Goals

The objective of the course is to examine the legal rules that govern the security of networks and information systems. In this context, the course focuses on three bodies of rules : GDPR, NIS Directive and Cybersecurity Act.

Table of contents

GENERAL INTRODUCTION

PART 1. PRIVACY & DATA PROTECTION LAW

SUB PART I. GENERAL PRINCIPLES

1. Legal Basis of Privacy

2. Legal Basis of Data Protection Law

3. Introduction to the GDPR: scope and definitions

SUB PART II. DATA PROTECTION LAW (GDPR)

1. Data Protection Principles

2. Duties of the Data Controller and of the Data Processor

3. Duty of security of personal data

PART 2. CYBERSECURITY LAW

1. NIS Directive

2. Cybersecurity Act




 

Teaching methods

- Slides projected during the course.

- Additional resources published on the course's WebCampus page

Assessment method

The evaluation consists of two parts:

 

1) Concrete practical case (20 % of the final grade)

Various practical cases are exposed during the last lesson. Each student must resolve one case by group of 3-4 students.

For each case, there are 5 subquestions.

 

2) Oral exam of 20 minutes (80 % of the final grade)
 
The oral evaluation will last 20 minutes. There is no preparation’s time. But the student can take the time necessary to answer. Moreover, the student can consult the relevant legislation during the evaluation.

The oral evaluation consists of two parts :

  I. Discussion about the case resolved before in group

  II. Two questions :

  • 1 question ‘True/False' identical or similar to those on WebCampus)
  • 1 question ‘Open question’ (identical or similar to the open questions asked during the course)

 

Language of instruction

Français