Postgraduate Course in Data Protection and Information Security

itemID Axapta
014827
Header Image
Postgrado en Protección de Datos y Seguridad de la Información UPF-BSM
Introducció

The course at our university meets the maximum duration requirement in hours that the student must take (180h) provided for in the Certification Scheme (Section 6.3) approved by the Spanish data protection regulations and as such has been recognized by the ISMS Forum and Bureau Veritas.

It is structured through 3 large modules or domains oriented to the professional practice of lawyers and other related professions: General Data Protection Regulations (5 ECTS credits), Active Responsibility (3 ECTS credits) and Techniques for Information Security (2 ECTS credits).

Upon completion of the course, students will be able to sit the exam to become certified as an expert DPO in any of the accredited collaborating entities.

Download the program curriculum

Mòduls
Títol
General Data Protection Regulations
Matèries
Assignatures
Títol
Regulatory context
Descripció
  • Privacy and data protection on the international scene.
  • Data protection in Europe.
  • Data protection in Spain.
  • Standards and good practices.
Títol
The European Data Protection Regulation and updating of the LOPD. Fundamentals
Descripció
  • Scope of application.
  • Definitions.
  • Obliged parties.
Títol
The European Data Protection Regulation and updating of the LOPD. Principles
Descripció
  • The right/duty pairing in data protection.
  • Legality of processing.
  • Loyalty and transparency.
  • Limitation of the purpose.
  • Data minimization.
  • Accuracy.
Títol
The European Data Protection Regulation and updating of the LOPD. Legitimation
Descripció
  • Consent: granting and revocation.
  • Informed consent: purpose, transparency, preservation, information, and duty of communication to the interested party.
  • Children's consent.
  • Special categories of data.
  • Data related to criminal offences and convictions.
  • Processing that does not require identification.
  • Legal bases other than consent.
Títol
Rights of individuals
Descripció
  • Transparency and legal information.
  • Access, rectification, deletion (right to be forgotten).
  • Opposition.
  • Automated individual decisions.
  • Portability.
  • Limitation of processing.
  • Exceptions to rights.
Títol
The European Data Protection Regulation and updating of the LOPD. Compliance measures
Descripció
  • Data protection policies and their transparency.
  • Legal position of the parties. Responsibility, co-responsibility, managers, sub-manager of the processing and their representatives. Relations between them and formalization.
  • The registration of processing activities: identification and classification of data processing.
Títol
The European Data Protection Regulation and updating of the LOPD. Proactive accountability
Descripció
  • Privacy by design and by default. Fundamental principles.
  • Impact assessment related to data protection and prior consultation. High-risk processing.
  • Security of personal data. Technical and organizational security.
  • Security violations. Notification of security breaches.
  • The Data Protection Officer (DPO). Regulatory framework.
  • Codes of conduct and certifications.
Títol
The European Data Protection Regulation. Data Protection Officers (DPD, DPO or Data Privacy Officer)
Descripció
  • Designation. Decision-making process. Formalities in the appointment, renewal, and dismissal. Analysis of conflicts of interest.
  • Obligations and responsibilities. Independence. Identification and reporting to management.
  • Procedures. Collaboration, prior authorizations, relationship with interested parties and claims management.
  • Communication with the data protection authority.
  • Professional competence. Negotiation. Communication. Budgets.
  • Training.
  • Personal skills, teamwork, leadership, team management.
Títol
The European Data Protection Regulation and updating of the LOPD. International data transfers
Descripció
  • The adequacy decision system.
  • Transfers through adequate guarantees.
  • Binding Corporate Rules.
  • Exceptions.
  • Authorization of the control authority.
  • Temporary suspension.
  • Contractual clauses.
Títol
The European Data Protection Regulation and updating of the LOPD. Control Authorities
Descripció
  • Control Authorities.
  • Powers.
  • Sanctions regime.
  • European Committee for Data Protection.
  • Procedures followed by the AEPD.
  • Jurisdictional protection.
  • The right to compensation.
Títol
GDPR interpretation guidelines
Descripció
  • Guides  to GT Article 29.
  • Opinions of the European Data Protection Committee.
  • Criteria of jurisdictional bodies.
Títol
Sectoral regulations affected by data protection
Descripció
  • Sanitary, Pharmaceutical, and Research Company.
  • Protection of minors.
  • Equity Solvency.
  • Telecommunications.
  • Video surveillance.
  • Insurance.
  • Advertising, etc.
Títol
Spanish regulations with data protection implications
Descripció
  • LSSI, Law 34/2002, of 11 July, on services for the information society and electronic commerce in Spain
  • LGT, Law 9/2014, of 9 May, General Telecommunications
  • E-signature Law, Law 59/2003, of 19 December, on electronic signatures
Títol
European regulations with data protection implications
Descripció
  • e-Privacy Directive: Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002, on the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) or e-Privacy Regulation when approved.
  • Directive 2009/136/EC of the European Parliament and of the Council, of 25 November 2009, which modifies Directive 2002/22/EC on universal service and the rights of users in relation to networks and electronic communications services, Directive 2002/58/EC on the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No. 2006/2004 on cooperation in the field of consumer protection.
  • Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by the competent authorities for the purposes of prevention, investigation, detection, or prosecution of criminal offences or the execution of criminal sanctions, and the free circulation of said data and by which the Framework Decision 2008/977/JHA of the Council is repealed.
Títol
Information regarding the AEPD Scheme
Assignatures
Títol
Hours of dedication: 125 hours – 5 ECTS.
Descripció

