Modulbeschreibung
Data Privacy
Kurzzeichen:
Unterrichtssprache:
ECTS-Credits:
Arbeitsaufwand (h):
Leitidee:
Modern forward-looking business models are data driven, like Amazon, Uber, Google, and many more. Data is the business resource of the future. This module covers the regulatory framework for data processing. Using a company case study, students will be walked through the relevant aspects of data protection with examples.
Students have an overview of global data protection regulations and ongoing developments. They will be able to correctly apply Swiss and European data protection law in their work practice as a financial or HR manager, as an IT or project manager, as a software developer or consultant or for the own Start-up. You will know the critical fields of practice.
The course provides the basis for the job profile of a data protection officer in a company or government unit and provides the skills needed for further, specific data protection certifications.
Modulverantwortung:
Lehrpersonen:
Standort (angeboten):
Zusätzliche Eingangskompetenzen:
A basic knowledge of contract law (Swiss Code of obligation) and administrative law might be helpful for the module
Modultyp:
Bemerkungen:
Workload[h]
Contact hours: 56
Independent self-study: 124
Modulbewertung:
Leistungsnachweise und deren Gewichtung
Modulschlussprüfung:
Bemerkungen zur Prüfung:
- Individual project work counts for 20%
- Group work with presentation counts for 30% of the final module grade
- The final test counts the remaining 50%
Während der Unterrichtsphase:
- Schriftliche Einzelarbeit, Gewichtung 20%
- Schriftliche Gruppenarbeit
- Präsentation in Gruppen
Bewertungsart:
Gewichtung:
Bemerkungen:
All exams are openbook and all study materials can be used.
Inhalte
Angestrebte Lernergebnisse (Abschlusskompetenzen):
Professional competences
Participants will be able to:
- Understand and apply the main provisions of the Swiss Federal Data Protection Act (FADP) and the European General Data Protection Regulation (GDPR)
- Design data transfer between companies and/or abroad in a legally compliant manner
- Understand the application of data protection regulations and further data protection developments
Methodological competences
Participants can:
- Draft a data privacy notice and legally compliant consent forms
- Conduct a data protection impact assessment (DPIA)
- Implement and manage data protection processes in the company
Self-competences
Participants can:
- Assume the role of a corporate data protection officer or responsible person for data protection
Social competences
Participants can:
- Resolve data privacy related disputes in a proportionate and risk-based manner
- Advise employees in the company or third parties on data protection issues
Modul- und Lerninhalt:
Topic area I: General provisions and basic principles
- Data privacy developments and further regulations (FADP, GDPR)
- CoE Convention 108 + Convention for the protection of individuals with regard to the processing of personal data
- Principles and lawfulness of processing
- Special categories of personal data
- Obligations of the data processor
- Rights of the data subject
Topic area II: Data processing by third parties
- Data processing order
- Standard contractual clauses
- Cloud services and contracts
- Data transfer to third parties
- Data transfer abroad
- European Union – U.S. Data Privacy Framework (lawful access) and Cloud Act
Topic area III: Employees data protection
- Data processing in HR related operations
- Recruiting and processing applicant data
- Insurance and social security data
- Monitoring Measures / video surveillance / technical surveillance
- Homeoffice
- Bring your own device
- Outsourcing of personal data processing to cloud service and/or application providers
Topic area IV: Marketing and E-Commerce
- Marketing data (CRM) and informed consent to data processing
- Addressbroker
- E-Mail Newsletter
- Customer profiling
- Web disclaimer / privacy notice
- Data processing webshop
- Social Media Marketing / Plug-ins
- Digital Signature
Topic area V: Data Security
- Technical and organisational measures
- Data breach notification
- Cyber Crime
- Cyber Insurance
- Data Privacy Impact Analysis
- Data Act
- IoT
Topic area VI: Corporate Data Privacy Officer
- Job description and responsibilities of company data protection officers
- Qualifications and training
- Data Management System / Data Privacy Audit
- Representatives of controllers or processors not established in the EU or in Switzerland
Topic area VII: Supervisory Authorities, liability and criminal provisions
- Public administration data protection and cantonal data protection laws
- Organization and duties Federal Data Privacy and Information Commissioner (FDPIC)
- Supervisory procedures in Switzerland or in the EU
- Right to lodge a complaint with a supervisory authority
- Criminal provisions
- Principles of Freedom of Information Act
- Internet crimes and Internet criminal law
Lehr- und Lernmethoden:
Training will be based on theory, practical examples and small case studies. The participants work on the topic of data subject rights as part of a project work and compare the data protection regulations in different countries in a group seminar work. Classes also include short presentations by students on individual topics.
Lehrmittel/-materialien:
Mandatory:
- Regulation (EU) 2016/679 (General Data Protection Regulation)
- Swiss Federal Act on Data Protection (FADP) and Data Protection Ordinance
- Standard Contractual Clauses (ED
Optional:
- CoE Convention 108 + Convention for the protection of individuals with regard to the processing of personal data
- California Consumer Protection Act (CCPA)
- Personal Information Protection Law (PIPL) of the Peopels Republic of China
- Trans-Atlantic Data Privacy Framework (TADPF)
- Intelligence Surveillance Act (FISA 702)