EU-iNSPIRE

Menu

Privacy & Data Protection

──

Privacy & Data Protection

A comprehensive overview of privacy and data protection from legal, organisational, and technical perspectives. Strong focus on GDPR, privacy-by-design, and data governance frameworks applicable to EU organisations.

Main Topics
  • Privacy rights & global regulatory frameworks
  • GDPR — principles, obligations & compliance
  • Data Protection Impact Assessments (DPIA)
  • Privacy-enhancing technologies (PETs)
  • Organisational privacy governance
  • Technical data protection measures

Taking into consideration the general competences that the degree-holder must acquire (as these appear in the Diploma Supplement and appear below), at which of the following does the course aim?

  • Search for, analysis and synthesis of data and information, with the use of the necessary technology
  • Adapting to new situations
  • Decision-making
  • Working independently
  • Team work
  • Working in an international environment
  • Working in an interdisciplinary environment
  • Production of new research ideas
     
  • Project planning and management
  • Respect for difference and multiculturalism
  • Respect for the natural environment
  • Showing social, professional and ethical responsibility and sensitivity to gender issues
  • Criticism and self-criticism
  • Production of free, creative and inductive thinking

Based on the above, upon completion of the course, students are expected to be able to:

  • Conduct Data-Protection Impact Assessments (DPIAs) and interpret the results for regulatory compliance.
  • Design and review consent, notice, and breach-notification workflows that satisfy GDPR Art. 12-34.
  • Select and implement Privacy-Enhancing Technologies (PETs) such as anonymization, differential privacy, or homomorphic encryption.
  • Map international data-transfer mechanisms (SCCs, DPF, BCRs) to business processes and recommend safeguards.
  • Communicate privacy risks and remediation strategies to legal, technical and executive stakeholders.

This module aims to develop a comprehensive understanding of the principles, legal frameworks, technical measures, and governance models associated with privacy and data protection. It equips students with the analytical and practical skills necessary to assess privacy risks, implement regulatory compliance (particularly under the GDPR), and apply privacy-enhancing techniques in digital environments. The course provides a cross-disciplinary perspective integrating law, policy, and technology, preparing students for professional roles in compliance, security, data management, and ethical system design.

Upon successful completion of this module, students will be able to:

  • Understand the core concepts of privacy, the rationale for data protection, and the foundational principles of the GDPR, including lawfulness, fairness, transparency, and data minimization.
  • Interpret and compare the GDPR with other international data protection regimes, including compliance obligations and cross-border data transfer mechanisms.
  • Analyze organizational models of privacy governance, including roles of controllers, processors, and Data Protection Officers (DPOs), with emphasis on accountability and audit readiness.
  • Apply GDPR compliance measures such as consent mechanisms, lawful bases for processing, record-keeping, and breach notification procedures within real-world scenarios.
  • Design and critically assess privacy policies and notices that are clear, compliant, and user-friendly, reflecting transparency and data subject rights.
  • Conduct risk assessments to identify threats to personal data and propose mitigation strategies aligned with legal, ethical, and operational best practices.
  • Understand when DPIAs are required, how to conduct them, and how to interpret findings to ensure data processing respects fundamental rights.
  • Integrate privacy principles into system design from inception, applying techniques that ensure personal data is protected by default settings and technical configurations.
  • Evaluate the impact of AI systems on data protection, including risks of profiling, bias, and lack of transparency, and identify regulatory and ethical controls.
  • Explore key categories of PETs (e.g., anonymization, differential privacy, encryption) and assess their role in reducing data exposure and regulatory risks.
  • Design strategies to promote privacy literacy and cultivate a culture of data protection across diverse organizational contexts.
  • Understand the function of cyber insurance in mitigating financial consequences of data breaches, and its integration into broader risk management frameworks.
  • Analyze how personal data is used in digital advertising ecosystems and evaluate regulatory constraints on tracking technologies, cookies, and profiling under the GDPR and ePrivacy rules.

Students will be able to:

  • Exercise autonomy in overseeing organizational privacy governance and leading cross-functional privacy programmes.
  • Assume responsibility for balancing legal, ethical, and business requirements in complex data ecosystems.
  • Integrate privacy-by-design principles throughout the system-development life cycle and vendor supply-chain.
  • Critically evaluate emerging technologies (e.g., AI, ad-tech) and formulate organizational policy positions.
  • Mentor multidisciplinary teams on cultivating a privacy-respecting culture