Teachers: Antoni Rubí-Puig (1.1, 1.2, 1.3, 1.6, 1.11, 1.13, 1.14), Daniel Urbán (1.7), Carles San José (1.10), Esther Farnós (1.4), Rosa Milà (1.5), Sergi Gálvez (1.8), Daniel Caccamo (1.9), Jorge Monclús (1.12), Arnau Florensa (1.12)

Títol
Active Responsibility
Matèries
Assignatures
Títol
Analysis and risk management of personal data processing
Descripció
  • Introduction. General framework for risk assessment and management. General concepts.
  • Risk evaluation. Inventory and valuation of assets. Inventory and assessment of threats. Existing safeguards and assessment of their protection. Resulting risk.
  • Risk management. Concepts. Implementation. Selection and assignment of safeguards to threats. Protection assessment. Residual risk, acceptable risk, and unacceptable risk.
Títol
Risk analysis and risk management methodologies
Títol
Data Protection and Security compliance program in an organization
Descripció
  • The design and implementation of the data protection program in the context of the organization.
  • Objectives of the compliance program.
  • Accountability: the traceability of the compliance model.
Títol
Information security
Descripció
  • Regulatory framework. National Security Scheme and NIS directive: Directive (EU) 2016/1148 relating to measures aimed at guaranteeing a high common level of security for information networks in the Union. Scope of application, objectives, main elements, basic principles, and minimum requirements.
  • Cybersecurity and governance of personal data. Generalities, Mission, effective governance of Information Security (IS). Concepts of IS. Scope. IS government metrics. State of IS. IS strategy.
  • Implementation of data protection. Security by design and by default. The life cycle of Information Systems. Integration of security and privacy in the life cycle. Quality control of IS.
Títol
Data Protection Impact Assessment (DPIA)
Descripció
  • Introduction and fundamentals of DPIA: origin, concept and characteristics of DPIA. Scope and need. Standards.
  • Carrying out an impact assessment. Preparatory and organizational aspects, analysis of the need to carry out the evaluation, and prior consultations.
Títol
Information regarding the AEPD Scheme
Assignatures
Títol
Hours of dedication: 75 hours – 3 ECTS.
Descripció

Teachers: Genís Margarit (2.1, 2.2, 2.3, 2.4, 2.5)

