The law requires companies to have a Data Protection Officer. Become this figure thanks to this program"

Why Study at TECH?

TECH is the world's largest 100% online business school. It is an elite business school, with a model based on the highest academic standards. A world-class center for intensive managerial skills education.   

TECH is a university at the forefront of technology, and puts all its resources at the student's disposal to help them achieve entrepreneurial success”

At TECH Global University

Innovation

The university offers an online learning model that balances the latest educational technology with the most rigorous teaching methods. A unique method with the highest international recognition that will provide students with the keys to develop in a rapidly-evolving world, where innovation must be every entrepreneur’s focus.

"Microsoft Europe Success Story", for integrating the innovative, interactive multi-video system. 

The Highest Standards

Admissions criteria at TECH are not economic. Students don't need to make a large investment to study at this university. However, in order to obtain a qualification from TECH, the student's intelligence and ability will be tested to their limits. The institution's academic standards are exceptionally high...  

95% of TECH students successfully complete their studies.

Networking

Professionals from countries all over the world attend TECH, allowing students to establish a large network of contacts that may prove useful to them in the future.  

100,000+ executives prepared each year, 200+ different nationalities.

Empowerment

Students will grow hand in hand with the best companies and highly regarded and influential professionals. TECH has developed strategic partnerships and a valuable network of contacts with major economic players in 7 continents.  

500+ collaborative agreements with leading companies.

Talent

This program is a unique initiative to allow students to showcase their talent in the business world. An opportunity that will allow them to voice their concerns and share their business vision. 

After completing this program, TECH helps students show the world their talent. 

Multicultural Context

While studying at TECH, students will enjoy a unique experience. Study in a multicultural context. In a program with a global vision, through which students can learn about the operating methods in different parts of the world, and gather the latest information that best adapts to their business idea. 

TECH students represent more than 200 different nationalities.  

Learn with the best

In the classroom, TECH’s teaching staff discuss how they have achieved success in their companies, working in a real, lively, and dynamic context. Teachers who are fully committed to offering a quality specialization that will allow students to advance in their career and stand out in the business world. 

Teachers representing 20 different nationalities. 

TECH strives for excellence and, to this end, boasts a series of characteristics that make this university unique:   

Analysis

TECH explores the student’s critical side, their ability to question things, their problem-solving skills, as well as their interpersonal skills.  

Academic Excellence

TECH offers students the best online learning methodology. The university combines the Relearning methodology (the most internationally recognized postgraduate learning methodology) with Harvard Business School case studies. A complex balance of traditional and state-of-the-art methods, within the most demanding academic framework.   

TECH is the world’s largest online university. It currently boasts a portfolio of more than 10,000 university postgraduate programs. And in today's new economy, volume + technology = a ground-breaking price. This way, TECH ensures that studying is not as expensive for students as it would be at another university.   

At TECH, you will have access to the most rigorous and up-to-date case analyses in academia” 

The structure of this Master's Degree in Corporate Data Protection Officer has been designed in such a way that students can manage their own study. For this purpose, the necessary didactic resources are offered to allow students to go through the most updated concepts in this area, which will be fundamental for their professional development. Thus, the program will become a practical work guide in which the most important regulations, both national and international, on this indispensable subject in all companies will appear. 

A very well structured program that will allow you to carry out a global study on data protection in the company allowing you to access positions of great responsibility in companies"

Syllabus

This syllabus is structured in 10 theoretical modules that, through an eminently practical approach, prepare students to work as Data Protection Officers in companies of all sizes and sectors. In this way, and thanks to the contents and tools offered by this Master's Degree, the students will be able to take advantage of the opportunities provided by a sector that forces companies to rely on this professional figure, ensuring a quality job placement and high economic prospects. 

To achieve this objective, and throughout the 1,500 hours of study, the students will analyze many practical cases through individual work, which will allow them to acquire the necessary skills to develop successfully ensuring the protection of personal data and being able to demonstrate compliance with the RGPD and the LOPDGDD before the relevant authorities. 

