Module Privacy Risk Trust

LEARNING OBJECTIVES
To learn about the rights of data subjects under the GDPR, to understand the obligations that the GDPR imposes on data controllers and processors, to learn about how the GDPR handles data breach and vendor management, and to understand how data can be transferred across borders.

 

Length: Approximately 1 hour

Written by: Professors Daniel J. Solove and Paul M. Schwartz

Instructor: Professor Daniel J. Solove

FAQs

COURSE DESCRIPTION
This course provides an overview of the GDPR’s data protection responsibilities, rights of data subjects, and data transfer requirements and methods.  It discusses data subject rights including transparency, access, rectification, erasure, restriction of processing, data portability, and automated decision-making, among others.  The course then covers the obligations of data controllers and processors, such as having a Data Protection Officer (DPO), data protection by design and default, records of data processing activities, and data protection impact assessments (DPIA). Additionally, the course covers the GDPR’s rules for data breach notification and vendor management.  The course also covers the GDPR’s approach to international data transfer as well as the various mechanisms for such transfer, such as the model contractual clauses, BCRs, and Privacy Shield.

Although this course can stand alone, it is recommended that this course be taken along with its companion course: GDPR and European Privacy Law Part I: The European System and the Structure of GDPR. 

CERTIFICATE
To obtain a broad overview of privacy law, to understand the key issues involved, to learn how privacy law works, and to understand the differences and similarities between various privacy laws.

COURSE OUTLINE 

About this Course
Introduction
GDPR: Rights of Data Subjects

Transparency
Right of Access
Right to Rectification
Right to Erasure
Right to Restriction of Processing
Right to Data Portability
Right to Object
Automated Decision-Making

GDPR: Obligations of Data Controllers and Processors

Data Protection Officer
Security
Data Protection by Design and Default
Records of Data Processing Activities
Data Protection Impact Assessments

When Is a DPIA Required?
What Must a DPIA Contain?
How Should a DPIA Be Conducted?

.

GDPR: Data Breach Notification

GDPR: Vendor Management

International Data Transfer

Adequate Level of Protection
Model Contractual Clauses
Binding Corporate Rules (BCRs)
Privacy Shield

Conclusion

Course Outline PDF