Títol
Techniques for Information Security
Matèries
Assignatures
Títol
The data protection audit
Descripció
  • The audit process. General questions and approximation. Basic characteristics.
  • Preparation of the audit report. Basic aspects and importance of the data protection officer report.
  • Execution and monitoring of corrective actions.
Títol
Information Systems Audit
Descripció
  • The Audit Function in Information Networks. Basic concepts. IS D25 Standards and Guidelines in a professional environment.
  • Internal control and continuous improvement. Good practices. Integration of data protection in the IS audit.
  • Planning, execution, and monitoring.
Títol
The management of the security of processing
Descripció
  • National Security Scheme, ISO/IEC 27001:2013 (UNE ISO/IEC 27001:2014: Requirements of Information Security Management Systems, ISMS).
  • Asset Security Management. Logical and procedural security. Security applied to IT and documentation.
  • Disaster Recovery and Business Continuity. Protection of technical and documentary assets. Planning and Management of Disaster Recovery.
Títol
Other knowledge
Descripció
  •  
  • Cloud computing.
  • Smartphones.
  • Internet of things (IoT).
  • Big data and profiling.
  • Social media.
  • User tracking technologies.
  • Blockchain and latest technologies.
  •  
Títol
Information regarding the AEPD Scheme
Assignatures
Títol
Hours of dedication: 50 hours – 2 ECTS.
Descripció

Teachers: Genís Margarit (3.1, 3.2, 3.3), Ana Maria Freire (3.4), Albert Bel (3.4), Carlos Gómez (3.4).

Títol
Note on the Curriculum
Matèries
Títol
The information contained in these pages is for information purposes only and may be subject to change in the adaptation of each academic year. The definitive guide will be available to students in the virtual space before the start of each subject.
Titulació que s'obté

Once you have passed the program, you will obtain an electronic degree (e-Título) for Curso de Postgrado en Protección de Datos y Seguridad de la Información, issued by Pompeu Fabra University.

The e-Título is an authentic digital degree, issued in pdf format and electronically signed, with the same legal validity as if it were in paper format.

Activitats formatives complementaries

The Postgraduate Course in Data Protection and Information Security also includes the possibility of participating in practical activities and activities for personal and professional growth such as:

  • UPF-BSM Inside: is a group of interdisciplinary subjects (applied data, communication, creativity, innovation and project management, sustainability and leadership among others) that, if you take this program, you can access at no additional cost. They are 100% online and you can take them throughout the academic year at your own pace, as they have been designed as self-study subjects.
Qui pot aplicar

You must be a university graduate or a higher graduate.

Other students without the required university degree may take part in the selection process for the data protection course by virtue of their academic or professional merits and the place of work they occupy

Those students who do not have Spanish as one of their mother tongues or who did not have it as a teaching language in their training studies, must prove during the enrolment period that they have at least a B2 level of Spanish (Common European Framework of Reference), as well as fluently take part in a personal interview with the academic director, if necessary.

Introducció

Our admission process consists of a rigorous evaluation of each application to preserve the quality of the group as well as the training, experience, and work capacity of all students.

Introducció

The UPF Barcelona School of Management offers you different means of financing so that you can take any of our programs without worry. We offer you the opportunity to finance part of your program, either by rewarding your talent through scholarships, through grants from entities dedicated to promoting education or through collaboration agreements with financial entities.

Introducció

The credits of the degree prepare you following the AEPD certification scheme and, with the help of the teachers, they provide you with the tools and legal and technical skills to develop the functions inherent to the role of Data Protection Officer (DPO).

Descripció llarga (part visible)

The Postgraduate Course in Data Protection and Information Security from Pompeu Fabra University, taught by the UPF Barcelona School of Management, provides you with both education and the tools and legal skills necessary to develop with total transparency the functions corresponding to the data protection officer of a company or organization, both public and private in companies inside and outside Spain.

Dades destacades
Text

Average age

Dada
42
Text

Previous training in Law

Dada
81%
Descripció llarga (mostrar més)

As a result of the entry into force of the General Data Protection Regulations (GDPR), on May 25, 2018, which reinforces privacy and provides for a legal regime for the protection of uniform personal data in the European Union, a proactive responsibility model for professional practice has been imposed which means that those responsible for data processing must apply the technical and organizational measures necessary to ensure compliance with the regulations, and also demonstrate a commitment to the protection of the personal data of interested parties.

The course on Data Protection complies with the duration requirement for hours foreseen in the certification scheme (Section 6.3) approved by the Spanish Data Protection Agency on June 13, 2018 and as such has been recognized by the Certification Institution ISMS Forum and the Certification Institution Bureau Veritas.

