

 

Didactic Unit 4

Rights

1. Transparency and information

2. Access and portability

3. Deletion

4. Limitation of treatment

5. Opposition

6. Automated individual decisions (profiles)

 

Didactic Unit 5

Obligations

1. Proactive responsibility

2. Data protection by design and by default

3. Record of treatment activities

4. Prior consultation

5. Data Protection Impact Assessment

6. Security

7. Notification of security breaches

 

Didactic unit 6

International transfers, self-regulation and sectoral regulations.

1. International transfers

1.1. General principle and adequacy decisions

1. 2. Adequate guarantees

1.3. Binding corporate rules

1.4. Exceptions for specific situations

2. Self-regulation

2.1. codes of conduct

2.2. Certifications

3. Sectoral regulations (video surveillance, police data processing, etc.)

 

Methodology

The theoretical classes consist of explaining the key concepts of each unit, always accompanied by examples to facilitate understanding, facilitating student participation and debate.

The practical classes consist of solving practical situations raised by the teacher on aspects previously worked on in the theoretical classes.

Tutorials with teachers will be arranged by email.

Note: 15 minutes of a class will be reserved, within the calendar established by the center/degree, for the students to complete the surveys to evaluate the performance of the teaching staff and the evaluation of the subject/module.

Annotation: Within the schedule set by the centre or degree programme, 15 minutes of one class will be reserved for students to evaluate their lecturers and their courses or modules through questionnaires.

Activities

Title Hours ECTS Learning Outcomes
Type: Directed      
Evaluation 4 0.16 4, 1, 2, 5, 10, 9, 15, 14, 12, 13, 6, 7
Theoretical and practical classes 12 0.48 4, 1, 2, 5, 10, 9, 15, 14, 12, 13, 6, 7
Type: Supervised      
Tutorials 24 0.96
Type: Autonomous      
Resolution of practical cases. Realization of works. personal study 110 4.4 4, 1, 2, 5, 10, 9, 15, 14, 12, 13, 6, 7

Assessment

Continuous evaluation: 4 practical activities will be carried out, on the contents previously worked on, which will have a teacher rating along with a brief comment.

Final written or oral test: It can consist of a multiple choice exam, of theoretical questions about the contents studied, or of practical case studies.

RE-EVALUATION

In case of not passing the subject according to the aforementioned criteria (continuous evaluation), a recovery test may be done on the date scheduled in the schedule, and it will cover the entire contents of the program.

To participate in the reassessment the students must have been previously evaluated of a set of activities, the weight of which equals a minimum of two-thirds of the total grade of the subject. However, the qualification that will consist of the student's file is a maximum of 5-Approved.

Students who need to change an evaluation date must present the justified request by filling in the document that you will find in the moodle space of Tutorial EPSI.

PLAGIARISM

Without prejudice to other disciplinary measures deemed appropriate, and in accordance with current academic regulations, "in the event that the student makes any irregularity that could lead to a significant variation in the grade of an evaluation act, it will be graded with a 0 This evaluation act, regardless of the disciplinary process that can be instructed In case of various irregularities occur in the evaluation acts of the same subject, the final grade of this subject will be 0 ".

The tests / exams may be written and / or oral at the discretion of the teaching staff.

Assessment Activities

Title Weighting Hours ECTS Learning Outcomes
Continuous evaluation activities 50% 0 0 3, 4, 1, 2, 5, 11, 8, 10, 9, 15, 14, 12, 13, 17, 16, 6, 7
Written test that allows assessing the acquisition of knowledge by the student. 50% 0 0 3, 4, 1, 2, 5, 11, 8, 10, 9, 15, 14, 12, 13, 17, 16, 6, 7

Bibliography

Manuals and studies:

• Duran, B.. (2016). The figure of the controller in the right to data protection. Madrid: Wolters Kluwer.
• Lopez, J.. (2017). Comments to the European Data Protection Regulation. Madrid: Sepin.
• Pinar, J.L. (Dir.). (2016). General data protection regulation: towards a new European privacy model. Madrid: Reuses.
• López Calvo, J. (2018). The new regulatory framework derived from the European Data Protection Regulation (adapted to the Draft Organic Law on Data Protection of November 10, 2017”. Madrid. Wolters Kluver.

• Troncoso Reigada, A. -coordinator- (2021). "Commentary on the General Data Protection Regulation and the Organic Law on Data Protection and Guarantee of Digital Rights". Pamplona. Editorial Civitas.

Normative:

• Spanish Constitution, Official State Gazette, 311 § 31229 (1978)
• Organic Law 15/1999, on the Protection of Personal Data, Official State Gazette, 298 § 23750 (1999).
• Royal Decree 1720/2007, of December 21, which approves the regulations for the development of Organic Law 15/1999 on the protection of personal data, Official State Gazette, 17 § 979.
• Royal Decree 3/2010, of January 8, which regulates the National Security Scheme in the field of Electronic Administration, Official State Gazette, 25 § 1330.
• Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 regarding the protection of natural persons in relation to the processing of personal data and the free circulation of these data and by which the Directive 95/46/EC (General Data Protection Regulation)
• Directive (EU) 2016/680 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data by the competent authorities for prevention purposes, investigation, detection or prosecution of criminal offenses or the execution ofcriminal sanctions, and the free circulation of said data and repealing Framework Decision 2008/977/JHA of the Council.
• Organic Law 3/2018, of December 5, on the protection of personal data and guarantee of digital rights.

Electronic resources and documentation:

Spanish Data Protection Agency: https://www.agpd.es/
• Spanish Data Protection Agency, Catalan Data Protection Authority and Basque Data Protection Agency (2016). Guide to the General Data Protection Regulation for data controllers. Retrieved from http://www.agpd.es.
• Spanish Data Protection Agency, Catalan Data Protection Authority and Basque Data Protection Agency (2016). Guide for compliance with the duty to inform. Retrieved from http://www.agpd.es.
• Spanish Data Protection Agency, Catalan Data Protection Authority and Basque Data Protection Agency (2016). Guidelines for the preparation of contracts between controllers and processors. Retrieved from http://www.agpd.es.
• Spanish Data Protection Agency (2016). Guidance and guarantees in personal data anonymization procedures. Retrieved from http://www.agpd.es.
• Spanish Data Protection Agency (2018). Practical guide for Impact Assessments on data protection subject to the RGPD. Retrieved from http://www.agpd.es.

Catalan Authority for the Protection of Dades: http://apdcat.gencat.cat/
• Catalan Authority for the Protection of Dades (2017). Guide on the assessment of impact related to the protection of data to the RGPD. Retrieved from http://apdcat.gencat.cat/.

Software

No special software is required.