LLM in Transnational and European Commercial Law, Banking Law, Arbitration/Mediation > Data Protection Law: General Data Protection Regulation

Data Protection Law: General Data Protection Regulation

Teaching hours and credit allocation: 16 hours, 3 credits

Course assessment: exams

Data protection standards are becoming increasingly high, and data controllers face the more and more complex task to evaluate whether their data processing activities are legally compliant, especially in an international context. Over the last years, data have become a valuable asset and are even called the currency of the future. In this context, the European Union adopted the General Data Protection Regulation (GDPR) to further harmonise the rules for data protection within the EU Member States and to raise the level of privacy for the affected individuals. This course aims to provide a detailed and advanced understanding of the latest developments in law and practice relating to data protection through interactive study of both relevant legislation and case law.

Learning outcomes

On completion of this module, students are expected to be able to:

  • define the concepts of “privacy” and “data protection” and explain the role of these concepts in the modern interconnected global economy;
  • understand the legal framework of data protection in different jurisdictions;
  • identify the relevant applicable law and jurisdiction;
  • realise the fundamental data protection concepts (e.g., consent, personal data, data controller/data processor etc.);
  • understand the role of Data Protection Officers (DPOs) and the interaction with the Supervisory Authorities;
  • explore the notion of privacy by design & privacy by default;
  • examine relevant issues concerning international transfer of personal data;
  • develop critical skills in evaluating existing academic and professional literature on data protection.


  • International human rights instruments and case law
  • Data protection legislation
  • Scope of application of the GDPD
  • Data processors and data controllers: roles and responsibilities
  • Data processing principles
  • Lawfulness of data processing
  • Data Subjects’ Rights
  • The Right to be Forgotten
  • Data protection in social networks
  • Electronic marketing and advertising issues
  • Surveillance at the work place and in public places
  • Data protection enforcement

Reading Books

Kelleher, D. (2017), EU Data Protection Law, Bloomsbury Professional, UK; Rucker, D./Kugler, T. (ed.) (2017), New European General Data Protection Regulation: A Practitioner’s Guide, Hart Publishing, UK; Voigt, P./von dem Bussche, A. (2017), The EU General Data Protection Regulation (GDPR) – A Practical Guide, Springer, Switzerland.