Duration
1 year
Training structure
Faculty of Law and Political Science
Presentation
Since May 25, 2018, the General Data Protection Regulation (GDPR) has been in force. As a result, companies and government agencies that use personal data must employ the services of a data protection officer (DPO).
A real challenge for companies and public entities, the protection and management of personal data is a rapidly growing professional sector. Since the European General Data Protection Regulation (GDPR) came into force in May 2018, many organizations have been required to appoint a DPO (Data Protection Officer), the natural successor to the data protection officer. To date, there are few long-term training programs to become a DPO, a new profession that is highly sought after by recruiters and public and private companies that wish to comply with the GDPR and have a DPO on their staff.
A key player in GDPR compliance, the DPO must have specific knowledge of the law and skills in data protection and security management. Acting as a true conductor, they are responsible for providing information and advice and implementing strategies for the security and protection of sensitive company data (such as personal data). The DPO monitors legal and regulatory developments relating to digital data security. The DPO is also responsible for cooperating with the CNIL (French Data Protection Authority) and acting as its point of contact.
This training program offers a multidisciplinary approach with legal, managerial, economic, and technical dimensions.
The program runs for seven months (from January to July), at a rate of 2.5 days per month (on average).
The advantages of the training program
Degree program website (application and information): https://du-dpo.edu.umontpellier.fr/
Diploma Secretariat - Email
Objectives
The university diploma (DU) Data Protection Officer: Law & Data Security Management is a multidisciplinary, profession-oriented program with legal, managerial, economic, and technical components.
It enables professionals to acquire the skills necessary for data security management in general and for performing the role of DPO in particular.
The program aims to train professionals to develop and implement a strategy for securing sensitive company data, with greater consideration given to data protection from the design stage onwards (privacy by design and privacy by default).
Know-how and skills
Those who have completed this training will know how to implement and manage their company's compliance with the GDPR. They will have a thorough understanding of national and European data protection regulations, the technical and organizational aspects of data security, and the principles and challenges of the data economy. These future DPOs will have the keys to finding an effective position within their organization and promoting a culture of data protection and security.
Program
EU 1. Discover the challenges and issues of digital transformation (cloud computing, big data, artificial intelligence, connected objects, etc.) and the technical, economic, and legal challenges of cybersecurity: what threats, what solutions, and what procedures to anticipate and manage data breaches.
EU 2. Understanding and mastering data protection issues: national and European regulations; individual rights and issues relating to the security of personal data; fundamental principles and scope of application of the GDPR; organization, missions, and powers of supervisory authorities, etc.
EU 3. Learn the methods and procedures related to the role of DPO (roles, duties, and responsibilities) and master the governance tools necessary for the DPO function.
EU 4. Acquire skills in managing the security of sensitive data and processing (strategies, technical, organizational, and legal methods for securing the processing of personal data).
EU 5. Mastering methods and practices relating to organizational compliance (GDPR and security): practical cases of auditing and compliance with the GDPR (professional scenarios in the sectors of local authorities, healthcare institutions, banks, insurance companies, businesses; in HR, marketing, and other departments).
EU 6. Conducting and successfully completing a PIA (privacy impact assessment)
Admission
Admission requirements
An interest in new technologies. Basic knowledge (office automation) of computers and the Internet is desirable. A technical refresher program is planned for lawyers, as well as a legal refresher program for non-lawyer professionals and students.
Target audience
For initial training: Students who have completed a Bachelor's degree (or equivalent).
For continuing education: For continuing education students: bachelor's degree or two years of higher education plus one year of professional experience.
Examples of professionals concerned by this university degree:
- Individuals seeking expertise in GDPR and sensitive data protection
- Individuals working in government and local authorities who wish to hold a DPO position within their institution
- DPOs working in a public or private organization who wish to strengthen their skills
- Former data protection officers (DPOs)
- Legal professionals (lawyers, attorneys, etc.)
- Information system security officers, IT specialists, cybersecurity engineers
- Compliance and risk management professionals
- Human resources specialists
Required level of educationfor these continuing education students: Bachelor's degree (or equivalent); or at least two years of higher education with at least two years of professional experience.
Tuition fees
Recommended prerequisites
No specific legal or IT skills are required to take this course. However, participants should have an interest in legal, economic, and technical issues relating to data protection in general and personal data protection in particular.