BIK 3130 Digital Compliance

BIK 3130 Digital Compliance

Course code: 
BIK 3130
Department: 
Law and Governance
Credits: 
15
Course coordinator: 
Milos Novovic
Course name in Norwegian: 
Digital Compliance
Product category: 
Executive
Portfolio: 
Executive - Special Course
Semester: 
2023 Autumn
Active status: 
Active
Level of study: 
Bachelor
Teaching language: 
Norwegian
Course type: 
One semester
Introduction

The aim of this course is to give the participants in the public and private sector a set of tools to navigate the complex legal landscape which governs digitalization projects and use of digital goods and services.

Organizations of all sizes need a foundational understanding of privacy, security and procurement rules – in order to ensure compliance with the law and to safeguard their reputation. In addition, when implementing organizational changes and relying on third-party services, cross-functional cooperation in the organization is of key value. Therefore, this course aims to provide the experts in one of the named areas with a deeper understanding of the interaction between these fields.

Privacy and data protection rules will be explored from multiple standpoints. While the main focus will be on the GDPR, the course will also explore how privacy can be integrated into services and products – and which reputational risks and benefits it presents.

Security remains one of the most discussed things in the digital world, and the course aims to provide a foundational understanding of the legal and operational framework surrounding it. This will entail an in-depth overview of mandatory legal sources to follow, as well as industry standards and contractual practices. On the operational side, the focus shall be placed on risk assessments and the implementation of practical technological and organizational measures for risk mitigation.

Lastly, the course will provide an overview of the legal framework relevant for procurement and use of third-party services. Standardized IT supply contracts will be explored in-depth, alongside the foundational rules on intellectual property rights. This will allow the participants to understand their rights and obligations when offering or using third-party goods and services.

Learning outcomes - Knowledge
  • Has a good understanding of the importance of privacy and data protection law
  • Understands the material and geographical scope of GDPR application
  • Understands foundational GDPR rules on data protection principles and lawfulness of processing
  • Understands the role of a data protection officer and processes around evaluation privacy risks
  • Has good knowledge of the mandatory rules on data security
  • Understands the industry standards and common contractual practices pertaining to cybersecurity
  • Has a knowledge of common practices and frameworks for identifying security risk and implementing mitigating measures
  • Understands foundational rules of intellectual property law, as well as rules on licensing of intellectual property assets
  • Understands the rules pertaining to protection of databases and computer programs
  • Has knowledge of the standardized contractual practices in the IT sector.
Learning outcomes - Skills
  • Can identify cross-functional communication challenges pertaining to privacy, security and procurement of digital services in own organization
  • Can identify the value proposal of good privacy, security and procurement procedures for own organization
  • Is able to understand when GDPR applies and is aware of compliance with the foundational rules, as well as the ways of structuring internal compliance
  • Can identify the framework governing security questions in own organization and understand the requirements it imposes
  • Can reflect upon procurement of digital goods and services and identify gaps and opportunities in own practice
General Competence
  • Can communicate on internal cross-functional cooperation issues in the realm of digital compliance
  • Can propose new ways of integrating privacy and security into the core services provided by the organization
  • Can act upon identifying compliance problems with the most foundational GDPR rules
  • Can help give data protection officer the resources and support they need
  • Can prevent breaches of the core obligatory norms relating to data security
  • Can propose best standardized security practices to own organization, and help support the CISO role in own organization
  • Can prevent breaches of core intellectual property law principles in own organization
  • Can contribute to the negotiation of the central standardized IT contracts, and apply foundational knowledge of the rights and obligations under such contracts
Course content
  • Introduction to data protection and privacy
  • GDPR. Scope of application. Personal data, anonymization.
  • GDPR. Legal principles. Lawfulness of processing.
  • GDPR. Data protection officer. Internal compliance routines.
  • Introduction to security.
  • Security. Obligatory laws and bylaws in Norway.
  • Security. Common industry standards to follow.
  • Security. Identifying the risks and implementing mitigations.
  • Introduction to intellectual property law and IT contracts.
  • Intellectual property. Use of copyrighted materials. Licensing of assets.
  • Intellectual property. Trademarks and marketing.
  • IT contracts. Standardized agreements in Norway.
  • IT contracts. Negotiations and third-party due diligence.
  • Internal implementation measures. Internal communication. Operationalization.
     
Teaching and learning activities

Standardized lectures delivered online. Podcasts and pre-recorded videos. Workshops and guest lectures. Non-obligatory physical gathering.

The course ends with the submission of a project assignment that counts for 100% of the grade. The task can be solved individually or in groups of up to three (3) people. The project assignment is handed out at the start of the semester. The opportunity is given to be resolved in close proximity to one's own work situation.

In all BI Executive courses and programs, there is a mutual requirement  for the student and the course responsible regarding the involvement of the student's experience in the planning and implementation of courses, modules and programmes. This means that the student has the right and duty to get involved with their own knowledge and practice relevance, through the active sharing of their relevant experience and knowledge. (Mandatory text at the end of this paragraph)

Software tools
No specified computer-based tools are required.
Qualifications

Higher Education Entrance Qualification

Disclaimer
Deviations in teaching and exams may occur if external conditions or unforeseen events call for this.

Required prerequisite knowledge

Higher Education Entrance Qualification

Disclaimer
Deviations in teaching and exams may occur if external conditions or unforeseen events call for this.

Exam categoryWeightInvigilationDurationGroupingComment exam
Exam category:
Submission
Form of assessment:
Written submission
Exam code:
BIK 31301
Grading scale:
ECTS
Grading rules:
Internal examiner
Resit:
Examination when next scheduled course
100No1 Semester(s)Group/Individual (1 - 3)Term paper
Exams:
Exam category:Submission
Form of assessment:Written submission
Weight:100
Invigilation:No
Grouping (size):Group/Individual (1-3)
Duration:1 Semester(s)
Comment:Term paper
Exam code:BIK 31301
Grading scale:ECTS
Resit:Examination when next scheduled course
Type of Assessment: 
Ordinary examination
Total weight: 
100
Student workload
ActivityDurationComment
Teaching
90 Hour(s)
Examination
75 Hour(s)
Work with the term paper.
Prepare for teaching
75 Hour(s)
Student's own work with learning resources
160 Hour(s)
Sum workload: 
400

A course of 1 ECTS credit corresponds to a workload of 26-30 hours. Therefore a course of 15 ECTS credit corresponds to a workload of at least 400 hours.