Once the course has finished, the students will be able to take the exam to obtain certification as a DPO in any of the authorized certifying entities.

Introducció

Due to the number of credits of the university program on Data Protection, there is not an option to undertake extracurricular internships. The Postgraduate course complies with the duration requirement for hours foreseen in the certification scheme (Section 6.3) approved by the Spanish Data Protection Agency of 13 June 2018 and as such has been recognized by the Certification Institution ISMS Forum and by the Certification Institution Bureau Veritas.

Once the course is completed, students will be able to take the exam to obtain the DPD certification under the AEPD Certification Scheme.

Especialitzacions
Per què triar aquest programa
Títol
Gain access to training endorsed by the Spanish Data Protection Agency
Text

The contents of the program comply with the legal requirement of duration in hours that the students must pass provided for in the Certification Scheme (Section 6.3) approved by the Spanish data protection regulations and as such has been recognized by the Certification Institution Bureau Veritas and by the Certification Institution ISMS Forum.

Títol
Get applied knowledge
Text

This postgraduate prepares you to transparently identify if a certain legal activity, which involves personal data, complies with the GDPR and other applicable regulations, providing the technical and organizational knowledge to be able to comply with the provisions of the GDPR and other regulations applicable for lawyers and other professionals in the sector.

Títol
Learn from a multidisciplinary teaching team
Text

A multidisciplinary team of teachers provides students with the legal knowledge necessary to train both in the field of law and in information and communication technologies.

Títol
Functions in great demand
Text

The program prepares you at a professional level to develop the role of Data Protection Officer (DPO) in a company, one of the essential functions in any public or private organization.

Text (a qui va dirigit)

The Postgraduate Course in Data Protection and Information Security is aimed at those professionals (jurists, lawyers, engineers, and graduates in related disciplines) who already exercise or want to exercise the function of Data Protection Officer in companies within and outside of Spain, who want to specialize in the management of personal data, and/or want to be certified as a Data Protection Officer.

Text (acreditacions)

This course meets the maximum duration requirement in hours that the student must take (180h) provided for in the Certification Scheme (section 6.3) approved by the Spanish data protection regulations and as such has been recognized by the Certification Institution ISMS Forum (certificate) and by the Certification Institution Bureau Veritas (certificate). The UPF Barcelona School of Management complies with the Responsible Declaration and the Code of Ethics required by the Spanish Agency for Data Protection.

The course takes place On campus and Live and consists of 10 ETCS credits, which are equivalent to 250 hours of student dedication. According to the provisions of the AEPD-DPD scheme, 125 hours correspond to domain 1 (General data protection regulations, 5 ECTS), 75 hours to domain 2 (Active responsibility, 3 ECTS) and 50 hours to domain 3 (Techniques to guarantee compliance with data protection regulations and other knowledge, 2 ECTS).

 

Perfil de l'estudiant

Students who register are mainly senior, with several years of professional experience in law firms and in positions related to the data protection officer and of local origin. Students come mainly from the area of Law, although there are also profiles from other areas such as Economics, Business Administration and Management, Political Science, and Public Administration, as well as technology and communications. Students usually have some experience and knowledge as a DPO.

Introducció

Students receive interdisciplinary training given by lawyers and other law professionals from Pompeu Fabra University and experts in data protection, as well as in information and communication technology.

Carrussel metodologia
Títol
Theoretical basis
Text

The program of our university offers the student a theoretical basis on the role of the data protection officer through the modules or domains that make up its study plan, necessary for the optimal acquisition of knowledge and skills by the student who wishes to gain access to an expert position.

Títol
Practical cases
Text

Together with the theoretical base taught by the teachers, the learning about data protection is strongly based on the resolution of problems by the student, through the discussion of hypothetical cases and the decisions of courts and data protection agencies.

Títol
Active student participation
Text

The educational methodology of the program implies an active participation by the student in an expert educational environment made up of criminal law professionals and information technology professionals.

Títol
Adheres to the certification scheme
Text

Both the content of data protection and its structure adhere to the Certification Scheme proposed by the AEPD, so that at the end of the postgraduate course, the participant does not have any difficulty in passing the certification exam as a DPO and accessing professions such as that of lawyer.

