Course 2025-2026 a.y.

Data Protection module 

• Foundations of privacy and data protection in the EU legal order. 
• Material and territorial scope of the GDPR; key definitions and principles. 
• Data subjects’ rights and controllers’/processors’ obligations. 
• Data breaches and incident management; notification duties. 
• Data transfers and international data flows. 
• Applied topics: AI and data protection; digital identity; cookies and tracking technologies. 
• Enforcement, accountability, and sanctions. 

Cybersecurity module 

• Introduction to cyber risk: types of threats, vulnerabilities, and impacts. 
• EU cybersecurity framework: NIS2 Directive, Cybersecurity Act, DORA (overview). 
• Cyber risk management obligations for essential and important entities. 
• Cybersecurity and AI; misinformation and cyber-enabled harms. 
• Protection of critical infrastructures and cloud services. 
• Case studies delivered by practitioners on cybersecurity compliance and incident response 

• Identify the key legal principles governing privacy, data protection, and cybersecurity under the EU framework. 
• Explain the legal frameworks regulating data protection and cybersecurity. 
• Recognize the risks associated with data processing and digital infrastructures, including cyber threats and vulnerabilities. 
• Describe the obligations imposed on organizations in terms of data governance, risk management, and incident response. 
• Summarize the main regulatory tools available to mitigate cyber risks and ensure compliance in digital environments. 

• Apply GDPR and cybersecurity rules to real or hypothetical scenarios involving data breaches, cyber incidents, or compliance challenges. 
• Analyze case-based issues by unpacking factual elements, identifying legal challenges, and proposing structured solutions. 
• Evaluate different regulatory and strategic options for managing cyber risk and data protection obligations. 
• Interpret legal provisions, decisions, and guidelines to assess their implications for organizations and users. 
• Develop clear and persuasive legal arguments when addressing complex interactions between technology, compliance, and fundamental rights. 

• Lectures
• Guest speaker's talks (in class or in distance)

Face-to-face lectures 

These lectures provide the conceptual structure of the course, introducing the legal frameworks governing data protection and cybersecurity and explaining how these rules apply to technological infrastructures and organizational processes. Students are encouraged to participate actively and engage with practical examples. 

Guest speaker talks 

The course includes several talks by legal practitioners, cybersecurity experts, and industry professionals. These sessions illustrate how data protection and cybersecurity obligations work in practice, how companies address cyber risk, and how regulators and practitioners respond to incidents. They allow students to connect theoretical concepts with operational and real-world challenges. 

n order to assess the achievement of the above learning outcomes, student assessment is based on a written exam that counts for 100% of the final grade. The exam consists of open-ended questions aimed at evaluating students’ ability to

(i) explain the legal principles and regulatory frameworks governing data protection and cybersecurity;

(ii) address a practical situation where data protection and cybersecurity are involved designed to test students’ analytical skills, namely their ability to identify and address legal issues arising in digital and technological contexts. 

For this course, there is no required textbook. All essential readings  including judicial decisions, academic articles, policy documents, and selected case law will be uploaded on the Bboard platform prior to the relevant classes. Additional materials may be provided during the semester to reflect new developments in the fields of intellectual property, online platform regulation, data protection, and AI governance. 

Students who wish to explore specific topics in greater depth may consult optional readings suggested throughout the course; these are not required for the exam. Any updates or changes to teaching materials will be communicated promptly to ensure accurate information for students and for library and Course Reserve services.