DATA PROTECTION LAWS

Introduces key European data protection laws and regulatory bodies, describing the evolution toward a harmonised legislative framework.

PERSONAL DATA

Defines and differentiates between certain types of data, including personal, anonymous, pseudo-anonymous and special categories.

CONTROLLERS AND PROCESSORS

Describes the role and relationships of controllers and processors.

PROCESSING PERSONAL DATA

Defines data processing and GDPR processing principles, explains the application of the GDPR and outline the legitimate bases for processing personal data.

DATA SUBJECT RIGHTS

Describes data subject rights, applications of rights, and controller and processor obligations as set out in the GDPR.

DATA SUBJECTS’ RIGHTS

Describes data subjects’ rights, applications of rights and controller and processor obligations.

INTERNATIONAL DATA TRANSFERS

Outlines options and obligations under the GDPR for transferring data outside the European Economic Area, including adequacy decisions and appropriate safeguards and derogations.

COMPLIANCE CONSIDERATIONS

Discusses the applications of European data protection laws, legal bases and compliance requirements for processing personal data in practice, including employers processing employee data,  surveillance, direct marketing,
and internet technology and communications.

SECURITY OF PROCESSING

Discusses considerations and duties of controllers and processors for ensuring security of personal data and GDPR specifications for providing notification of data breaches.

ACCOUNTABILITY

Investigates accountability requirements, including data protection management systems, data protection impact
assessments, data  protection policies and the role of the data protection officer.

SUPERVISION AND ENFORCEMENT

Describes the role, powers and procedures of supervisory authorities; the composition and tasks of the European Data Protection Board; the role of the European Data Protection Supervisor; and remedies, liabilities and penalties for noncompliance as set out in the GDPR.

INTRODUCTION TO PRIVACY PROGRAM MANAGEMENT

Identifies privacy program management responsibilities and describes the role of accountability in privacy program management.

PRIVACY PROGRAM FRAMEWORK: PRIVACY GOVERNANCE

Examines considerations for developing and implementing a privacy and data protection program, including the position of the privacy function, role of the data protection officer, program scope and charter, privacy strategy, privacy frameworks, and support and ongoing involvement of key functions.

PRIVACY PROGRAM FRAMEWORK: APPLICABLE LAWS AND REGULATIONS

Discusses the regulatory environment, common elements across jurisdictions, and strategies for aligning compliance with organizational strategy.

PRIVACY OPERATIONAL LIFE CYCLE ASSESS: DATA ASSESSMENTS

Relates practical processes for creating and using data inventories/maps, gap analyses, privacy assessments, privacy
impact assessments/data protection impact assessments, and vendor assessments.

PRIVACY OPERATIONAL LIFE CYCLE – PROTECT: PROTECTING PERSONAL INFORMATION

Examines a holistic approach to protecting personal information through security controls, privacy by design, and an understanding of privacy risk models and frameworks, along with risks associated with the use of artificial intelligence.

PRIVACY OPERATIONAL LIFE CYCLE – PROTECT: POLICIES 

Describes common types of privacy- and data protection-related policies, outlines components, and offers
strategies for implementation.

PRIVACY OPERATIONAL LIFE CYCLE – SUSTAIN: MONITORING AND AUDITING PROGRAM PERFORMANCE

Relates common practices for monitoring, measuring, analysing and auditing privacy program performance.

PRIVACY OPERATIONAL LIFE CYCLE – SUSTAIN: TRAINING AND AWARENESS

Outlines strategies for developing and implementing privacy training and awareness programs.

PRIVACY OPERATIONAL LIFE CYCLE – RESPOND: DATA SUBJECT RIGHTS

Discusses operational considerations for communicating and ensuring data subject rights, including privacy notice, choice and consent, access and rectification, data portability, and erasure.

PRIVACY OPERATIONAL LIFE CYCLE – RESPOND: DATA BREACH INCIDENT PLANS

Provides guidance on planning for and responding to a data security incident or breach.

FOUNDATIONAL PRINCIPLES OF PRIVACY IN TECHNOLOGY

Summarizes the foundational elements for embedding privacy in technology through privacy by design and value-sensitive design; reviews the data life cycle and common privacy risk models and frameworks.

THE ROLE OF THE TECHNOLOGY PROFESSIONAL IN PRIVACY

Reviews the fundamentals of privacy as they relate to the privacy technologist; describes the privacy technologist’s role in ensuring compliance with privacy requirements and meeting stakeholder privacy expectations; explores the relationship between privacy and security.

PRIVACY THREATS AND VIOLATIONS

Identifies inherent risks throughout the stages of the data life cycle and explores how software security helps mitigate privacy threats; examines the impacts that behavioural advertising, cyberbullying and social engineering have on privacy within the technological environment.

TECHNICAL MEASURES AND PRIVACY-ENHANCING TECHNOLOGIES

Outlines the strategies and techniques for enhancing privacy throughout the data life cycle, including: identity and access management; authentication, encryption, and aggregation; collection and use of personal information.

PRIVACY-BY-DESIGN METHODOLOGY

Illustrates the process and methodology of the privacy-by-design model; explores practices to ensure ongoing vigilance when implementing privacy by design.

PRIVACY ENGINEERING

Explores the role of privacy engineering within an organization, including the objectives of privacy engineering, privacy design patterns, and software privacy risks.

TECHNOLOGY CHALLENGES FOR PRIVACY

Examines the unique challenges that come from online privacy issues, including automated decision making, tracking and surveillance technologies, anthropomorphism, ubiquitous computing and mobile social computing.

FOUNDATIONS OF ARTIFICIAL INTELLIGENCE: Defines AI and machine learning, presents an overview of the different types of AI systems and their use cases, and positions AI models in the broader socio-cultural context.

AI IMPACTS ON PEOPLE AND RESPONSIBLE AI PRINCIPLES: Outlines the core risks and harms posed by AI systems, the characteristics of trustworthy AI systems, and the principles essential to responsible and ethical AI.

GOVERNING AI DEVELOPMENT: Explains considerations for planning, designing and building AI systems, including governing data collection and use in AI design and development.

GOVERNING AI DEPLOYMENT: Addresses best practices for the preparation and execution of AI deployment, as well as post-implementation activities.

THE EU AI ACT: Discusses key points related to terminology, risk levels, requirements, governance and enforcement as laid out in
the EU AI Act.

OTHER LAWS AND STANDARDS RELATED TO AI: Surveys the existing laws that apply to AI and provides awareness of liability reform. Describes relevant global laws and major frameworks and standards that exemplify responsible governance of AI systems.