Tilburg Law School

Tilburg Law School offers highly-ranked national and international education and research in law and public administration.

Post Executive Specialization course on Privacy and Data Protection Legislation (in English with a focus on international practice)

In Winter 2019, the 14th edition of the successful course on privacy and data protection legislation will take place. During 5 days (all Fridays), the participants will gain a foundational understanding of the relevant legislation and case law, as well as practical experience in handing data protection issues via case studies. As the previous Data Protection Directive has been replaced in May 2018 by the new General Data Protection Regulation (GDPR), the course will prepare the participants in view of the new challenges and obligations that are in place now that the GDPR has become applicable. Special attention will be given to issues prominent in an international setting of data use, including on the scope of application of the Regulation and compliance with the EU data transfer rules (including the implications of the recently adopted Privacy Shield on data transfers between the EU and the US).  Both the new rules as well as their organizational embedding, including guidance on complying with the accountability principle, information on when and how to perform Data Protection Impact Assessments and practical instructions how to implement the required contractual agreements within businesses and in relation with third parties (hosting of data bases, outsourcing of IT and cloud contracts) will be explained in detail during the course. Finally, several security issues including the new data breach notification requirements will be dealt with. 

The course will allow the participants to be closely involved and interact with experts in the field of privacy and data protection. The course will enable the participants to independently supervise, advice and manage issues on a wide range of privacy and data protection related issues. Based on practical examples the participants will obtain a comprehensive overview and insight into the core doctrines and notions of data protection and privacy rules and security requirements, and acquire knowledge on their implementation in day-to-day practice.

The lecturers of this course are specialists in the relevant areas:

Lecturers

Prof. dr. Lokke Moerel (Tilburg University/Morrison Foerster), Prof. dr. Eleni Kosta (Tilburg University), Peter van Schelven, LL.M. (former Head Legal Affairs Nederland ICT/ Legal counsel Peter – Wet & Recht), Mr. Alja Poler – de Zwart (Morrison Foerster) , Alex van der Wolk, LL.M. (Partner Data Privacy Morrison Foerster)  and Mark Wijnhoven, LL.M., CIPP/E, CIPT (Philips)

Target Audience

Lawyers, counsellors, compliance officers within the public and private sector and sworn computer experts who would like to be trained in privacy and data protection law aspects. 

Dates

Winter 2019, 5 Fridays (dates: 15/02, 22/02, 15/03, 22/03, 29/03)

Welcome at 09.00, course starts at 09:30, course ends at 16:45.

Location

Tilburg University, Faculty Club, Warandelaan 3, 5037 AB Tilburg

Language

English

Learning goals

gain relevant knowledge and expertise on European as well as national law & regulations (including the upcoming General Data Protection Regulation, national and European case law) regarding privacy, data protection, data security and data breach issues. Upon successful completion of this course, the participants will have the knowledge and experience to deal with privacy and data protection challenges, they will understand how the relevant laws and regulations can be applied and implemented, and they will be able to relate to the dilemmas that arise when the regulatory framework is applied in a business and organizational context.

Teaching method

lectures on data protection legislation and teaching by means of case study situations will allow the participants to gain insights in both theory and its application.

Literature

the documentation will be send to you prior to the course

Fee

3.250 euro

Registration

Fill out this form

Training credits Dutch Order of Lawyers (Nederlandse Orde van Advocaten): lawyers can qualify for training credits by participating in this course. Please tick the box of Nova Points in the registration form, so we can provide you with the necessary documents in order to obtain these credits.

Program

Program Winter Post Executive Specialization course on Privacy and Personal Data

Program Privacy and Data Protection Legislation – Winter 2019 (9:30 – 16:45)

Day 1; February 15, 2019

09:00-09:30 Welcome Coffee & Tea

09:30-11:00 Morning session

Lecturer: Eleni Kosta

Topics:

  • Introduction to privacy & data protection
  • The European privacy and data protection legal framework
  • Key definitions in the GDPR: personal data; processing, controller, processor, etc.
  • Main substantive processing principles and requirements
  • Conditions for consent
  • Consent of children

11:00-11:15 Coffee Break

11.15-12.45 Morning session (cont.)

