Tilburg Law School

Tilburg Law School offers highly-ranked national and international education and research in law and public administration.

Post Executive Specialization course on Privacy and Data Protection Legislation

In Winter 2018, the 12th edition of the successful course on privacy and data protection legislation will take place. During 4 days (all Fridays) the participants will gain a foundational understanding of the relevant legislation and case law, as well as practical experience in handing data protection issues via case studies. As the current Data Protection Directive will be replaced in May 2018 by the new General Data Protection Regulation (GDPR), the course will prepare the participants in view of the new challenges and obligations that will be in place when the GDPR becomes applicable. Special attention will be given to issues prominent in an international setting of data use, including on the scope of application of the Regulation and compliance with the EU data transfer rules (including the implications of the recently adopted Privacy Shield on data transfers between the EU and the US). Both the new rules as well as their organizational embedding, including guidance on complying with the accountability principle, information on when and how to perform Data Protection Impact Assessments and practical instructions how to implement the required contractual agreements within businesses and in relation with third parties (hosting of data bases, outsourcing of IT and cloud contracts) will be explained in detail during the course. Finally, several security issues including the new data breach notification requirements will be dealt with.

The course will allow the participants to be closely involved and interact with experts in the field of privacy and data protection. The course will enable the participants to independently supervise, advice and manage issues on a wide range of privacy and data protection related issues. Based on practical examples the participants will obtain a comprehensive overview and insight into the core doctrines and notions of data protection and privacy rules and security requirements, and acquire knowledge on their implementation in day-to-day practice.

Dates

Winter 2018, 4 Fridays

  • March 9, 2018
  • March 16, 2018
  • March 23, 2018
  • April 6, 2018

Welcome at 09.00, course starts at 09:30, course ends at 16:45.

Target Audience

Lawyers, counsellors, compliance officers within the public and private sector and sworn computer experts who would like to be trained in privacy and data protection law aspects.

Training Credits Dutch Order of Lawyers (Nederlandse Orde van Advocaten)

Lawyers can qualify for training credits by participating in this course. Please tick the box of Nova Points in the registration form, so we can provide you with the necessary documents in order to obtain these credits.

Program Privacy Course Winter 2018 (9:30 - 16:45)

Day 1; March 9, 2018
09:00-09:30 Open doors / Coffee & Tea
09:30-11:00 Morning session / Lecturer: Eleni Kosta
Topics: Introduction to privacy & data protection / The European privacy and data protection legal framework / Key definitions in the GDPR: personal data; processing, controller, processor, etc. / Main substantive processing principles and requirements
11:00-11:15 Coffee Break
11.15-12.45 Morning session (cont.) / Lecturer: Eleni Kosta
12:45-13:30 Lunch Break
13:30-15:15 Afternoon session / Lecturer: Eleni Kosta
Topics: Information requirements / Conditions for consent / Consent of children / Right to erasure/objection / Right to be forgotten / Data portability
15:15-15:30 Coffee Break
15:30-16:45 Afternoon session / Lecturer: Eleni Kosta
Topics: When to appoint a Data Protection Officer and what are his/her tasks? / In depth analysis of the role of supervisory authorities / When are the supervisory authorities competent to investigate and enforce?
Day 2; March 16, 2018
09:00-09:30 Open doors / Coffee & Tea
09:30-11:00 Morning session / Lecturer: Lokke Moerel
Topics: Material and territorial scope of application of the GDPR /How will the new One-Stop-Shop jurisdiction principles work in practice? / Requirements for transferring personal data to third parties in countries that do not provide for adequate data protection level / The implications of the decision of the Court of Justice of the European Union in the Schrems case on the various data transfer instruments / Privacy Shield: requirements and how they compare to the other data transfer instruments such as Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCR) / How to implement SCCs in practice? / What are BCR and how to apply these?
11:00-11:15 Coffee Break
11.15-12.45 Morning session (cont.) / Lecturer: Lokke Moerel
Topics: Case study: how to comply with the data transfer requirements in a cloud contract? Practical tips and tricks.
12:45-13:30 Lunch Break
13:30-15:15 Afternoon session / Lecturer: Peter van Schelven
Topics: Introduction to various types of agreements (hosting of databases, outsourcing of IT, cloud computing, telecom). / Which regulations are mandatory and which are advisable? / How to contract with regard to the possible liabilities?
15:15-15:30 Coffee Break
15:30-16:45 Afternoon session / Lecturer: Peter van Schelven
Topics: Case study: how to draw up an agreement (participants will get extensive opportunities to develop the necessary legal provisions of a processing agreement, under the supervision of Peter van Schelven).
Day 3; March 23, 2018
09:00-09:30 Open doors / Coffee & Tea
09:30-11:00 Morning session / Lecturer: Alja Poler-De Zwart
Topics: Commercial use of personal data I / E-mailing and other electronic marketing
11:00-11:15 Coffee Break
11.15-12.45 Morning session (cont.) / Lecturer: Alja Poler-De Zwart
Topics: The ePrivacy Directive/draft Regulation and cookies
12:45-13:30 Lunch Break
13:30-15:15 Afternoon session / Lecturer: Lokke Moerel
Topics: Commercial use of personal data II / Profiling and behavioural advertising / Setting up internal procedures (incl. applying mitigating measures)
15:15-15:30 Coffee Break
15:30-16:45 Afternoon session / Lecturer: Lokke Moerel
Topics: Case study: practical guidelines how to perform business analytics
Day 4; April 6, 2018
09:00-09:30 Open doors / Coffee & Tea
09:30-11:00 Morning session / Lecturer: Mark Wijnhoven
Topics: High Risk processing operations / Data security: importance of technical controls / Organizational controls and incident response / Personal data breach notification / Case study: Help a data security breach!
11:00-11:15 Coffee Break
11.15-12.45 Morning session (cont.) / Lecturer: Mark Wijnhoven
Topics: Data Protection Impact Assessments: from idea to implementation / Case study: execution of (D)PIA
12:45-13:30 Lunch Break
13:30-15:15 Afternoon session / Lecturer: Lokke Moerel
Topics: Impact of the Regulation on online business models / How to comply with the Regulation and not loose trust of your online users/customers? Ethical considerations / Practical tips how to get buy-in from your business for privacy compliance
15:15-15:30 Coffee Break
15:30-16:45 Afternoon session / Lecturer: Lokke Moerel
Topics: implementation of telematics in a company fleetlosing