Likewise, the program will teach the most appropriate and legally approved ways to collect, treat and process the data handled by a company. Thus, the future professional will be able to apply the technical and organizational measures necessary to ensure compliance with the law in accordance with the provisions of the General Data Protection Regulation. 

All this condensed into a highly effective program of studies, designed based on a proven and award-winning teaching methodology that prepares students for their professional and personal improvement based on the opportunities offered by a booming sector. 

The program takes place over 12 months and is divided into 10 modules:

Module 1. Regulatory Framework for Data Protection and Provision of Consent
Module 2. Data protection in the public sector
Module 3. Study on Health Data as a Special Category of Personal Data
Module 4. The Rights of Individuals in Data Protection Matters
Module 5. Civil Liability and Penalties Regime
Module 6. Personal Data Protection and Digital Rights Guarantees in Relation to ICT in the Information Society
Module 7. Criminal Data Protection
Module 8. Compliance Models. A practical approach to data protection in enterprises
Module 9. Data protection in Europe: Present and Future from a Private International Law Perspective
Module 10. Impact Assessments and Information Security Management

Where, When and How is it Taught?

TECH offers the possibility of developing this Master's Degree in Corporate Data Protection Officer in a totally online way. Throughout the 12 months of the educational program, you will be able to access all the contents of this program at any time, allowing you to self-manage your study time.

Module 1. Regulatory Framework for Data Protection and Provision of Consent

1.1. Historical evolution of data protection law in Spain

1.1.1. Article 18.4 CE
1.1.2. LOTRAD
1.1.3. LOPDCP 1999

1.1.3.1. Current LOPDGDD regulations

1.2. The right to data protection as a fundamental right

1.2.1. Delimitation
1.2.2. Essential Content

1.2.2.1. Distinction with the right to honor and privacy

1.3. EU General Data Protection Regulation

1.3.1. Hierarchy in the source system
1.3.2. Structure of the regulation
1.3.3. Distinction with information society regulations

1.4. Spanish civil data protection regulations

1.4.1. LOPDGDD
1.4.2. Essential content of the LOPDDGDD
1.4.3. Digital rights

1.5. Introduction to the provision of consent in the field of data protection
1.6. Consent as a legitimate basis for the processing of personal data

1.6.1. Free consent
1.6.2. Informed Consent
1.6.3. Specific consent
1.6.4. Unequivocal Consent

Module 2. Data protection in the public sector

2.1. The European and Spanish Data Protection Framework

2.1.1. Regulatory context
2.1.2. European data protection framework
2.1.3. Impact of European Regulation In Spain

2.2. Institutional structure of data protection and supervision of the activity of the public administrations

2.2.1. Spanish administrative organization: AEPD and the autonomous data protection authorities
2.2.2. Competence and scope of action in the control of public administrations
2.2.3. The regional authorities

2.3. Institutional structure imposed by the RGPD

2.3.1. General Matters
2.3.2. Comission
2.3.3. The European Data Protection Board

2.4. Data protection officers in the public sector

2.4.1. The requirement for DPOs in the public sector
2.4.2. Functions of the DPO
2.4.3. Requirements, possibilities and types of DPOs in the public sector

2.5. Administrative activity and data protection (I)

2.5.1. General Matters
2.5.2. Impact on the procedural area
2.5.3. Impact on transparency and access to information

2.6. Administrative activity and data protection (II)

2.6.1. Data protection in electronic procedures
2.6.2. Data protection and personnel management
2.6.3. Archives, historical, statistical and scientific research

2.7. Administrative sanctions in the field of data protection

2.7.1. The typology of sanctions. Special position of public administrations
2.7.2. The Sanctioning Procedure
2.7.3. Competent bodies

2.8. Jurisdictional guardianship of data protection in the RGPD

2.8.1. Access to jurisdiction. Procedural aspects
2.8.2. Right to indemnification
2.8.3. Appeals against the supervisory authority and against the committee's resolutions

