Prochaines sessions
Programme
I. Introduction to European Data Protection
- A. Origins and Historical Context of Data Protection Law
- Rationale for data protection
- Human rights laws
- Early laws and regulations
- The need for a harmonised European approach
- The Treaty of Lisbon
- A modernised framework
- B. European Union Institutions
- Council of Europe
- European Court of Human Rights
- European Parliament
- European Commission
- European Council
- European Court of Justice
- C. Legislative Framework
- The Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data of 1981 (The CoE Convention)
- The EU Data Protection Directive (95/46/EC)
- The EU Directive on Privacy and Electronic Communications (2002/58/EC) – as amended
- The EU Directive on Electronic Commerce (2000/31/EC)
- European data retention regimes
- The General Data Protection Regulation (GDPR) and related legislation
II. European Data Protection Law and Regulation
- A. Data Protection Concepts
- Personal data
- Sensitive personal data
- Pseudonymous and anonymous data
- Processing
- Controller
- Processor
- Data subject
- B. Territorial and Material Scope of the General Data Protection Regulation
- Establishment in the EU
- Non-establishment in the EU
- C. Data Processing Principles
- Fairness and lawfulness
- Purpose limitation
- Proportionality
- Accuracy
- Storage limitation
- Integrity and confidentiality
- D. Lawful Processing Criteria
- Consent
- Contractual necessity
- Legal obligation, vital interests and public interest
- Legitimate interests
- Special categories of processing
- E. Information Provision Obligations
- Transparency principle
- Privacy notices
- Layered notices
- F. Data Subjects’ Rights
- Access
- Rectification
- Erasure and the right to be forgotten (RTFBF)
- Restriction and objection
- Automated decision making, including profiling
- Data portability
- Restrictions
- G. Security of Personal Data
- Appropriate technical and organisational measures
- Breach notification
- Vendor Management
- H. Accountability Requirements
- Responsibility of controllers and processors
- Data protection by design and by default
- Documentation and cooperation with regulators
- Data protection impact assessment
- Mandatory data protection officers
- I. International Data Transfers
- Rationale for prohibition
- Safe jurisdictions
- Safe Harbor and Privacy Shield
- Model contracts
- Binding Corporate Rules (BCRs)
- Codes of Conduct and Certifications
- Derogations
- J. Supervision and enforcement
- Supervisory authorities and their powers
- The European Data Protection Board
- Role of the European Data Protection Supervisor (EDPS)
- K. Consequences for GDPR violations
- Process and procedures
- Infringements and fines
- Data subject compensation
III. Compliance with European Data Protection Law and Regulation
- A. Employment Relationship
- Legal basis for processing of employee data
- Storage of personnel records
- Workplace monitoring and data loss prevention
- EU Works councils
- Whistleblowing systems
- ‘Bring your own device’ (BYOD) programs
- B. Surveillance Activities
- Surveillance by public authorities
- Interception of communications
- Closed-circuit television (CCTV)
- Geolocation
- C. Direct Marketing
- Telemarketing
- Direct marketing
- Online behavioural targeting
- D. Internet Technology and Communications
- Cloud computing
- Web cookies
- Search engine marketing (SEM)
- Social networking services