Duration
1 year
Training structure
Faculty of Law and Political Science
Presentation
Since May 25, 2018, the General Regulation for the Protection of Personal Data (RGPD) has been in force. Consequence: companies and administrations that use personal data must use the services of a data protection officer (DPO).
A real issue within companies and public entities, the protection and management of personal data is a booming professional sector. Since the European Data Protection Regulation (RGPD) came into force in May 2018, many organizations have been obliged to appoint a DPO (Délégué à la protection des données - Data Protection Officer), the natural successor to the correspondant informatique et libertés. To date, there are few long training courses to become a DPO, a new profession much sought after by recruiters and public and private companies wishing to comply with the RGPD and have a DPO in their workforce.
A key player in RGPD compliance, the DPO must have specific knowledge of the law and skills in data protection and security management. A real conductor, he or she has a mission to inform, advise and implement security and protection strategies for the company's sensitive data (such as personal data). The DPO is also responsible for monitoring legal and regulatory aspects of digital data security. The DPO is also responsible for cooperating with the CNIL (French Data Protection Authority) and acting as its point of contact.
This course offers a multi-disciplinary approach with a legal, managerial, economic and technical dimension.
The course lasts 7 months (from January to July), with an average of 2.5 days per month.
Training benefits
Diploma website (application and information): https: //du-dpo.edu.umontpellier.fr/
Diploma secretariat - E-mail (du-dpo @ umontpellier.fr)
Objectives
The "Délégué à la protection des données : droit & management de la sécurité des données" university diploma (DU) is a multi-disciplinary training program with a legal, managerial, economic and technical dimension.
It enables professionals to acquire the skills needed to manage data security in general, and to perform the role of DPO in particular.
The training program aims to train professionals capable of developing and managing a strategy for securing sensitive corporate data, with greater consideration given to data protection right from the design stage (privacy by design and privacy by default).
Know-how and skills
People who have taken this training course will know how to implement and manage their company's compliance with the RGPD. They will master national and European data protection regulations, the technical and organizational aspects of data security, and the principles and challenges of the data economy. These future DPOs will have the keys to finding an effective position within their organization and promoting a culture of data protection and security.
Program
EU 1. Discover the challenges and issues of digital transformation (cloud computing, big data, artificial intelligence, connected objects, etc.) and the technical, economic and legal challenges of cybersecurity: what threats, what solutions and what procedures for anticipating and managing data breaches?
UE 2. Understanding and mastering the challenges of data protection: national and European regulations; rights of individuals and the challenges of securing personal data; fundamental principles and scope of application of the RGPD; organization, missions and competences of supervisory authorities, etc.
EU 3: Acquire methods and procedures relating to the role of DPO (roles, missions and responsibilities) and master the governance tools required for the DPO function.
EU 4. Acquire skills in managing the security of sensitive data and data processing (strategies and methods for ensuring the technical, organizational and legal security of personal data processing).
UE 5. Master the methods and practices involved in bringing organizations into compliance (RGPD and security): practical cases of auditing and compliance with RGPD (work situations in the sectors of local authorities, healthcare establishments, banking, insurance, retail; in HR departments, marketing, etc.).
EU 6: Conducting a successful PIA (privacy impact assessment)
Admission
Access conditions
A taste for new technologies. Basic knowledge of computers and the Internet is desirable. A technical refresher program for lawyers is planned, as is a legal refresher program for non-lawyer professionals and students.
Target audience
Forinitial training: Students who have completed a Licence 3 (or equivalent).
Continuing education: For continuing education students: bac + 3; or bac + 2 with one year's professional experience.
Examples of professionals concerned by this university diploma :
- Individuals seeking expertise in RGPD and the protection of sensitive data.
- People working in the public sector and local authorities wishing to take on the role of DPO within their institution.
- DPOs working for a public or private organization wishing to enhance their skills
- Former Data Protection Officers (CIL)
- Legal professionals (jurists, lawyers, etc.)
- People in charge of information systems security, IT specialists, cybersecurity engineers, etc.
- Compliance and risk management professionals
- Human resources specialists
Level of study required for these continuing education students: validated Bachelor's degree 3 (or equivalent); or at least Bac + 2 with at least two years' professional experience.
Tuition fees
Recommended prerequisites
This training course does not require any special skills in law or new technologies. An interest in data protection issues (legal, economic, technical) in general, and personal data protection in particular, is required.