Diploma in Data Protection

Gain a clear understanding of the data protection law in Ireland including, in particular, the General Data Protection Regulation (GDPR).

Students will consider in detail the data processing principles, the rights of data subjects and the obligations on data controllers and processors. Students will also consider the role of the Data Protection Commissioner and the various enforcement procedures and penalties.

At the end of the course, students will have a firm understanding of the legal requirements in relation to data protection.

Course Content

Lecture 1
Introduction
• Outline of diploma course
• Right to privacy under international and domestic law
• Overview of the current legislative context

Lecture 2
The General Data Protection Regulation: Who, what and how
• Subject-matter and objectives
• Material and territorial scope
• Data protection principles
• Overview of specific processing situations

Lecture 3
My Data, My Rights: Rights of Data Subjects
• Provision of information and right of access
• Rights to rectify and erase data
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Restrictions

Lecture 4
Who’s in charge: Obligations on Controllers and Processors
• Data protection by design and by default
• Record-keeping
• Cooperation with the supervisory authority
• Security of data and notification of breaches
• Data protection impact assessments and prior consultation
• Data Protection Officer

Lecture 5
Free movement of data and transfers of personal data to third countries or international organisations
• General principles
• Adequacy of protection available
• Appropriate safeguards
• Binding corporate rules
• Derogations
• International cooperation

Lecture 6
Keeping a close eye: The Supervisory Authorities and the Data Protection Commissioner
• Competence
• Tasks
• Powers
• Cooperation and consistency
• European Data Protection Board

Lecture 7
Falling foul of the rules: remedies, liability and penalties
• Right to lodge a complaint
• Right to an effective judicial remedy
• Representation
• Right to compensation and liability
• Administrative fines
• Penalties

Lecture 8
Specific Processing Situations Part 1: Employers and Employees
• Vetting Prospective Employees
• Staff Surveillance
• Biometrics in the Workplace
• Transfer of Ownership of Business
• Access Requests

Lecture 9
Specific Processing Situations Part 2: Marketing
• Direct Marketing
• National Directory Database
• Publicly available information
• Unsolicited Marketing
• E-receipts

Lecture 10
Specific Processing Situations Part 3: Online and Computing
• Personal Information Online
• Data Protection and the Cloud
• Data Protection and Mobile Apps
• Data Protection and Wifi Location Analytics
• Data Protection and Social Networks
• Data Protection and BYOD

Assessment

Students must attend at least 80% of classes to graduate with either the Diploma or Certificate of Attendance unless a serious and verifiable reason for further absence is provided.

If completing the course online, attendance and participation is tracked through Moodle.

A pass grade on the written assignment will be required for awarding of the Diploma.

The assignment/project must be handed in on the due date unless a sound reason for lateness is provided. In such instances, an extension may be awarded at the discretion of the lecturer.