To learn about the rights of data subjects under the GDPR, to understand the obligations that the GDPR imposes on data controllers and processors, to learn how the GDPR handles data breaches and vendor management, and to understand how data can be transferred across borders.
Length: Approximately 1 hour
Written by: Professors Daniel J. Solove and Paul M. Schwartz
Instructor: Professor Daniel J. Solove
Preview this Course
This course provides an overview of the GDPR’s data protection responsibilities, rights of data subjects, and data transfer requirements and methods. It discusses data subject rights including transparency, access, rectification, erasure, restriction of processing, data portability, and automated decision-making, among others. The course then covers the obligations of data controllers and processors, such as having a Data Protection Officer (DPO), data protection by design and default, records of data processing activities, and data protection impact assessments (DPIA). Additionally, the course covers the GDPR’s rules for data breach notification and vendor management. The course also covers the GDPR’s approach to international data transfer as well as the various mechanisms for such transfer, such as the model contractual clauses, BCRs, and Privacy Shield.
Although this course can stand alone, it is recommended that this course be taken along with its companion course: GDPR and European Privacy Law Part I: The European System and the Structure of GDPR.
To obtain a broad overview of privacy law, to understand the key issues involved, to learn how privacy law works, and to understand the differences and similarities between various privacy laws. Please note that certificates for the GDPR courses will only be provided for people who successfully complete both Parts I and II.
About this Course
GDPR: Rights of Data Subjects
Right of Access
Right to Rectification
Right to Erasure
Right to Restriction of Processing
Right to Data Portability
Right to Object
GDPR: Obligations of Data Controllers and Processors
Data Protection Officer
Data Protection by Design and Default
Records of Data Processing Activities
Data Protection Impact Assessments
When Is a DPIA Required?
What Must a DPIA Contain?
How Should a DPIA Be Conducted?
GDPR: Data Breach Notification
GDPR: Vendor Management
International Data Transfer
Adequate Level of Protection
Model Contractual Clauses
Binding Corporate Rules (BCRs)
Handout: TeachPrivacy, GDPR Whiteboard
Handout: Rights of Data Subjects Under the GDPR
Handout: Obligations of Data Controllers and Processors Under the GDPR
Handout: EU-US Privacy Shield Principles
Article: Paul Schwartz & Karl Nicholaus Peifer, Transatlantic Data Privacy, 106 Geo. L. J. 115 (2017)
Handout: TeachPrivacy, GDPR Training Guide