20655 - CYBER RISK AND DATA PROTECTION LAW
Course taught in English
Go to class group/s: 25
Class-group lessons delivered on campus
The course aims at identifying the main legal issues connected to the risk management that a cyber-company faces in light of the current European regulatory framework. The first part of the course deals with the topic of cybersecurity. After having described the main threats and vulnerabilities of networks, it illustrates the best practices and rules used to tackle them. In particular, it analyses the NIS Directive and the Cybersecurity Act in force into the European Union. It concludes with the discussion of how these rules are tailored within specific industries. The second part of the course focuses on EU data protection. After describing the GDPR’s main provisions, it addresses the rules governing data processing and, in particular, the duties cast upon controllers and processors. In this context the role and obligations of data protection officers are illustrated.
Part I. Cybersecurity:
- Threats and Vulnerabilities.
- Best Practices and rules.
- The NIS Directive 2016.
- Cybersecurity Act 2017.
- Cybersecurity Governance.
- Industry specific cybersecurity rules.
Part II. European Data Protection Law:
- General provisions.
- Principles and rights related to data processing and data subjects.
- Controller and processor.
- Security of personal data.
- Data protection officer.
- Assess the risks that a company operating in the digital environment faces.
- Identify the legal tools that cyber companies need to tackle the risks brought about by the digital environment in order to comply with within the current EU regulation.
- Face-to-face lectures
- Guest speaker's talks (in class or in distance)
- Face to face classes are taught by Bocconi faculty members.
- Some classes are covered by specific guest – professionals operating in cyber companies in the capacity of data protection officer and risk manager – to provide a more concrete understanding of the roles and duties that the law require them to perform.
The exam aims at verifying the ability of students in identifying legal issues that can arise in relation to risk management and data processing and applying the legal solutions to them.
- The open questions test the students ability to comply with the legal framework in a concrete case they'll be asked to face.
- The multiple choice questions verify the level of understanding of the legal framework that they have acquired.
Students can take a partial written exam covering the first part of the course and complete the written exam at the end of the course with the second part. The weight is: 50% for the partial exam and 50% for the end of term exam.
Alternatively, students can take a general written exam covering both parts of the course and accounting for 100% of the final grade (50%+50%, as mentioned above). The detailed structure of the exams will be announced at the beginning of the course.
Students are required to have the slides and read, for each of the topics discussed in class, a scientific paper. All materials are available on the Bboard.