Logo UAB

Data Protection and Information Security

Code: 106680 ECTS Credits: 6
2024/2025
Degree Type Year
2502501 Prevention and Integral Safety and Security OB 3

Contact

Name:
Guillermo Bello Visa
Email:
guillermo.bello@uab.cat

Teaching groups languages

You can view this information at the end of this document.


Prerequisites

There are no prerequisites.


Objectives and Contextualisation

- Know and know how to use the main legal regulations that affect the processing of personal data contained in the documents and computer systems of organizations.
- Analyze and resolve specific assumptions that arise in the management of personal data.
- Acquire the ability to access relevant legal materials.
- Understand, prepare and manage the necessary documentation to comply with the requirements established in data protection legislation, from the perspective of a Data Protection Officer or any other job with responsibilities in the processing of personal data.

Competences

  • Act with ethical responsibility and respect for fundamental rights and duties, diversity and democratic values.
  • Be able to adapt to unexpected situations.
  • Carry out analyses of preventative measures in the area of security.
  • Generate innovative and competitive proposals in research and in professional activity developing curiosity and creativity.
  • Have a general understanding of basic knowledge in the area of prevention and integral safety and security.
  • Make changes to methods and processes in the area of knowledge in order to provide innovative responses to society's needs and demands.
  • Respond to problems applying knowledge to practice.
  • Students must be capable of applying their knowledge to their work or vocation in a professional way and they should have building arguments and problem resolution skills within their area of study.
  • Students must be capable of collecting and interpreting relevant data (usually within their area of study) in order to make statements that reflect social, scientific or ethical relevant issues.
  • Students must be capable of communicating information, ideas, problems and solutions to both specialised and non-specialised audiences.
  • Students must develop the necessary learning skills to undertake further training with a high degree of autonomy.
  • Take sex- or gender-based inequalities into consideration when operating within one's own area of knowledge.
  • Use the capacity for analysis and synthesis to solve problems.
  • Work and learn autonomously.

Learning Outcomes

  1. Analyse the sex- or gender-based inequalities and the gender biases present in one's own area of knowledge.
  2. Analyse the situation and identify the points that are best.
  3. Be able to adapt to unexpected situations.
  4. Critically analyse the principles, values and procedures that govern professional practice.
  5. Design and implement recovery plans following disasters and mechanisms for contingencies.
  6. Evaluate how gender stereotypes and roles affect professional practice.
  7. Evaluate the impact of problems, prejudices and discrimination that actions or projects may include in the short or long term in relation to certain people or groups.
  8. Generate innovative and competitive proposals in research and in professional activity developing curiosity and creativity.
  9. Identify situations in which a change or improvement is needed.
  10. Identify the key elements in processes to define the security policies of organisations.
  11. Respond to problems applying knowledge to practice.
  12. Students must be capable of applying their knowledge to their work or vocation in a professional way and they should have building arguments and problem resolution skills within their area of study.
  13. Students must be capable of collecting and interpreting relevant data (usually within their area of study) in order to make statements that reflect social, scientific or ethical relevant issues.
  14. Students must be capable of communicating information, ideas, problems and solutions to both specialised and non-specialised audiences.
  15. Students must develop the necessary learning skills to undertake further training with a high degree of autonomy.
  16. Use the capacity for analysis and synthesis to solve problems.
  17. Work and learn autonomously.

Content

This subject has a seven teaching units. 

 

Didactic Unit 1

Introduction: the General Data Protection Regulation (Regulation (EU) 2016/679), the Personal Data Protection Directive in the criminal field (Directive (EU) 2016/680) and the new LOPDGDD (Organic Law 3/2018) .

1. Introduction

2. The right to data protection and regulatory background.

3. First approximation to the General Data Protection Regulation (RGPD), Directive (EU) 2016/680 and the LOPDGDD.

 

Didactic Unit 2

subjects

1. Responsible for Treatment

2. Treatment Manager

3. Data Protection Delegate

4. Representative.

 

Didactic Unit 3

Beginning

1. Principles relating to treatment.

2. Legality, loyalty, transparency, purpose, etc.

3. Special categories of data

 

Didactic Unit 4

Rights

1. Transparency and information

2. Access and portability

3. Deletion

4. Limitation of treatment

5. Opposition

6. Automated individual decisions (profiles)

 

Didactic Unit 5

Obligations

1. Proactive responsibility

2. Data protection by design and by default

3. Record of treatment activities

4. Prior consultation

5. Data Protection Impact Assessment

6. Security

7. Notification of security breaches

 

Didactic unit 6

International transfers, self-regulation and sectoral regulations.

