Cybersecurity and personal data protection 2200-1W147S

The following issues are discussed during the lecture:
- provisions of European and Polish law relating to cybersecurity and personal data protection,
- regulatory objectives and basic concepts from both scopes,
- a risk-based approach,
- addressees of cybersecurity regulations: operators of essential services, digital service providers and public entities,
- obligations of operators of essential services, digital service providers and public entities,
- the role of CSIRTs and other cybersecurity competent authorities,
- principles of the protection of personal data,
- legal grounds for the processing of personal data,
- data subjects' rights,
- data protection impact assessment,
- privacy by design / privacy by default,
- the role and tasks of the data protection oficer,
- administrative fines,
- supervisory authorities and their tasks

Type of course

elective courses

Mode

Classroom

Prerequisites (description)

Cybersecurity and personal data protection have many common elements. Broadly understood cybersecurity is the security of information systems and the information and data stored in them, including personal data. However, the law does not cover the entire area of cybersecurity and personal data protection. The goal of the legislator is to ensure not so much the security of systems, but the continuity of the provision of services provided with their help, and in the case of the provisions on the protection of personal data - protection of the rights and freedoms of persons whose data is processed. European cybersecurity regulations, i.e. in particular the NIS directive and the Polish act on the national cybersecurity system, apply only to certain sectors, e.g. fuel, banking, transport and health, and some digital services. On the other hand, the provisions of the General Data Protection Regulation (GDPR) relate primarily to automated data processing.

Course coordinators

Arwid Mednis

Learning outcomes

Students should master the knowledge of cybersecurity and personal data protection regulations.

Assessment criteria

The course ends with a grade in the form of a short test.

Practical placement

Not applicable

Additional information

Additional information (registration calendar, class conductors, localization and schedules of classes), might be available in the USOSweb system:

Description of 2200-1W147S in USOSweb