Cybersecurity and personal data protection 2200-1PS015

The following topics are discussed during the classes:
- basic cyber threats to individuals and organizations in the modern world,
- risks to individual rights resulting from the processing of personal data,
- objectives of regulations in the field of cybersecurity and personal data protection
- risk-based approach in security sciences, cybersecurity and personal data protection,
- discussion of basic legal acts in the field of cybersecurity and personal data protection (NIS 2 Directive, DORA, CRA, CSA regulations, Cybersecurity Act, Act and National Cybersecurity System, Act on Combating Abuse in Telecommunications, Anti-Terrorism Act, GDPR, Personal Data Protection Act, Act on Artificial Intelligence, others),
- basic concepts in the field of cybersecurity (cyber threat, vulnerability, incident, etc.)
- key and important entities - their rights and obligations
- obligations of states in the field of cybersecurity,
- the role of CSIRT
- handling and reporting incidents
- high-risk suppliers
- basic concepts in the field of personal data (personal data, administrator, data processing, processor, anonymization, etc.)
- basic principles of personal data protection,
- legal basis for personal data processing,
- rights of the data subject
- privacy by design and privacy by default, risk analysis and data security
- reporting violations
- rights and obligations of supervisory authorities
- data transfer to third countries,
- administrative fines
- other issues