2.9. Sectorial regulation (I)

2.9.1. Data protection in healthcare matters
2.9.2. Data protection in the field of education
2.9.3. Data protection in the field of social services

2.10. Sectorial regulation (II)

2.10.1. Data protection in the telecommunications sector
2.10.2. Transparency and Data Protection
2.10.3. Data protection in public sector procurement

Module 3. Study on Health Data as a Special Category of Personal Data

3.1. The Concept of Health

3.1.1. Concept of Health. The right to health as a fundamental right
3.1.2. Concept of global health
3.1.3. From a traditional health system to the so-called "digital health"

3.2. Bioethics Health Personal Data

3.2.1. Bioethics and the principles that inform it
3.2.2. Bioethics and health
3.2.3. Bioethics and personal data

3.3. Patients' rights in the personal data environment

3.3.1. Patients' rights: healthy and sick
3.3.2. Patients and personal data
3.3.3. Autonomy of will, personal data and patients

3.4. Health Biomedical Research Protection of Personal Data

3.4.1. Scientific research and biomedical research and health
3.4.2. Scientific research and biomedical research and personal data
3.4.3. Relevant regulations

3.5. Health-related data. Special categories of data

3.5.1. Conceptual framework
3.5.2. Legislative Framework
3.5.3. Sensitive or protected data as a modality of personal rights

3.6. Genetic data

3.6.1. Conceptual framework
3.6.2. Legislative Framework
3.6.3. Genetic data and personal data. Main doctrinal and practical disquisitions. Right to genetic information versus the right not to know

3.7. Biometric data

3.7.1. Conceptual framework
3.7.2. Legislative Framework
3.7.3. Biometric data and personal data. Main doctrinal and practical disquisitions

3.8. Treatment of the category of special or sensitive data

3.8.1. Basic principles of the processing of special data
3.8.2. Rights of individuals with regard to the processing of sensitive health data
3.8.3. The issue of profiling

3.9. Protection of health data

3.9.1. Health data protection. Notes that inform it
3.9.2. Medical History. Its impact on the processing of personal health data
3.9.3. Informed Consent Its impact on the processing of personal health data

3.10. Processing of health data in times of pandemics

3.10.1. Global health and personal data processing
3.10.2. Treatment of health data and patients' rights in times of pandemic
3.10.3. Legislative study. Analysis of Order SND/297/2020, of 27 March, which entrusts the Secretary of State for Digitalization and Artificial Intelligence, of the Ministry of Economic Affairs and Digital Transformation, with the development of various actions for the management of the healthcare crisis caused by COVID-19

Module 4. The Rights of Individuals in Data Protection Matters

4.1. The protection of rights and freedoms in Big Data

4.1.1. Preliminary Matters
4.1.2. Big data as a starting point
4.1.3. The legal response to the new scenario

4.2. The right to data protection

4.2.1. Privacy as an Object of Protection
4.2.2. Regulatory and jurisprudential developments
4.2.3. New European framework for data protection

4.3. The rights of the data subject (I): general principles

4.3.1. Right to access
4.3.2. Information and Transparency
4.3.3. Right to limitation of processing

4.4. The rights of the data subject (II): general principles

4.4.1. Right to data portability
4.4.2. Automated decisions and profiling
4.4.3. Privacy by design

4.5. The rights of the data subject (III): The right to be forgotten

4.5.1. The Google case as a leading case
4.5.2. Case law developments
4.5.3. Current Legal Framework

4.6. The rights of the data subject (IV): The right of suppression

4.6.1. Concept and Legal Nature
4.6.2. Objectives and Contents
4.6.3. Subjects and ownership

4.7. The rights of the data subject (V): Arch rights

4.7.1. Cancellation
4.7.2. Opposition
4.7.3. Rectification

4.8. Rights of the data subject (VI): Digital rights

4.8.1. Preliminary Matters
4.8.2. Rights and freedoms of the digital age
4.8.3. Legal guarantees of digital rights

4.9. The exercise of rights

4.9.1. Procedural issues
4.9.2. Active subjects
4.9.3. Passive Entity

4.10. Limits and Limitations of Rights

4.10.1. General Matters
4.10.2. Collision of rights
4.10.3. The role of case law

Module 5. Civil Liability and Penalties Regime

5.1. The right of redress

5.1.1. Preliminary notes on the right of redress
5.1.2. Uniform protection of the right to data
5.1.3. Regulation, principles and characteristics of the specific system of liability in data protection matters

