Postgraduate Course in Data Protection and Information Security
Postgraduate Course in Data Protection and Information Security
The Postgraduate Course in Data Protection and Information Security provides students with both legal and technical tools, and skills to develop with full transparency the functions inherent to the role of Data Protection Officer (DPO) and the management of personal data in companies and law firms inside and outside of Spain.
The Postgraduate Course in Data Protection and Information Security provides you with both education and the tools and legal skills necessary to develop with total transparency the functions corresponding to the data protection officer of a company or organization, both public and private in companies inside and outside Spain.
As a result of the entry into force of the General Data Protection Regulations (GDPR), on May 25, 2018, which reinforces privacy and provides for a legal regime for the protection of uniform personal data in the European Union, a proactive responsibility model for professional practice has been imposed which means that those responsible for data processing must apply the technical and organizational measures necessary to ensure compliance with the regulations, and also demonstrate a commitment to the protection of the personal data of interested parties.
The course on Data Protection complies with the duration requirement for hours foreseen in the certification scheme (Section 6.3) approved by the Spanish Data Protection Agency on June 13, 2018 and as such has been recognized by ISMS Forum and Bureau Veritas.
Once the course has finished, the students will be able to take the exam to obtain certification as a DPO in any of the authorized certifying entities.
Why choose this program
Gain access to training endorsed by the Spanish Data Protection Agency
The contents of the program comply with the legal requirement of duration in hours that the students must pass provided for in the Certification Scheme (Section 6.3) approved by the Spanish data protection regulations and as such has been recognized by Bureau Veritas and by ISMS Forum.
Get applied knowledge
This postgraduate prepares you to transparently identify if a certain legal activity, which involves personal data, complies with the GDPR and other applicable regulations, providing the technical and organizational knowledge to be able to comply with the provisions of the GDPR and other regulations applicable for lawyers and other professionals in the sector.
Learn from a multidisciplinary teaching team
A multidisciplinary team of teachers provides students with the legal knowledge necessary to train both in the field of law and in information and communication technologies.
Functions in great demand
The program prepares you at a professional level to develop the role of Data Protection Officer (DPO) in a company, one of the essential functions in any public or private organization.
Who is it for?
The Postgraduate Course in Data Protection and Information Security is aimed at those professionals (jurists, lawyers, engineers, and graduates in related disciplines) who already exercise or want to exercise the function of Data Protection Officer in companies within and outside of Spain, who want to specialize in the management of personal data, and/or want to be certified as a Data Protection Officer.
This course meets the maximum duration requirement in hours that the student must take (180h) provided for in the Certification Scheme (section 6.3) approved by the Spanish data protection regulations and as such has been recognized by ISMS Forum and Bureau Veritas .
The UPF Barcelona School of Management complies with the Responsible Declaration and the Code of Ethics required by the Spanish Agency for Data Protection
6The course at our university meets the maximum duration requirement in hours that the student must take (180h) provided for in the Certification Scheme (Section 6.3) approved by the Spanish data protection regulations and as such has been recognized by the ISMS Forum and Bureau Veritas.
It is structured through 3 large modules or domains oriented to the professional practice of lawyers and other related professions: General Data Protection Regulations (5 ECTS credits), Active Responsibility (3 ECTS credits) and Techniques for Information Security (2 ECTS credits).
Upon completion of the course, students will be able to sit the exam to become certified as an expert DPO in any of the accredited collaborating entities.
General Data Protection Regulations
- Privacy and data protection on the international scene.
- Data protection in Europe.
- Data protection in Spain.
- Standards and good practices.
- Scope of application.
- Obliged parties.
- The right/duty pairing in data protection.
- Legality of processing.
- Loyalty and transparency.
- Limitation of the purpose.
- Data minimization.
- Consent: granting and revocation.
- Informed consent: purpose, transparency, preservation, information, and duty of communication to the interested party.
- Children's consent.
- Special categories of data.
- Data related to criminal offences and convictions.
- Processing that does not require identification.
- Legal bases other than consent.
- Transparency and legal information.
- Access, rectification, deletion (right to be forgotten).
- Automated individual decisions.
- Limitation of processing.
- Exceptions to rights.
- Data protection policies and their transparency.
