LEARNING OBJECTIVES
To learn about the rights of data subjects under the GDPR, to understand the obligations that the GDPR imposes on data controllers and processors, to learn about how the GDPR handles data breach and vendor management, and to understand how data can be transferred across borders.
Length: Approximately 1 hour
Written by: Professors Daniel J. Solove and Paul M. Schwartz
Instructor: Professor Daniel J. Solove
COURSE DESCRIPTION
This course provides an overview of the GDPR’s data protection responsibilities, rights of data subjects, and data transfer requirements and methods. It discusses data subject rights including transparency, access, rectification, erasure, restriction of processing, data portability, and automated decision-making, among others. The course then covers the obligations of data controllers and processors, such as having a Data Protection Officer (DPO), data protection by design and default, records of data processing activities, and data protection impact assessments (DPIA). Additionally, the course covers the GDPR’s rules for data breach notification and vendor management. The course also covers the GDPR’s approach to international data transfer as well as the various mechanisms for such transfer, such as the model contractual clauses, BCRs, and Privacy Shield.
Although this course can stand alone, it is recommended that this course be taken along with its companion course: GDPR and European Privacy Law Part I: The European System and the Structure of GDPR.
CERTIFICATE
To obtain a broad overview of privacy law, to understand the key issues involved, to learn how privacy law works, and to understand the differences and similarities between various privacy laws.
COURSE OUTLINE
About this Course
Introduction
GDPR: Rights of Data Subjects
Transparency
Right of Access
Right to Rectification
Right to Erasure
Right to Restriction of Processing
Right to Data Portability
Right to Object
Automated Decision-Making
GDPR: Obligations of Data Controllers and Processors
Data Protection Officer
Security
Data Protection by Design and Default
Records of Data Processing Activities
Data Protection Impact Assessments
When Is a DPIA Required?
What Must a DPIA Contain?
How Should a DPIA Be Conducted?
.
GDPR: Data Breach Notification
GDPR: Vendor Management
International Data Transfer
Adequate Level of Protection
Model Contractual Clauses
Binding Corporate Rules (BCRs)
Privacy Shield
Conclusion
COURSE READINGS
Required Readings
Handout: TeachPrivacy, GDPR Whiteboard
Handout: Rights of Data Subjects Under the GDPR
Handout: Obligations of Data Controllers and Processors Under the GDPR
Handout: EU-US Privacy Shield Principles
Article: Paul Schwartz & Karl Nicholaus Peifer, Transatlantic Data Privacy,
106 Geo. L. J. 115 (2017)
.
Recommended Readings
Handout: TeachPrivacy, GDPR Training Guide