1. International transfers

1.1. General principle and adequacy decisions

1. 2. Adequate guarantees

1.3. Binding corporate rules

1.4. Exceptions for specific situations

2. Self-regulation

2.1. codes of conduct

2.2. Certifications

3. Sectoral regulations (video surveillance, police data processing, etc.)

 

Didactic unit 7

Liability regime and guarantee system

1. Control Authorities

2. The sanctioning system: infractions, sanctions and other corrective measures.

3. Claim rights of the interested parties.


Activities and Methodology

Title Hours ECTS Learning Outcomes
Type: Directed      
Evaluation 4 0.16 1, 2, 4, 5, 6, 7, 9, 10, 12, 13, 14, 15
Theoretical and practical classes 40 1.6 1, 2, 4, 5, 6, 7, 9, 10, 12, 13, 14, 15
Type: Supervised      
Tutorials 12 0.48
Type: Autonomous      
Resolution of practical cases. Realization of works. personal study 94 3.76 1, 2, 4, 5, 6, 7, 9, 10, 12, 13, 14, 15

The methodology of this subject will be based on a dynamic and participatory model.


During the theoretical sessions (Friday) the course syllabus will be explained. Case studies will be proposed to support the theoretical explanation.


During the practical sessions (Wednesday and Saturday) the 5 PEC will be presented that must be presented the same day in the classroom


Students must properly follow the teachers' explanations in the classroom, read or study the topics suggested by the teachers, as well as participate in the class.

Teaching language: Catalan

Note: 15 minutes of a class will be set aside, within the calendar established by the center/degree, for students to fill in the teacher performance and subject evaluation surveys /module.

Annotation: Within the schedule set by the centre or degree programme, 15 minutes of one class will be reserved for students to evaluate their lecturers and their courses or modules through questionnaires.


Assessment

Continous Assessment Activities

Title Weighting Hours ECTS Learning Outcomes
Continuous evaluation activities 50% 0 0 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17
Written test that allows assessing the acquisition of knowledge by the student. 50% 0 0 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17

1. CONTINUOUS EVALUATION

Evaluation of theoretical knowledge (50% of the final grade)

There will be a single final continuous assessment test with an exam of 50 test-type questions (4 options and only one of them is correct).

It is necessary to get at least a 3.5 out of 10 in this test. Otherwise, no final mark will be obtained for this part.

Attendance at the exam is mandatory. Otherwise, no final mark will be earned for this part.

The use of any kind of documentation for the resolution of this exam is not allowed.


Assessment of practical knowledge (50% of the final mark)

A total of 5 continuous assessment tests (PECs) will be carried out. These are practical cases of an operational nature in which a situation is presented as a case, on which certain searches for information and case resolution must be carried out. Each of the continuous assessment tests represents 10% of the final grade.

It is mandatory to hand in at least 3 of the 5 continuous assessment tests proposed. Otherwise, none of the practical knowledge assessments submitted will be graded and no final mark will be achieved for this part.

It is necessary to obtain at least a 3.5 out of 10 in each of the suggested continuous assessment tests. Otherwise, it will be considered ineligible, and will have the same effects as not having presented it.

If it is not delivered within the established period, it will be understood as not presented.

The evaluation test presented must follow the structure of the document proposed in the classroom.


Final grade of continuous assessment

The final grade of the continuous assessment will be obtained from the arithmetic sum of each of the completed and valid exercises.

In order to consider it passed, a score of at least 5 out of 10 must be achieved.


2. UNIQUE ASSESSMENT

Students opting for the single assessment will take the same theory test exam as the continuous assessment (50%) and hand in a PAC summarizing all continuous assessment PACs (50%)

The date for this test and the delivery of the subject's work will be the same scheduled in the schedule for the last continuous assessment exam.

Final grade of continuous assessment

The final grade of the continuous assessment will be obtained from the arithmetic sum of each of the completed and valid exercises.

In order to consider it passed, a score of at least 5 out of 10 must be achieved.

3. RECOVERY EXAMINATION

Access to the exam
If you have not passed the continuous assessment or the single assessment, you can take the make-up exam as long as you have participated (presented), at least in two thirds of the assessment.
Goal
This exercise aims to evaluate all the contents of the subject, so it must be carried out in its entirety, without retaining part of the continuous assessment exercises.

Composition
The exercise will consist of a questionnaire of 30 multiple-choice theoretical questions.

qualification
A score of 5 out of 10 must be achieved to pass the recovery test.

In the event of passing the make-up exam, the grade obtained will be a maximum of 5, regardless of the grade obtained in the exercise.

 

4. STUDENT EVALUATION IN THE SECOND CALL OR MORE

Students who repeat the subject must take the scheduled tests and exams and hand in the subject's work on the dates indicated in the Moodle classroom.