- Legal position of the parties. Responsibility, co-responsibility, managers, sub-manager of the processing and their representatives. Relations between them and formalization.
- The registration of processing activities: identification and classification of data processing.
- Privacy by design and by default. Fundamental principles.
- Impact assessment related to data protection and prior consultation. High-risk processing.
- Security of personal data. Technical and organizational security.
- Security violations. Notification of security breaches.
- The Data Protection Officer (DPO). Regulatory framework.
- Codes of conduct and certifications.
- Designation. Decision-making process. Formalities in the appointment, renewal, and dismissal. Analysis of conflicts of interest.
- Obligations and responsibilities. Independence. Identification and reporting to management.
- Procedures. Collaboration, prior authorizations, relationship with interested parties and claims management.
- Communication with the data protection authority.
- Professional competence. Negotiation. Communication. Budgets.
- Personal skills, teamwork, leadership, team management.
- The adequacy decision system.
- Transfers through adequate guarantees.
- Binding Corporate Rules.
- Authorization of the control authority.
- Temporary suspension.
- Contractual clauses.
- Control Authorities.
- Sanctions regime.
- European Committee for Data Protection.
- Procedures followed by the AEPD.
- Jurisdictional protection.
- The right to compensation.
- Guides to GT Article 29.
- Opinions of the European Data Protection Committee.
- Criteria of jurisdictional bodies.
- Sanitary, Pharmaceutical, and Research Company.
- Protection of minors.
- Equity Solvency.
- Video surveillance.
- Advertising, etc.
- LSSI, Law 34/2002, of 11 July, on services for the information society and electronic commerce in Spain
- LGT, Law 9/2014, of 9 May, General Telecommunications
- E-signature Law, Law 59/2003, of 19 December, on electronic signatures
- e-Privacy Directive: Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002, on the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) or e-Privacy Regulation when approved.
- Directive 2009/136/EC of the European Parliament and of the Council, of 25 November 2009, which modifies Directive 2002/22/EC on universal service and the rights of users in relation to networks and electronic communications services, Directive 2002/58/EC on the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No. 2006/2004 on cooperation in the field of consumer protection.
- Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by the competent authorities for the purposes of prevention, investigation, detection, or prosecution of criminal offences or the execution of criminal sanctions, and the free circulation of said data and by which the Framework Decision 2008/977/JHA of the Council is repealed.
- Introduction. General framework for risk assessment and management. General concepts.
- Risk evaluation. Inventory and valuation of assets. Inventory and assessment of threats. Existing safeguards and assessment of their protection. Resulting risk.
- Risk management. Concepts. Implementation. Selection and assignment of safeguards to threats. Protection assessment. Residual risk, acceptable risk, and unacceptable risk.
- The design and implementation of the data protection program in the context of the organization.
- Objectives of the compliance program.
- Accountability: the traceability of the compliance model.
- Regulatory framework. National Security Scheme and NIS directive: Directive (EU) 2016/1148 relating to measures aimed at guaranteeing a high common level of security for information networks in the Union. Scope of application, objectives, main elements, basic principles, and minimum requirements.
- Cybersecurity and governance of personal data. Generalities, Mission, effective governance of Information Security (IS). Concepts of IS. Scope. IS government metrics. State of IS. IS strategy.
- Implementation of data protection. Security by design and by default. The life cycle of Information Systems. Integration of security and privacy in the life cycle. Quality control of IS.
- Introduction and fundamentals of DPIA: origin, concept and characteristics of DPIA. Scope and need. Standards.
- Carrying out an impact assessment. Preparatory and organizational aspects, analysis of the need to carry out the evaluation, and prior consultations.
Techniques for Information Security
- The audit process. General questions and approximation. Basic characteristics.
- Preparation of the audit report. Basic aspects and importance of the data protection officer report.
- Execution and monitoring of corrective actions.
- The Audit Function in Information Networks. Basic concepts. IS D25 Standards and Guidelines in a professional environment.
- Internal control and continuous improvement. Good practices. Integration of data protection in the IS audit.
- Planning, execution, and monitoring.
- National Security Scheme, ISO/IEC 27001:2013 (UNE ISO/IEC 27001:2014: Requirements of Information Security Management Systems, ISMS).
