Info
Logo Bocconi

Course 2019-2020 a.y.

20655 - CYBER RISK AND DATA PROTECTION LAW

CYBER
Department of Law

Course taught in English

Go to class group/s: 25

CYBER (6 credits - II sem. - OB  |  IUS/04)
Course Director:
MARIATERESA MAGGIOLINO

Classes: 25 (II sem.)
Instructors:
Class 25: MARIATERESA MAGGIOLINO


Mission & Content Summary
MISSION

The course aims at identifying the main legal issues connected to the risk management that a cyber-company faces in light of the current European regulatory framework. The first part of the course deals with the topic of cybersecurity. After having described the main threats and vulnerabilities of networks, it illustrates the best practices and rules used to tackle them. In particular, it analyses the NIS Directive and the Cybersecurity Act in force into the European Union. It concludes with the discussion of how these rules are tailored within specific industries. The second part of the course focuses on EU data protection. After describing the GDPR’s main provisions, it addresses the rules governing data processing and, in particular, the duties cast upon controllers and processors. In this context the role and obligations of data protection officers are illustrated.

CONTENT SUMMARY

Part I. Cybersecurity:

  • Threats and Vulnerabilities.
  • Best Practices and rules.
  • The NIS Directive 2016.
  • Cybersecurity Act 2017.
  • Cybersecurity Governance.
  • Industry specific cybersecurity rules.

Part II. European Data Protection Law:

  • General provisions.
  • Principles and rights related to data processing and data subjects.
  • Controller and processor.
  • Security of personal data.
  • Data protection officer.

Intended Learning Outcomes (ILO)
KNOWLEDGE AND UNDERSTANDING
At the end of the course student will be able to...
  • Assess the risks that a company operating in the digital environment faces.
APPLYING KNOWLEDGE AND UNDERSTANDING
At the end of the course student will be able to...
  • Identify the legal tools that cyber companies need to tackle the risks brought about by the digital environment in order to comply with within the current EU regulation.

Teaching methods
  • Face-to-face lectures
  • Guest speaker's talks (in class or in distance)
DETAILS
  • Face to face classes are taught by Bocconi faculty members.
  • Some classes are covered by specific guest – professionals operating in cyber companies in the capacity of data protection officer and risk manager – to provide a more concrete understanding of the roles and duties that the law require them to perform.

Assessment methods
  Continuous assessment Partial exams General exam
  • Written individual exam (traditional/online)
  •     x
    ATTENDING AND NOT ATTENDING STUDENTS

    The General exam aims at verifying the ability of students in identifying legal issues that can arise in relation to risk management and data processing and applying the legal solutions to them.

    • The open question test the students ability to comply with the legal framework in a concrete case they'll be asked to face.
    • The multiple choice questions verify the level of understanding of the legal framework that they have acquired.

    Teaching materials
    ATTENDING AND NOT ATTENDING STUDENTS

    Students are required to have the slides and read, for each of the topics discussed in class, a scientific paper. All materials are available on the Bboard.

    Last change 06/06/2019 10:44