Lecturer: Eleni Kosta

12:45-13:30

LUNCH BREAK

13:30-15:15

Afternoon session

Lecturer: Eleni Kosta

Topics:

  • Information requirements
  • Right to erasure/objection
  • Right to be forgotten
  • Data portability

15:15-15:30 Coffee Break

15:30-16:45 Afternoon session

Lecturer: Eleni Kosta

Topics:

  • When to appoint a Data Protection Officer and what are his/her tasks?
  • In depth analysis of the role of supervisory authorities
  • When are the supervisory authorities competent to investigate and enforce?
  • Fines and penalties

Day 2; 22 February, 2019

09:00-09:30 Welcome Coffee & Tea

09:30-11:00 Morning session

Lecturer: Peter van Schelven

Topics:

  • Introduction to various types of agreements (hosting of databases, outsourcing of IT, cloud computing, telecom).
  • Which provisions are mandatory and which are advisable?
  • How to contract with regard to the possible liabilities?

11:00-11:15 Coffee Break

11.15-12.45 Morning session (cont.)

Lecturer: Peter van Schelven

Topics:

  • Case study: how to draw up an agreement (participants will get extensive opportunities to develop the necessary legal provisions of a processing agreement, under the supervision of Peter van Schelven).

12:45-13:30 LUNCH BREAK

13:30-15:15 Afternoon session

Lecturer : Peter van Schelven

Topics:

  • Personal data breach notification
  • Liabilities & Insurance

15:15-15:30 Coffee Break

15:30-16:45 Afternoon session

Lecturer: Peter van Schelven

Topics:

  • Case study: Help a data security breach!

Day 3; 15 March, 2019

09:00-09:30 Welcome Coffee & Tea

09:30-11:00 Morning session

Lecturer: Alex van der Wolk

Topics:

  • Commercial use of personal data I
  • E-mailing and other electronic marketing
  • The ePrivacy Directive and cookies

11:00-11:15 Coffee Break

11.15-12.45 Morning session (cont.)

Lecturer: Alex van der Wolk

12:45-13:30

LUNCH BREAK

13:30-15:15

Afternoon session

Lecturer: Alex van der Wolk

Topics:

  • Commercial use of personal data II
  • Profiling and behavioural advertising
  • Setting up internal procedures (incl. applying mitigating measures)

15:15-15:30 Coffee Break

15:30-16:45 Afternoon session

Lecturer: Alex van der Wolk

Topics:

  • Case study:  practical guidelines how to perform business analytics

Day 4; 22 March, 2019

09:00-09:30 Welcome Coffee & Tea

09:30-11:00 Morning session

Lecturer: Lokke Moerel

Topics:

  • Material and territorial scope of application of the GDPR
  • How will the new One-Stop-Shop jurisdiction principles work in practice?
  • Requirements for transferring personal data to third parties in countries that do not provide for adequate data protection level
  • The implications of the decision of the Court of Justice of the European Union in the Schrems case on the various data transfer instruments
  • Privacy Shield: requirements and how they compare to the other data transfer instruments such as Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCR)
  • How to implement SCCs in practice?
  • What are BCR and how to apply these?

11:00-11:15 Coffee Break

11.15-12.45 Morning session (cont.)

Lecturer: Lokke Moerel

Topics:

  • Case study: how to comply with the data transfer requirements in a cloud contract? Practical tips and tricks.

12:45-13:30 LUNCH BREAK

13:30-15:15 Afternoon session

Lecturer: Alja Poler – de Zwart

Topics:

  • Employee privacy
    • Legal bases for processing employees’ personal data
    • How to handle personnel files
    • Recruitment process & background checks/screening
    • Drugs & alcohol testing
    • Monitoring employees ICT usage
    • Using video/camera monitoring systems & recording telephone calls
    • Monitoring employees on social media
    • Monitoring company vehicles used by employees
    • Internal investigations and whistleblowing hotlines
    • Disclosing employee data to third parties
    • Use of personal devices for work purposes
    • Employees on sick leave
    • Work Councils – need to consult or ask for approval

15:15-15:30 Coffee Break

15:30-16:45 Afternoon session

Lecturer: Alja Poler – de Zwart

Topics:

  • Case study: Cross-border internal investigation based on whistleblowing report.