- Asset Security Management. Logical and procedural security. Security applied to IT and documentation.
- Disaster Recovery and Business Continuity. Protection of technical and documentary assets. Planning and Management of Disaster Recovery.
- Cloud computing.
- Internet of things (IoT).
- Big data and profiling.
- Social media.
- User tracking technologies.
- Blockchain and latest technologies.
Once you have passed the program, you will be awarded the degree of Curso de Postgrado en Protección de Datos y Seguridad de la Información, issued by Pompeu Fabra University.
Associate Professor UPF-BSM
Postdoctoral Contract UPF-BSM
Associate Professor UPF-BSM
- Esther Farnós
Professor of civil law at UPF.
- Daniel Caccamo
Attorney. Legal advice on innovation and privacy at CaixaBank. Specialist in personal data protection.
- Carles San José
Head of inspection of the Catalan Data Protection Agency (ACPD). (TBC)
- Jorge Monclús
Senior partner attorney of the of Intellectual Property and Information Technology department at Cuatrecasas.
- Genís Margarit
Technological security auditor and cybersecurity consultant. Telecommunications Engineer and Electronic Systems Engineer.
Completely face-to-face mode of education. It includes theoretical and practical training by teachers using the discussion of simulated cases and the active participation of the student.
The program of our university offers the student a theoretical basis on the role of the data protection officer through the modules or domains that make up its study plan, necessary for the optimal acquisition of knowledge and skills by the student who wishes to gain access to an expert position.
Together with the theoretical base taught by the teachers, the learning about data protection is strongly based on the resolution of problems by the student, through the discussion of hypothetical cases and the decisions of courts and data protection agencies.
Active student participation
The educational methodology of the program implies an active participation by the student in an expert educational environment made up of criminal law professionals and information technology professionals.
Adheres to the certification scheme
Both the content of data protection and its structure adhere to the Certification Scheme proposed by the AEPD, so that at the end of the postgraduate course, the participant does not have any difficulty in passing the certification exam as a DPO and accessing professions such as that of lawyer.
The evaluation of the different modules or domains that make up the postgraduate education program follows the guidelines set out by the AEPD Certification Scheme so that the course meets the requirements, and the students can take the certification exam and undertake professional practice as lawyers.
The three domains will be evaluated separately. Consequently, each student will have a separate grade for each of them. The value of each of the evaluations on the course is the following: Domain 1 (50%); Domain 2 (34%); and Domain 3 (16%).
The evaluation of the different Domains will consist of the following:
- General legal regulations on data protection: carrying out a multi-answer test of between 30 and 40 questions, on the different aspects discussed in the classes.
- Proactive responsibility: group realization of a practical case and presentation of its defence.
- Techniques for data protection: carrying out a multi-answer test of between 20 and 25 questions, on the different aspects discussed in the classes.
Any student who fails one of the domains will be able to carry out a recovery activity. Exceptionally, in the case of having obtained a grade higher than 4 and lower than 5 in one of the domains, the student may compensate the grade with the grades obtained in the other domains. It is necessary to obtain, at least, a 5 as a global postgraduate mark to pass it. Likewise, it is necessary to have attended 80% of the sessions.
The On-Campus&Live methodology allows you to follow the program in person and also remotely.
In this modality, two stable subgroups are opened that will coexist throughout the course: one face-to-face and the other with 100% remote students. The remote students (a maximum of 15 places per course) will follow the program in a synchronous way with the face-to-face students. That is, they will share the same school calendar and schedule as the face-to-face students.
Project-oriented learning and the combination of lectures and active methodologies such as case studies, flipped learning, solving real problems, and professional simulations allow the student to connect theory and practice, acquire advanced skills, and achieve learning which is transferable to the job. The face-to-face modality is enriched with elements of online programs (virtual learning environment, multimedia resources, among others) so that the learning experience of the two subgroups is equally satisfactory.
You will have:
- Master's or postgraduate work to learn by doing
- A personal mentor to monitor your Master's Final Project (TFM) or Postgraduate Final Project (TFP)
- Digital resources to achieve transversal skills
- Interdisciplinary activities and workshops
- Digital resources and audiovisual blocks for online learning
- Active methodologies for transferable learning
The credits of the degree prepare you following the AEPD certification scheme and, with the help of the teachers, they provide you with the tools and legal and technical skills to develop the functions inherent to the role of Data Protection Officer (DPO).