5.2. Responsible Parties

5.2.1. Delimitation
5.2.2. Plurality of subjects
5.2.3. IPS as responsible parties in the processing of personal data

5.3. The civil liability regime in the field of data protection

5.3.1. Direct and tort liability
5.3.2. Subjective and joint and several liability
5.3.3. Integral reparation of the damage

5.4. The claim action

5.4.1. Regulation and standing
5.4.2. Competent Courts
5.4.3. Special reference to class actions

5.5. Infringement regime in the GDPR (I)

5.5.1. Delimitation of the scope of application
5.5.2. Responsible Parties
5.5.3. Sanctioning entities

5.6. Infringement regime in the GDPR (II)

5.6.1. Regulation
5.6.2. Infringements
5.6.3. Infringements with aggravated fine

5.7. Penalties regime in the GDPR

5.7.1. Types of penalties
5.7.2. Administrative fines
5.7.3. Coercive fines

5.8. The repealed LOPD

5.8.1. Brief reference to the penalty regime
5.8.2. Infringements
5.8.3. Penalties

5.9. The sanctioning regime of the LOPDGDD (I)

5.9.1. General Matters
5.9.2. Very serious infringements
5.9.3. Serious infringements

5.10. The sanctioning regime of the LOPDGDD (II)

5.10.1. Minor infringements
5.10.2. Statute of limitations for infringements
5.10.3. Penalties

Module 6. The Personal Data Protection and Digital Rights Guarantees in Relation to ICT in the Information Society

6.1. Personal data protection and human resources

6.1.1. The protection of personal data in relation to human resources
6.1.2. Information Management and digital rights

6.2. Personal data protection and electronic mediation

6.2.1. Electronic Mediation and Personal Data Protection
6.2.2. Issues relating to safeguards in the mediation procedure

6.3. Personal data protection and Social media

6.3.1. Personal data protection and Social media
6.3.2. The provision of consent and its effects

6.4. Protection of personal data in mobile applications for disease diagnosis

6.4.1. Personal data protection and biomedical research
6.4.2. Minors and mobile applications for disease diagnosis

6.5. Protection of personal data in relation to gender identity and expression

6.5.1. Protection of personal data in relation with the identity
6.5.2. Protection of personal data and gender expression

6.6. Protection of personal data in the field of electronic health insurance contracting

6.6.1. Contractual relationships in relation to health and personal data protection
6.6.2. The case of HIV/AIDS carriers

6.7. Protection of personal data, artificial intelligence and civil liability

6.7.1. Personal data protection and robotics
6.7.2. Civil liability and artificial intelligence

6.8. Personal data protection and trade secrets

6.8.1. Trade secrets
6.8.2. Protection of personal data, consent and confidentiality

6.9. Personal data protection and false information

6.9.1. Right to information and Personal Data Protection
6.9.2. Artificial Intelligence and Truthfulness

6.10. Protection of personal data of deceased persons in the technological environment

6.10.1. Limits on access to personal data of deceased persons
6.10.2. Access to contents managed by information society service providers

Module 7. Criminal Data Protection

7.1. Current Legal Framework

7.1.1. In Union law
7.1.2. Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data and repealing Council Framework Decision 2008/977/JHA and its transposition by Royal Decree-Law 12/2018 of 7 September on the security of networks and information systems
7.1.3. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 on measures to ensure a high common level of security of network and information systems in the Union
7.1.4. Processing of data of a criminal nature in RGPD and LO 3/2018