Day 5; November 23, 2018


09:00-09:30 Welcome Coffee & Tea

09:30-11:00 Morning session

Lecturer: Mark Wijnhoven

Topics:

  • Data Protection Impact Assessments: from idea to implementation
  • Case study: execution of (D)PIA
  • High Risk processing operations
  • Data security: importance of technical controls
  • Organizational controls

11:00-11:15 Coffee Break

11.15-12.45 Morning session (cont.)

Lecturer: Mark Wijnhoven

12:45-13:30 LUNCH BREAK

13:30-15:15Afternoon session

Lecturer: Lokke Moerel

Topics:

  • Impact of the Regulation on online business models
  • How to comply with the Regulation and not loose trust of your online users/customers? Ethical considerations.
  • Practical tips how to get buy-in from your business for privacy compliance

15:15-15:30 Coffee Break

15:30-16:45 Afternoon session

Lecturer: Lokke Moerel

Topics:

  • Case study:  ING – lessons learned

Lecturers Winter Post Executive Specialization course on Privacy and Personal Data

Prof. dr. Lokke Moerel  - Tilburg University / Morrison Foerster

Prof. dr. Lokke Moerel - Tilburg University / Morrison Foerster

Prof. dr. Eleni Kosta – Tilburg University

Prof. dr. Eleni Kosta – Tilburg University

Peter van Schelven LL.M. – Former Head Legal Affairs Nederland ICT / Legal counsel Peter – Wet & Recht

Peter van Schelven LL.M. – Former Head Legal Affairs Nederland ICT / Legal counsel Peter – Wet & Recht

Alex van der Wolk LL.M. – Partner Data Privacy Morrison Foerster

Alex van der Wolk LL.M. – Partner Data Privacy Morrison Foerster

Mr. Alja Poler – de Zwart – Morrison Foerster

Mr. Alja Poler – de Zwart – Morrison Foerster

Mark Wijnhoven LL.M., CIPP/E, CIPT Philips

Mark Wijnhoven LL.M., CIPP/E, CIPT Philips

General terms and conditions

Enrollment

Enrollment in this course can only be done electronically. Please enroll via the form on the website. Upon receipt of the form you will receive a digital confirmation of your enrollment. Your participation is valid after admittance and payment of the registration fee.

Registration fee

Payment of the registration fee needs to be done within 14 days after receipt of invoice. The fee is exempt from VAT. 

Changes

In case of unforeseen circumstances or developments the organization reserves the right to amend the course details. If applicable, you will be notified as soon as possible.

Rescheduling / Compensating for missed course modules

It is impossible to attend a missed course module at a later date.

It is possible to have someone else attend a course module in your stead.

Cancellation

Cancellation by a student has to be done in writing. When you are unable to attend, restitution of the registration fee is possible, provided that you send a written cancellation within 4 weeks prior to the first lecture day. The organization reserves the right to cancel the course in case of a limited number of enrollments.

Evaluation

After every lecture day an evaluation form will be handed out to the students. In order to further develop the Post Academic-courses of Tilburg Law School, it is very important to learn about the experiences of the students.

Handling Complaints

Complaints can be reported in writing to the organization. The complaint should be clearly described. Handling of the complaint does not affect the payment obligation. If the complaint is stated as valid by the organization, the student will receive a reduction of the fee.

Certificate and Maintaining Professional Competence of the Dutch Order of Lawyers (Nederlandse Orde van Advocaten, NOvA)

Students will receive a certificate at the end of the course. This course meets the criteria as defined by the NOvA, for providers of courses to lawyers in the context of the policy of maintaining professional competence. You are responsible for applying the relevant credit points yourself.