BIK 3130 Digital Compliance
The aim of this course is to give the participants in the public and private sector a set of tools to navigate the complex legal landscape which governs digitalization projects and use of digital goods and services.
Organizations of all sizes need a foundational understanding of privacy, security and procurement rules – in order to ensure compliance with the law and to safeguard their reputation. In addition, when implementing organizational changes and relying on third-party services, cross-functional cooperation in the organization is of key value. Therefore, this course aims to provide the experts in one of the named areas with a deeper understanding of the interaction between these fields.
Privacy and data protection rules will be explored from multiple standpoints. While the main focus will be on the GDPR, the course will also explore how privacy can be integrated into services and products – and which reputational risks and benefits it presents.
Security remains one of the most discussed things in the digital world, and the course aims to provide a foundational understanding of the legal and operational framework surrounding it. This will entail an in-depth overview of mandatory legal sources to follow, as well as industry standards and contractual practices. On the operational side, the focus shall be placed on risk assessments and the implementation of practical technological and organizational measures for risk mitigation.
Lastly, the course will provide an overview of the legal framework relevant for procurement and use of third-party services. Standardized IT supply contracts will be explored in-depth, alongside the foundational rules on intellectual property rights. This will allow the participants to understand their rights and obligations when offering or using third-party goods and services.
- Has a good understanding of the importance of privacy and data protection law
- Understands the material and geographical scope of GDPR application
- Understands foundational GDPR rules on data protection principles and lawfulness of processing
- Understands the role of a data protection officer and processes around evaluation privacy risks
- Has good knowledge of the mandatory rules on data security
- Understands the industry standards and common contractual practices pertaining to cybersecurity
- Has a knowledge of common practices and frameworks for identifying security risk and implementing mitigating measures
- Understands foundational rules of intellectual property law, as well as rules on licensing of intellectual property assets
- Understands the rules pertaining to protection of databases and computer programs
- Has knowledge of the standardized contractual practices in the IT sector.
- Can identify cross-functional communication challenges pertaining to privacy, security and procurement of digital services in own organization
- Can identify the value proposal of good privacy, security and procurement procedures for own organization
- Is able to understand when GDPR applies and is aware of compliance with the foundational rules, as well as the ways of structuring internal compliance
- Can identify the framework governing security questions in own organization and understand the requirements it imposes
- Can reflect upon procurement of digital goods and services and identify gaps and opportunities in own practice
- Can communicate on internal cross-functional cooperation issues in the realm of digital compliance
- Can propose new ways of integrating privacy and security into the core services provided by the organization
- Can act upon identifying compliance problems with the most foundational GDPR rules
- Can help give data protection officer the resources and support they need
- Can prevent breaches of the core obligatory norms relating to data security
- Can propose best standardized security practices to own organization, and help support the CISO role in own organization
- Can prevent breaches of core intellectual property law principles in own organization
- Can contribute to the negotiation of the central standardized IT contracts, and apply foundational knowledge of the rights and obligations under such contracts
- Introduction to data protection and privacy
- GDPR. Scope of application. Personal data, anonymization.
- GDPR. Legal principles. Lawfulness of processing.
- GDPR. Data protection officer. Internal compliance routines.
- Introduction to security.
- Security. Obligatory laws and bylaws in Norway.
- Security. Common industry standards to follow.
- Security. Identifying the risks and implementing mitigations.
- Introduction to intellectual property law and IT contracts.
- Intellectual property. Use of copyrighted materials. Licensing of assets.
- Intellectual property. Trademarks and marketing.
- IT contracts. Standardized agreements in Norway.
- IT contracts. Negotiations and third-party due diligence.
- Internal implementation measures. Internal communication. Operationalization.
Standardized lectures delivered online. Podcasts and pre-recorded videos. Workshops and guest lectures. Non-obligatory physical gathering.
The course ends with the submission of a project assignment that counts for 100% of the grade. The task can be solved individually or in groups of up to three (3) people. The project assignment is handed out at the start of the semester. The opportunity is given to be resolved in close proximity to one's own work situation.
In all BI Executive courses and programs, there is a mutual requirement for the student and the course responsible regarding the involvement of the student's experience in the planning and implementation of courses, modules and programmes. This means that the student has the right and duty to get involved with their own knowledge and practice relevance, through the active sharing of their relevant experience and knowledge. (Mandatory text at the end of this paragraph)
Avvik i undervisnings- og eksamensformer kan forekomme dersom eksterne rammebetingelser eller uforutsette hendelser tilsier dette.
Deviations in teaching and exams may occur if external conditions or unforeseen events call for this.
Eksamen ved neste kursgjennomføring
|100||Nei||1 Semester||Gruppe/Individuell (1 - 3)||Term paper|
|Gruppering (størrelse):||Gruppe/Individuell (1-3)|
|Kontinuasjon:||Eksamen ved neste kursgjennomføring|
Forberedelse til undervisning
Studentenes eget arbeid med læringsressurser
Et kurs med 1 studiepoeng tilsvarer en arbeidsmengde på 26-30 timer. Et kurs på 15 studiepoeng tilsvarer derfor en arbeidsmengde på minimum 400 timer.