Language

  • English

Lecturers

The lecturers of this course are specialists in the relevant areas.

Lecturers are:

  • Prof. dr. Lokke Moerel  (Tilburg University/Morrison Foerster)
  • Prof. dr. Eleni Kosta (Tilburg University)
  • Peter van Schelven LL.M. (former Head Legal Affairs Nederland ICT/Legal counsel Peter – Wet & Recht)
  • Mr. Alja Poler-de Zwart (Morrison Foerster)
  • Mark Wijnhoven, LL.M., CIPP/E, CIPT (Philips)

    Learning Goals

    Gain relevant knowledge and expertise on European as well as national law & regulations (including the upcoming General Data Protection Regulation, national and European case law) regarding privacy, data protection and data security & data breach issues. Upon successful completion of this course, the participants will have the knowledge and experience to deal with privacy and data protection challenges, they will understand how the relevant laws and regulations can be applied and implemented, and they will be able to relate to the dilemmas that arise when the regulatory framework is applied in a business and organizational context.

    Teaching method

    Lectures on data protection legislation and teaching by means of case study situations will allow you to gain insights in both theory and its application

    Literature

    The documentation will be sent to you prior to the course

    Costs

    •   € 2.750

    Sign up

    • You can sign up for the Winter Edition by filling out this form.

    General Terms & Conditions

    Enrollment

    Enrollment in this course can only be done electronically. Please enroll via the form on the website. Upon receipt of the form you will receive a digital confirmation of your enrollment. Your participation is valid after admittance and payment of the registration fee.

    Registration fee

    Payment of the registration fee needs to be done within 14 days after receipt of invoice. The fee is exempt from VAT. 

    Changes

    In case of unforeseen circumstances or developments the organization reserves the right to amend the course details. If applicable, you will be notified as soon as possible.

    Rescheduling / Compensating for missed course modules

    It is impossible to attend a missed course module at a later date.

    It is possible to have someone else attend a course module in your stead.

    Cancellation

    Cancellation by a student has to be done in writing. When you are unable to attend, restitution of the registration fee is possible, provided that you send a written cancellation within 4 weeks prior to the first lecture day. The organization reserves the right to cancel the course in case of a limited number of enrollments.

    Evaluation

    After every lecture day an evaluation form will be handed out to the students. In order to further develop the Post Academic-courses of Tilburg Law School, it is very important to learn about the experiences of the students.

    Handling Complaints

    Complaints can be reported in writing to the organization. The complaint should be clearly described. Handling of the complaint does not affect the payment obligation. If the complaint is stated as valid by the organization, the student will receive a reduction of the fee.

    Certificate and Maintaining Professional Competence of the Dutch Order of Lawyers (Nederlandse Orde van Advocaten, NOvA)

    Students will receive a certificate at the end of the course. This course meets the criteria as defined by the NOvA, for providers of courses to lawyers in the context of the policy of maintaining professional competence. You are responsible for applying the relevant credit points yourself.

    Location

    Tilburg University, Faculty Club, Warandelaan 3, 5037 AB Tilburg

    Questions

    Questions?

    Please contact Mrs. Femke Abousalama at f.abousalama@tilburguniversity.edu for any questions.

    More information

    Download this PDF