Syllabus

Module 1 " Origin and development of data protection legislation. Basic concepts and principles of personal data protection in the legislation of EU Member States and third countries".

Тopic № 1: Origin and historical development of data protection legislation.

3 h.

Тopic № 2: Challenges and major trends in personal data protection in the context of constantly evolving information and communication technologies and artificial intelligence.

3 h.

Тopic № 3: Data protection in the EU. Basic concepts of data protection. Overview of EU and third country legislation.

3 h.

Тopic № 4: Application of the General Data Protection Regulation (GDPR)- material scope, exceptions to the material scope of the GDPR.

2 h..

Тopic № 5: Personal data – definition, basic concepts and categories of personal data according to the EU legislation. Overview of the different scopes of personal data under the ECHR and the EU Charter of Fundamental Rights.

2 h.

Module 2 "Personal data protection legislation in the EU and Bulgaria"

Тopic № 6: Subject of personal data. Legal framework and mechanisms for their protection.

1 h.

Тopic № 7: Personal data processing activities. Register of processing activities. Administrator and processor. Third-party/recipient.

1 h.

Тopic № 8: Principles for processing personal data in accordance with the General Data Protection Regulation.

1 h.

Тopic № 9: Lawfulness of processing of personal data. Conditions for processing personal data and data subject consent.

2 h.

Тopic № 10: Conditions for the processing of data subject information in pre-contractual relationships. For the performance of a contract to which the data subject is a party or for the purposes of a pre-contractual relationship between the administrator and the data subject initiated by the data subject.

1 h.

Тopic №11: The data controller’s legal obligation as a lawful condition for processing personal data. Vital interests of the data subject or of another natural person.

1 h.

Тopic № 12: The performance of a task of public interest or the performance of official powers of the administrator. The legitimate interest of the adminitrator or of a third party.

1 h.

Тopic № 13:  Conditions for processing special categories of personal data.

2 h.

Тopic № 14: Legal framework for exceptions to the rules on processing special categories of personal data.

1 h.

Тopic №15:    Overview of national rules and the activities of the Data Protection Commission and the European Supervisory Authority for the processing of genetic, biometric or health data. Specific cases of processing of personal data.

2 h.

Тopic №16: Types of data subject rights. Specific features.

1 h.

Тopic № 17: Main obligations of administrators and handlers. Administrative responsibility for the failure to comply with their obligations.  Sanctions for failure to fulfill obligations.

2 h.

Тopic № 18:  The legal framework of the data protection officer. Requirements for the data protection officer.

1 h.

Тopic № 19: Risk management and assessment in the protection and processing of personal data.

1 h.

Тopic № 20: Implement appropriate technical and organizational measures to protect personal data. Approved codes of conduct.

1 h.

Тopic № 21: Nature, concept and requirements for the legal figure of joint administrators.

1 h.

Module 3 "Data Protection and Third Countries. Transfer of data to third countries. Adequacy levels for the protection of personal data in third countries. Administrative and organisational measures to protect personal data. Information technology aspects of personal data protection. ''

Тopic № 22: Personal data protection authorities under the EU and Republic of  Bulgaria.

1 h.

Тopic № 23: The European Commission’s competence to protect personal data in relation to their transfer between the EU and third countries. European Data Protection Supervisor.

1 h.

Тopic № 24: Protection of personal data when processed by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties in the EU and Bulgaria.

1 h.

Тopic № 25: Current issues in the area of personal data protection legislation in the EU and Bulgaria.

1 h.

Тopic № 26: Review of the practice of the Court of Justice of the European Union (CJEU) in the area of personal data protection and judicial practice in the Republic of Bulgaria.

2 h.

Тopic № 27: Analysis of legal instruments for personal data protection in third countries. Extraterritoriality of the GDPR.

2 h.

Тopic № 28: Conditions and requirements for the transfer of personal data to third countries or international organisations.

1 h.

Тopic № 29: Special rules for transfers by public authorities. Transfers of personal data based on an international agreement. Designation of a representative in the European Union.

1 h.

Тopic № 30: Administrative and organizational measures to protect personal data by maintaining a Privacy Information Management System (PIMS).

1 h.

Тopic № 31: Information technology aspects of personal data protection. Privacy management- security management activities and results.

1 h.

Total:

45 h.