Students who register are mainly senior, with several years of professional experience in law firms and in positions related to the data protection officer and of local origin. Students come mainly from the area of Law, although there are also profiles from other areas such as Economics, Business Administration and Management, Political Science, and Public Administration, as well as technology and communications. Students usually have some experience and knowledge as a DPO.
Previous training in Law
Due to the number of credits of the university program on Data Protection, there is not an option to undertake extracurricular internships. The Postgraduate course complies with the duration requirement for hours foreseen in the certification scheme (Section 6.3) approved by the Spanish Data Protection Agency of 13 June 2018 and as such has been recognized by ISMS Forum and Bureau Veritas.
Once the course is completed, the students may take the examination to obtain legal certification as a DPO.
- Data Protection Officer in any organization or company of a public or private nature, inside or outside of Spain.
Admission and enrolment
Our admission process consists of a rigorous evaluation of each application to preserve the quality of the group as well as the training, experience, and work capacity of all students.
Who can apply?
You must be a university graduate or a higher graduate.
Other students without the required university degree may take part in the selection process for the data protection course by virtue of their academic or professional merits and the place of work they occupy
Those students who do not have Spanish as one of their mother tongues or who did not have it as a teaching language in their training studies, must prove during the enrolment period that they have at least a B2 level of Spanish (Common European Framework of Reference), as well as fluently take part in a personal interview with the academic director, if necessary.
How to apply?
To apply for admission to this program, students must read and accept the Terms and Conditions of Contract once they start the application for admission through the following form.
Application for admission
Complete your application within the next admission rounds:
|Round||Application deadline||Admission resolution|
Applications for admission will be evaluated when you complete the following steps:
- Complete the online admission form.
- Pay the €120 admission fee. This amount will be returned if you are not admitted.
- Send the following documents through the online platform e-registrar:
- Presentation letter or video
- Scanned copy of university degree (if you are in the last year of your degree, you can provide your academic records)
- Scanned copy of Transcript of Records. Make sure that it includes your GPA (Grade Point Average)
- Scanned copy of ID Card or Passport
- Passport-size photo (jpg format)
Additional documents may be requested in certain cases.
Application rounds are subject to the number of places available on the program.
- The Admissions Committee will select the candidates on the basis of a personal or CV-based interview.
- You will be notified of the admission decision in writing.
- Registration must be paid within a 15 days after the admission.
- Once the letter of acceptance to the program has been received, you will need to submit the following original documents before the course begins:
- Stamped and/or authenticated photocopy of your university degree.
- If you have a foreign degree you may need to submit additional documents.
- Paying the reservation fee (25% of the program's tuition fees) is essential in order to reserve your place
- If you pay the tuition fees by bank transfer you will be required to introduce the program code. The program code for this course is 3329.
- The remaining tuition fees must be paid 2 weeks before the start of the course.
Grants, scholarships and financing
The UPF Barcelona School of Management offers you different means of financing so that you can take any of our programs without worry. We offer you the opportunity to finance part of your program, either by rewarding your talent through scholarships, through grants from entities dedicated to promoting education or through collaboration agreements with financial entities.
Apply for one of our UPF-BSM Scholarships, awarded specifically to Pompeu Fabra University students with a good academic record.
If you are studying your last undergraduate course (4th year) at UPF or at a UPF Group centre and you have a good record, you can apply for a UPF-BSM scholarship. Remember that you must be a graduate and be in possession of your degree (or failing that, the certificate of receipt) when you start the program in which you have enrolled.
- Be in the last undergraduate year at UPF.
- Have a good academic record.
- Have been admitted or are in the process of admission to a Master or Postgraduate course for which you are applying for this Scholarship.
- Apply for the Scholarship at the time of application for admission.
- Submit a motivation letter with the reasons why you have opted for the Scholarship and a list of verifiable merits.
- Upload the required documentation through the eRegistrar platform
- The dates of awarding or denying of the Scholarship will be published on the website.
