What are you looking for?
B2_That students know how to apply their knowledge to their job or vocation in a professional way and have the skills they demonstrate by developing and defending arguments and solving problems within their area of study
B3_Students have the ability to gather and interpret relevant data (usually within their area of study), to make judgments that include reflection on relevant social, scientific or ethical issues
B4_That students can convey information, ideas, problems and solutions to both specialized and non-specialized audiences
B5_That students have developed those learning skills necessary to undertake further studies with a high degree of autonomy
ESI2_Ability to determine the requirements of the information and communication systems of an organization, taking into account security aspects and compliance with current regulations and legislation
ESI3_Ability to actively participate in the specification, design, implementation and maintenance of information and communication systems
ESI4_Ability to understand and apply the principles and practices of organizations, so that they can act as a link between the technical and management communities of an organization and actively participate in user training
ESI5_Ability to understand and apply the principles of risk assessment and apply them correctly in the elaboration and execution of action plans
T2_That students have the ability to work as members of an interdisciplinary team either as one more member, or performing management tasks in order to contribute to developing projects with pragmatism and a sense of responsibility, making commitments taking into account the available resources
This subject will be coordinated and mostly taught by Jordi Cantenys with the collaboration of experts from the sector.
Jordi Cantenys is a technical engineer in IT, degree in law and master's degree in law. He works in data protection in the Public Administration and has served as Data Protection Delegate for different councils.
The general objective of this subject is to acquire the necessary knowledge to understand and apply privacy and data protection in the exercise of the profession of computer engineer, to acquire sufficient skills to form a team with professionals in the legal world and to know the figure of the Data Protection Delegate (DPD).
The subject will be taught in theoretical classes in which practical cases and examples will be presented. Activities and exercises will be proposed to help consolidate knowledge and to encourage teamwork.
Topic 1. Introduction to data protection for IT engineers
1.1. Privacy and Confidentiality.
1.2. Information and personal data.
1.3. Processing of personal data.
1.4. Legal regime
1.5. Main figures:
1.5.1. interested
1.5.2. Responsible for the treatment.
1.5.3. In charge of the treatment.
1.5.4. Data Protection Delegate (DPD).
1.5.5. Control authorities.
1.6. Principles relating to treatment.
1.7. Legality of data processing and collection.
1.8. Violations and penalties.
Topic 2. Data protection in information systems and communications
2.1. Data life cycle.
2.2. Information security.
2.3. proactivity
2.4. Risk management:
2.4.1. Risks, technical and organizational measures.
2.4.2. Risk analysis.
2.4.3. Data protection impact assessment.
2.4.4. Continuous improve.
2.5. Outsourcing services and data movement:
2.5.1. Service providers.
2.5.2. Transfer of data.
2.5.3. Return and destruction of information.
2.5.4. Location of data and international transfers of personal data.
2.6. Privacy by design and by default.
2.7. Personal data security breaches.
2.8. Cookies.
For a better understanding of the subject, examples and case studies will be presented during the course to encourage analysis, participation and debate.
At the end of each subject of the program there will be a mandatory delivery exercise that will help to consolidate the knowledge acquired. Each exercise will be worth 30% of the subject grade.
The evaluation of the subject will be:
The final exam will consist of five test-type questions, with a value of one point each, and an exercise in relation to the practical cases carried out during the course, with a value of 5 points. Wrong answers on the test will deduct 0,33 points. The minimum exam grade will be 5 points.
Failure to complete any of the proposed exercises will result in failure to pass the subject.