Cloud Computing Law: Data Protection and Cybersecurity
Vast amounts of personal information are processed in the cloud. But who is legally responsible for such ‘personal data’ in cloud environments? What duties do cloud providers like Amazon, Microsoft, and Google have? And what rights can you, as an individual, exercise under data protection law? If you’d like to find out, then this course is for you! First, we’ll look at how the European Union’s ‘General Data Protection Regulation’ (‘GDPR’) regulates the processing of personal data in cloud services.
Monthly Subscription Starting at AED 99 + VAT
- Level Foundation
- Duration 17 hours
- Course by Queen Mary University of London
-
Offered by
About
Vast amounts of personal information are processed in the cloud. But who is legally responsible for such ‘personal data’ in cloud environments? What duties do cloud providers like Amazon, Microsoft, and Google have? And what rights can you, as an individual, exercise under data protection law? If you’d like to find out, then this course is for you! First, we’ll look at how the European Union’s ‘General Data Protection Regulation’ (‘GDPR’) regulates the processing of personal data in cloud services. You’ll learn to identify controllers and processors, describe their roles and responsibilities, and understand how cloud customers and providers can comply in practice. Second, we’ll look at international transfers of personal data. We’ll explain how the GDPR can apply to cloud providers and their customers anywhere in the world, as well as how restrictions on international transfers apply to cloud services. Third, we’ll look at how the Network and Information Security (‘NIS’) Directive regulates the cybersecurity of critical infrastructure. You’ll learn to identify cloud providers’ duties to notify security breaches and to keep their services secure, and how to apply those duties to concrete case studies. In short, this course covers how the GDPR and NIS Directive apply to cloud services and what cloud providers and their customers should do to comply.Modules
Lesson One: What is data protection law?
-
3
Videos
-
4
Readings
-
1
Discussion
1
Discussions
- Discussing the GDPR main actors
3
Videos
- Introduction to data protection and cybersecurity
- What is personal data?
- Who are the main GDPR actors?
4
Readings
- Introducing Christopher and Dimitra
- Glossary of Key Terms
- The definition of personal data
- The main actors under the GDPR
Lesson Two: Data protection principles and lawful processing
-
2
Videos
-
2
Readings
-
1
Discussion
-
1
Assignment
1
Assignment
- Controllers, processors, and lawful grounds for processing
1
Discussions
- Discussing data protection principles
2
Videos
- What are the data protection principles?
- What is lawful processing?
2
Readings
- Data Protection Principles
- Lawful processing
Lesson Three: Joint controllers and the controller-processor relationship
-
2
Videos
-
2
Readings
2
Videos
- What do we mean by 'joint' controllers?
- What is the relationship between controllers and processors?
2
Readings
- Joint controllers
- Relationship between controllers and processors
Lesson Four: Data security and individual rights
-
2
Videos
-
2
Readings
-
1
Discussion
-
1
Assignment
1
Assignment
- Controller-processor relationship and individual rights
1
Discussions
- Discussing individual rights
2
Videos
- What are the security obligations?
- What are individual rights?
2
Readings
- Security and personal data breach
- Individual rights
Lesson Five: Fines and Compensation
-
1
Videos
-
1
Readings
1
Videos
- What are the GDPR provisions on fines and compensation?
1
Readings
- Fines and compensation
Lesson Six: Graded Quiz
-
1
Readings
-
1
Assignment
1
Assignment
- Case Studies
1
Readings
- A message from your instructors
Lesson One: Introduction
-
1
Videos
-
1
Readings
1
Videos
- Introduction to International Data Transfers
1
Readings
- Glossary of key terms
Lesson Two: Territorial scope of the GDPR
-
2
Videos
-
2
Readings
-
2
Assignment
2
Assignment
- Establishment in the EU
- Targeting and monitoring the behaviour of EU data subjects
2
Videos
- The Establishment Test
- Targeting and Monitoring
2
Readings
- Duty to appoint a representative
- Other consequences of applying the GDPR
Lesson Three: Third country transfers of personal data
-
2
Videos
-
1
Discussion
-
1
Assignment
1
Assignment
- Third country transfer restriction
1
Discussions
- Views on GDPR's third country transfer restriction
2
Videos
- Third country transfer restriction
- What is a transfer?
Lesson Four: Transfer instruments and derogations from the transfer restriction
-
4
Videos
-
4
Readings
-
1
Assignment
1
Assignment
- Third country data transfer instruments
4
Videos
- Transfer options
- Adequacy decisions
- Appropriate Safeguards
- Derogations
4
Readings
- Lawful basis for the transfer of personal data
- The EU-US Data Privacy Framework
- Binding Corporate Rules
- Derogations from the third country data transfer restriction
Lesson Five: Conclusions & Graded Quiz
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Case Studies
1
Videos
- Data Transfers Conclusion
1
Readings
- Data Location Services
Lesson One: Introduction to the NIS Directive
-
2
Videos
-
3
Readings
2
Videos
- Introduction to the regulation of critical infrastructure
- What is critical infrastructure?
3
Readings
- Introducing: Ian and Dave
- Regulating Digital Service Providers
- The NIS2 Directive (Update, April 2023)
Lesson Two: Cloud Services and the NIS Directive
-
1
Videos
-
1
Readings
-
1
Discussion
1
Discussions
- Is all cloud critical?
1
Videos
- How does the NIS Directive define 'cloud'?
1
Readings
- Regulating 'cloud' services
Lesson Three: Incident notification
-
1
Videos
-
1
Readings
-
1
Discussion
-
1
Assignment
1
Assignment
- Scope and Incident Notification
1
Discussions
- Should all security incidents be notified?
1
Videos
- Must cloud providers notify security incidents?
1
Readings
- Incident notification under the NIS Directive
Lesson Four: Safeguarding obligations
-
1
Videos
-
1
Readings
1
Videos
- Must cloud providers secure their service?
1
Readings
- Regulating risk management
Lesson Five: Enforcement and penalties
-
2
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Jurisdiction, oversight, and enforcement
2
Videos
- How is the NIS Directive enforced?
- Who enforces the NIS Directive?
1
Readings
- Jurisdiction and enforcement
Lesson Six: Graded Quiz
-
2
Readings
-
1
Assignment
1
Assignment
- Case Studies
2
Readings
- NIS2 Directive in Substance (Update, April 2023)
- Congratulations from your instructors
Auto Summary
Unlock the intricacies of data protection and cybersecurity in cloud computing with our engaging course, "Cloud Computing Law: Data Protection and Cybersecurity." This foundational course is perfect for anyone looking to understand the legal responsibilities surrounding personal data processed in cloud environments. Dive into the heart of the European Union's General Data Protection Regulation (GDPR) and learn how it governs personal data within cloud services. You'll gain insights into the roles of controllers and processors, their responsibilities, and practical compliance strategies for both cloud customers and providers. Expand your knowledge on the international stage by exploring how the GDPR impacts cloud providers and customers globally, including the restrictions on international data transfers. Furthermore, the course delves into the Network and Information Security (NIS) Directive, focusing on the cybersecurity requirements for critical infrastructure. You will learn about the duties of cloud providers to maintain security and report breaches, applying these principles to real-world scenarios. Offered by Coursera and tailored for beginners, this 1020-minute course is available through various subscription plans, including Starter and Professional. Ideal for individuals keen on mastering the legal aspects of cloud computing, this course promises a comprehensive and practical learning experience.
Christopher Millard
Ian Walden
Dimitra Kamarinou
Johan David Michels