 

5. GENERAL CONSIDERATIONS

 

not assessable

According to point 9 of article 266 of the academic regulations of the UAB, when it is considered that the student has not been able to provide sufficient evaluation evidence, this subject must be classified as non-evaluable. It will be considered non-evaluable, if 2/3 of the completed tests are not submitted.


Multiple choice questionnaire
Characteristics of all exercises in the format of a multiple-choice questionnaire, both in the continuous assessment and in other tests, for each question four answers will be proposed, of which there is always one correct answer and only one. Wrong answers will be discounted by 33%.

Oral resolution

If it is considered appropriate, some of the tests may be done orally.

Irregularities
Without prejudice to other disciplinary measures that are considered appropriate, and in accordance with current academic regulations, "in the event that any irregularity is detected that could lead to a significant variation in the rating of an evaluation act, it will be rated with a 0 (zero) this assessment act, regardless of the disciplinary process that may be instructed. In the event that several irregularities occur in the assessment acts of the same subject, the final qualification of this subject will be 0 (zero )".

If there are unforeseen circumstances that prevent the normal development of the subject, the teaching staff may modify both the methodology and the assessment of the subject.

Date change
The person who needs to change an assessment date must submit the request by completing the document found in the EPSI tutoring Moodle space.

At the time of carrying out each assessment activity, the teacher will inform the students (Moodle) of the procedure and date of review of the qualifications.

Artificial Intelligence

If during the correction there are indications that an activity or work has been done with answers assisted by artificial intelligence, the teacher can complement the activity with a personal interview to corroborate the authorship of the text.


Bibliography

Manuals and studies:

• Duran, B.. (2016). The figure of the controller in the right to data protection. Madrid: Wolters Kluwer.
• Lopez, J.. (2017). Comments to the European Data Protection Regulation. Madrid: Sepin.
• Pinar, J.L. (Dir.). (2016). General data protection regulation: towards a new European privacy model. Madrid: Reuses.
• López Calvo, J. (2018). The new regulatory framework derived from the European Data Protection Regulation (adapted to the Draft Organic Law on Data Protection of November 10, 2017”. Madrid. Wolters Kluver.

• Troncoso Reigada, A. -coordinator- (2021). "Commentary on the General Data Protection Regulation and the Organic Law on Data Protection and Guarantee of Digital Rights". Pamplona. Editorial Civitas.

Normative:

• Spanish Constitution, Official State Gazette, 311 § 31229 (1978)
• Organic Law 15/1999, on the Protection of Personal Data, Official State Gazette, 298 § 23750 (1999).
• Royal Decree 1720/2007, of December 21, which approves the regulations for the development of Organic Law 15/1999 on the protection of personal data, Official State Gazette, 17 § 979.
• Royal Decree 3/2010, of January 8, which regulates the National Security Scheme in the field of Electronic Administration, Official State Gazette, 25 § 1330.
• Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 regarding the protection of natural persons in relation to the processing of personal data and the free circulation of these data and by which the Directive 95/46/EC (General Data Protection Regulation)
• Directive (EU) 2016/680 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data by the competent authorities for prevention purposes, investigation, detection or prosecution of criminal offenses or the execution ofcriminal sanctions, and the free circulation of said data and repealing Framework Decision 2008/977/JHA of the Council.
• Organic Law 3/2018, of December 5, on the protection of personal data and guarantee of digital rights.

Electronic resources and documentation:

Spanish Data Protection Agency: https://www.agpd.es/
• Spanish Data Protection Agency, Catalan Data Protection Authority and Basque Data Protection Agency (2016). Guide to the General Data Protection Regulation for data controllers. Retrieved from http://www.agpd.es.
• Spanish Data Protection Agency, Catalan Data Protection Authority and Basque Data Protection Agency (2016). Guide for compliance with the duty to inform. Retrieved from http://www.agpd.es.
• Spanish Data Protection Agency, Catalan Data Protection Authority and Basque Data Protection Agency (2016). Guidelines for the preparation of contracts between controllers and processors. Retrieved from http://www.agpd.es.
• Spanish Data Protection Agency (2016). Guidance and guarantees in personal data anonymization procedures. Retrieved from http://www.agpd.es.
• Spanish Data Protection Agency (2018). Practical guide for Impact Assessments on data protection subject to the RGPD. Retrieved from http://www.agpd.es.

Catalan Authority for the Protection of Dades: http://apdcat.gencat.cat/
• Catalan Authority for the Protection of Dades (2017). Guide on the assessment of impact related to the protection of data to the RGPD. Retrieved from http://apdcat.gencat.cat/.


Software

No special software is required.


Language list

Name Group Language Semester Turn
(TE) Theory 1 Catalan first semester afternoon
(TE) Theory 2 Catalan first semester afternoon