7.2. Data protection in Spanish criminal law

7.2.1. Technological crimes and cybercrimes
7.2.2. Cybereconomic crimes
7.2.3. Cyberintrusive crimes
7.2.4. Cybersec

7.3. General issues of the instruction I

7.3.1. The denunciation and the complaint
7.3.2. Request for proceedings
7.3.3. The evidence
7.3.4. The brief of provisional conclusions

7.4. General issues of the instruction II

7.4.1. Technological Research Process
7.4.2. Digital evidence
7.4.3. An Expert Report
7.4.4. Appeals system

7.5. Discovery and disclosure of secrets. Art. 197 of the Penal Code

7.5.1. General Matters
7.5.2. Protected Legal Asset
7.5.3. Aggravated Sub-Types
7.5.4. Penological issues

7.6. Computer damages. Art. 264 of the Penal Code

7.6.1. General Matters
7.6.2. Protected Legal Asset
7.6.3. Aggravated Sub-Types
7.6.4. Penological issues

7.7. Criminal Liability of Legal Entities

7.7.1. Scope of Application
7.7.2. Due control for the prevention of crimes in the company
7.7.3. Circumstances modifying the RPPJ
7.7.4. Precautionary measures and penological issues

7.8. Procedural issues of technological means II. Art. 588 bis LECrim

7.8.1. Guiding principles, request for judicial authorization and judicial resolution
7.8.2. Secrecy, duration, request for extension and control of the measure
7.8.3. Affectation of third parties and use of information obtained in a different procedure and chance discoveries
7.8.4. Termination of the measure and destruction of records

7.9. Procedural issues in the criminal prosecution of technological crimes III

7.9.1. Interception of telephone and telematic communications
7.9.2. Access of the parties to the recordings
7.9.3. Incorporation of electronic traffic or associated data into the process
7.9.4. Access to the data necessary for the identification of users, terminals and connectivity devices

7.10. Procedural issues in the criminal prosecution of technological crimes IV

7.10.1. Capturing and recording of oral communications through the use of electronic devices
7.10.2. Use of technical devices for image capturing, tracking and tracing
7.10.3. Recording of massive information storage devices
7.10.4. Remote recording on computer equipment

Module 8. Compliance Models. A practical approach to data protection in enterprises

8.1. Introduction to compliance. Purpose and importance

8.1.1. Introduction to Compliance Models
8.1.2. Nature and objectives of compliance models
8.1.3. Regulatory risks. Data protection as an object of compliance models
8.1.4. Current situation in Spanish companies

8.2. Historical background and evolution of compliance

8.2.1. Historical Background. U.S. Law
8.2.2. Compliance regulations and their evolution
8.2.3. Soft law and standardization

8.3. Compliance models: regulations and general requirements

8.3.1. Spanish reference regulations
8.3.2. International and national standards
8.3.3. General principles and requirements of compliance models

8.4. Elements of compliance models I: model basics

8.4.1. Regulatory risk analysis: criminal and administrative risks
8.4.2. Risk mitigation measures

8.4.2.1. Protocols on decision making in the company
8.4.2.2. Financial resource management models
8.4.2.3. Specific risk mitigation measures

8.5. Elements of compliance models II: compliance assurances

8.5.1. Penalty regime for infringements
8.5.2. Complaints channels and other means of communication
8.5.3. Directive (UE) 2019/ 1937

8.6. Elements of compliance models III: internal investigations

8.6.1. Requirements for internal investigations
8.6.2. Worker’s Warranties Relevant jurisprudence
8.6.3. Penalty Procedure

8.7. Elements of compliance models IV: dissemination of the model

8.7.1. Role of top management: context of the organization and leadership
8.7.2. Internal communication of the measures that make up the model
8.7.3. Employee training

8.8. Elements of compliance models V: supervision

8.8.1. Control body. Similarities and differences with DPD
8.8.2. Supervision model
8.8.3. Structure of the three lines of defense: coexistence with internal audit

8.9. Compliance models as a guarantee against third parties

8.9.1. Duty of care towards third parties in Spanish law
8.9.2. Codes of conduct in data protection matters
8.9.3. Contractual clauses with third parties
8.9.4. Certifications and their probative value