Descripció

The evaluation of the different modules or domains that make up the postgraduate education program follows the guidelines set out by the AEPD Certification Scheme so that the course meets the requirements, and the students can take the certification exam and undertake professional practice as lawyers.

The three domains will be evaluated separately. Consequently, each student will have a separate grade for each of them. The value of each of the evaluations on the course is the following: Domain 1 (50%); Domain 2 (34%); and Domain 3 (16%).

The evaluation of the different Domains will consist of the following:

  1. General legal regulations on data protection: carrying out a multi-answer test of between 30 and 40 questions, on the different aspects discussed in the classes.
  2. Proactive responsibility: group realization of a practical case and presentation of its defence.
  3. Techniques for data protection: carrying out a multi-answer test of between 20 and 25 questions, on the different aspects discussed in the classes.
     

Any student who fails one of the domains will be able to carry out a recovery activity. Exceptionally, in the case of having obtained a grade higher than 4 and lower than 5 in one of the domains, the student may compensate the grade with the grades obtained in the other domains. It is necessary to obtain, at least, a 5 as a global postgraduate mark to pass it. Likewise, it is necessary to have attended 80% of the sessions.

Llistat de sortides professionals
  • Data Protection Officer in any organization or company of a public or private nature, inside or outside of Spain.
Ajuts disponibles
UPF Employee Discounts
Procés d'admissió
Other certificates
Eines
On-Campus&Live
Introducció

Completely face-to-face mode of education. It includes theoretical and practical training by teachers using the discussion of simulated cases and the active participation of the student.

Ocultar curs dels resultats de cerca
Desactivado
Activar Banner
Off
Mostrar banner Projecció Professional
Off
Activar mòdul de finançament
Off
Descripció curta

The Postgraduate Course in Data Protection and Information Security provides students with both legal and technical tools, and skills to develop with full transparency the functions inherent to the role of Data Protection Officer (DPO) and the management of personal data in companies and law firms inside and outside of Spain.

Carrussel segells acreditacions
CPD - ISMS Forum
CPD - Bureau Veritas
Afegir text customitzat (opcional)
Afegir text customitzat (opcional)
Afegir text customitzat (opcional)
Títol
Collaborating faculty
Text
  • Albert Bel
    Engineer in Telecommunication.
    Pompeu Fabra University Lecturer. Department of Information Technologies and Communications.
  • Esther Farnós
    Professor of civil law at UPF.
  • Arnau Florensa
    Graduated in Law. Pompeu Fabra University Lawyer specialized in Data Protection and Privacy
  • Daniel Caccamo
    Attorney. Legal advice on innovation and privacy at CaixaBank. Specialist in personal data protection.
  • Sergi Galvez
    Graduated in Law. Pompeu Fabra University-Master in Law. Esade Business & Law school.
    Cuatrecasas. Associate Department of Intellectual Property and Data Protection
  • Rosa Milà
    Law degree and LL.M. in Private and Business Law from Pompeu Fabra University.
  • Jorge Monclús
    Senior partner attorney of the Intellectual Property and Information Technology department at Cuatrecasas.
  • Genís Margarit
    Technological security auditor and cybersecurity consultant. Telecommunications Engineer and Electronic Systems Engineer.
  • Carles San José
    Head of inspection of the Catalan Data Protection Agency (ACPD). (TBC)
  • Daniel Urbán
    Bachelor of Laws. Universidad de Barcelona
    Director of Corporate Counsel. TYPEFORM, SL
Afegir text customitzat (opcional)
Afegir text customitzat (opcional)
Afegir text customitzat (opcional)
Afegir text customitzat (opcional)
Título en FRONT

Postgraduate Course in Data Protection and Information Security

Imatge per compartir a xarxes socials (OG:image)
Tags estudi
DPO
OLPD
Sol·licita informació via Hubspot
Off
Sessió informativa via Hubspot
Off
Duración
2.00Months
Preu
2500.00€
Créditos
10.00ECTS
Data inici programa
Tipo
Courses
Área
Tech, Data & Innovation
Modalidad
On-campus
Turno
Afternoons
Idioma programa
Spanish