- The scholarship candidate will personally receive a communication with the procedures to follow in order to formalize it.
- The Scholarship Committee assesses academic talent (average grade of the report) and personal talent (the motivation of the candidate and their merits).
- The UPF-BSM Scholarships are not compatible with specific aid for the programs, scholarships granted by the Ministry of Education, Culture and Sports, and other UPF-BSM scholarships.
- They are compatible with other scholarships from organizations outside the UPF-BSM and with discounts for large families.
They are applied for and granted in accordance with the dates stipulated below:
Academic year programs 2020–21 and 2021–22
- Scholarship application deadline: 03/12/2020, Awarding of the scholarship: week of 14/12/2020
- Scholarship application deadline: 12/01/2021, Awarding of the scholarship: week of 25/01/2021
- Scholarship application deadline: 23/02/2021, Awarding of the scholarship: week of 08/03/2021
- Scholarship application deadline: 08/04/2021, Awarding of the scholarship: week of 19/04/2021
- Scholarship application deadline: 13/05/2021, Awarding of the scholarship: week of 24/05/2021
- Scholarship application deadline: 08/06/2021, Awarding of the scholarship: week of 21/06/2021
- Scholarship application deadline: 06/07/2021, Awarding of the scholarship: week of 27/07/2021
- Scholarship application deadline: 20/07/2021, Awarding of the scholarship: week of 27/07/2021
- Scholarship application deadline: 02/09/2021, Awarding of the scholarship: week of 13/09/2021
- Scholarship application deadline: 05/10/2021, Awarding of the scholarship: week of 18/10/2021
- Scholarship application deadline: 21/10/2021, Awarding of the scholarship: week of 01/11/2021
Remember that you must apply for the scholarship when you complete the application for admission to the program that interests you and always before classes start. The Scholarship cannot be processed for a program that is already being studied.
If you have any questions about how to apply for the UPF-BSM Scholarships, you can contact our scholarship secretariat via email.
Social Value Scholarships
UPF Barcelona School of Management, for this next academic year, and aiming at the commitment for social welfare, offers the Social Value Scholarships with the objective of supporting and favoring the groups that the School considers a priority. Enter and consult the details.
These scholarships are intended to favor specific groups, to help them in their professional and personal development or people who are in a situation of economic difficulty.
The Social Value Scholarship program covers from 25% to 70% of the total tuition fee for the master's degree and from 25% to 50% of the total tuition fee for the diploma or postgraduate course for all the programs offered by the Institute of Continuing Education Foundation.
The University Master's Degree in Law and any other master’s degree carried out in conjunction with an institution outside the UPF-BSM are excluded. Also excluded are programs for which the interested party wishes to carry out any recognition. Repeating students will also not be eligible for the scholarship.
- "Impulsa MUJER" (“Promote Woman”)
Aimed at all professional women, from any environment, who wish to study a management program in any area of the company, to occupy leadership positions or to lead a professional project.
Sporty woman: Specifically addressed at professional sportswomen interested in studying the master’s degree in Sports Management in any of its modalities.
- "Post COVID boost"
Aimed at people over 40 who are unemployed or in ERTE. ERTE is a term used in Spain to refer to the suspension for a specific time of the labor contract of part or all the workers of a company due to force majeure. This temporary suspension of the contract has been applied in Spain during the COVID-19 pandemic and remains in effect until the Government and the Employer decide.
- "Entrepreneur Scholarship for local economy"
Aimed at entrepreneurs and small businesses with a direct impact on the local economy and regions that need specific training to boost business.
- You must have applied for admission into one of the master's offered by the UPF Barcelona School of Management (except the Official Master's Program in Advocacy or those master's) and have been admitted to the program for which the grant is being requested.
- Present a letter of motivation with the reasons why you are applying for the scholarship with a list of merits or outstanding aspects that can be contrasted.
Consult the specific criteria for each of the modalities in the rules.
Submit your application for the Social Value Scholarship via the "Application form" of the program that you are interested in.
Submit the documentation via the "Scholarships and Funding" section of the eRegistar platform, to which you will be given access when applying
Please note that your application must meet all the requirements for both documentation and deadlines. Otherwise, it cannot be evaluated.