8.10. Practical considerations on compliance models

8.10.1. Sectorial incidence of compliance models
8.10.2. Data confidentiality in a broad sense Law 1/2019, January 7, 2000, on Civil Procedure
8.10.3. Cybersecurity and compliance ISO 27.0001 standard and information security management systems

Module 9. Data protection in Europe: Present and Future from a Private International Law Perspective

9.1. Protection of rights in Europe

9.1.1. Privacy rights
9.1.2. Personality rights
9.1.3. Data Protection

9.2. European Sources

9.2.1. Directive 95/46/EU
9.2.2. Regulation (EC) Number 2016/679
9.2.3. Proposed ePrivacy Regulation

9.3. International jurisdiction in cross-border disputes

9.3.1. General Aspects
9.3.2. Brussels Ibis Regulation (EU) No. 1215/2012
9.3.3. Regulation (EC) Number 106/679
9.3.4. National rules

9.4. Applicable law in cross-border disputes

9.4.1. Contractual Obligations Rome I Regulation 598/2010
9.4.2. Non-Contractual Obligations
9.4.3. Directive 2000/31/EC on Information Society services

9.5. International relationships between social network providers and (potential) users

9.5.1. Choice-of-court agreements in the general terms and conditions of business
9.5.2. Choice of law agreements in the general terms and conditions of business
9.5.3. The law applicable to data protection
9.5.4. Potential users

9.6. Relationships between users of social networks

9.6.1. Connection between lex fori and lex loci delicti
9.6.2. Empirical convergence

9.7. European jurisprudence (CJEU and ECHR)

9.7.1. VKI v. Amazon
9.7.2. Greece v. Nikiforidis
9.7.3. Stylianou v. Cyprus

9.8. Big Data and Private International Law

9.8.1. International legal implications
9.8.2. Legal protection of the algorithm and the database
9.8.3. Contractual relationships
9.8.4. Work Relationships

9.9. The right to be forgotten

9.9.1. Europe
9.9.2. U.S
9.9.3. Convergence

9.10. Towards a synthesis

9.10.1. The rapprochement between international jurisdiction and conflict rules
9.10.2. Connections
9.10.3. The search for neutrality

Module 10. Impact Assessments and Information Security Management

10.1. Risk analysis and management of personal data processing

10.1.1. Risk Management General Concepts
10.1.2. Privacy by Design and risk
10.1.3. Approach to ISO 31000 Risk Management

10.2. Fundamentals of Impact Assessments (EIPD)

10.2.1. Origin of EIPD
10.2.2. Need for and scope of EIPD
10.2.3. Methods

10.3. EIPD in the General Data Protection Regulation

10.3.1. Regulation
10.3.2. Principle of active responsibility
10.3.3. Guidelines of the Spanish Data Protection Agency

10.4. Prior analysis and processing where it is necessary to carry out a EIPD

10.4.1. Subjects obliged to carry out a EIPD
10.4.2. Assessment of necessity and proportionality
10.4.3. Necessity Report

10.5. Practical aspects of carrying out an EIPD
10.6. Introduction to Information Security

10.6.1. Law and cybersecurity
10.6.2. Basic Concepts
10.6.3. Roles and Responsibilities

10.7. Main domains

10.7.1. Introduction of Information Security Governance
10.7.2. Strategic
10.7.3. Compliance
10.7.4. Risk Management.
10.7.5. Operation

10.8. Convergence between security and privacy

10.8.1. Introduction to management frameworks
10.8.2. ISO/IEC 27001 and National Security Schema
10.8.3. ISO/IEC 27701 and RGPD-LOPD GDD

10.9. Security Incident Response

10.9.1. Introduction to Business Continuity
10.9.2. Security incident response teams
10.9 3. Legal implications

10.10. Basic principles of auditing and chain of custody of digital evidence

10.10.1. Audit process (ISO 19011)
10.10.2. Digital evidence and its legal implications
10.10.3. Examples of judgments

A syllabus that will show you the public relations strategies applied as growth levers"