All documents except for the academic transcript must be in either Catalan, Spanish or English. The academic transcript can be presented in Catalan, Spanish, English, French, Italian or Portuguese. If it is another language it must be accompanied by a sworn official translation into Catalan or Spanish.
Social Value Scholarship applications have to be made at the same time as completing your application for the program and always before classes begin. Social Value Scholarships cannot be processed for a master's program that has already begun.
Equally, applications presented after the deadlines of the established rounds will not be accepted, even if classes have not yet begun.
Social Value Scholarship are applied for and awarded according to the dates outlined below.:
Programmes for the academic year 2021-2022
- Scholarship application deadline: 12/01/2021, Awarding of the scholarship: during the week of 25/01/2021
- Scholarship application deadline: 23/02/2021, Awarding of the scholarship: during the week of 08/03/2021
- Scholarship application deadline: 08/04/2021, Awarding of the scholarship: during the week of 19/04/2021
- Scholarship application deadline: 13/05/2021, Awarding of the scholarship: during the week of 24/05/2021
- Scholarship application deadline: 08/06/2021, Awarding of the scholarship: during the week of 21/06/2021
- Scholarship application deadline: 20/07/2021, Awarding of the scholarship: during the week of 27/07/2021
- Scholarship application deadline: 02/09/2021, Awarding of the scholarship: during the week of 13/09/2021
- Scholarship application deadline: 05/10/2021, Awarding of the scholarship: during the week of 18/10/2021
- Scholarship application deadline: 21/10/2021, Awarding of the scholarship: during the week of 01/11/2021
The Scholarship Committee will only award Social Value Scholarships to those applicants who, having completed the corresponding documentation and been finally admitted to the program for which they are applying, have passed the various tests that may be requested and meet the criteria established in each established typology in which they wish to enter.
The Scholarship Committee will inform each applicant of the decision individually by e-mail, following the dates published on the website.
Grants and discounts
If you are a member of our alumni associations or of one of our partner universities, we offer you a series of applicable discounts on the amount of tuition for your program.
- UPF Barcelona School of Management or UPF-IDEC Alumni: If you have previously studied at UPF Barcelona School of Management or UPF-IDEC a 15 credits (or more) program and you decide to take on a new program with us, you are entitled to a discount of 20% on your program tuition fees. It is required to be registered in the Alumni network of the UPF Barcelona School of Management upon your application. This discount is not applicable to short courses and postgraduate courses which are part of the same itinerary.
- UPF Alumni: If you have previously studied a degree, a master program or a doctoral program at Pompeu Fabra University, you are entitled to a discount of 15% on the UPF Barcelona School of Management Masters and postgraduated program tuition fees (those programs with more than 15 credits) beginning on or after 01/01/2019.
- ESCI-UPF and Tecnocampus Alumni: If you have previously studied a degree or a master at ESCI-UPF or Tecnocampus, you are entitled to a discount of 15% on the UPF Barcelona School of Management Masters and postgraduated program tuition fees (those programs with more than 15 credits).
UPF Employee Discounts
If you are a member or family member of an employee of the UPF group or belonged to the collaborating institutions of the UPF Barcelona School of Management, you can enjoy a series of applicable discounts on the tuition fees for your program.
- Administrative and Service Staff (PAS) of Pompeu Fabra University. You are entitled to a 35% discount on tuition fees for open programs subject to prior communication from the rector's office and/or the UPF general manager's office.
- Administrative and Service Staff (PAS) and Teaching and Research Staff (PDI) of the UPF Group. Discount of 20% on tuition fees for open programs.
- Relatives (up to second degree) of UPF and the UPF's Institute of Continuing Education's Foundation teaching and research staff (PAS and PDI, in Spanish). Discount of 20% on tuition fees for open programs.
- If you work at a company member of the Institute of Continuing Education Foundation's Board of Trustees or at any of our councils' companies. Discount of 20% on the tuition fees of our master's and postgraduate courses.
UPF Partner Latinoamerican Universities Discount
If you are alumni of one of our Partner Universities, you are entitled to a discount of 10% on the UPF Barcelona School of Management Masters and postgraduate program tuition fees (those programs with more than 15 credits).
Postgraduate Course in Data Protection and Information Security