When will I have access to the lectures and assignments?

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

What will I get if I subscribe to this Specialization?

When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

Cloud Computing Law: Data Protection and Cybersecurity

3 days left! Save on skills that make you shine with 40% off 3 months of Coursera Plus. Save now

Cloud Computing Law: Data Protection and Cybersecurity

This course is part of Cloud Computing Law Specialization

Instructors: Christopher Millard

5,140 already enrolled

Included with

Learn more

3 modules

Gain insight into a topic and learn the fundamentals.

78 reviews

Beginner level

Recommended experience

2 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

3 modules

Gain insight into a topic and learn the fundamentals.

78 reviews

Beginner level

Recommended experience

2 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

11 assignments

Taught in English

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your subject-matter expertise

This course is part of the Cloud Computing Law Specialization

When you enroll in this course, you'll also be enrolled in this Specialization.

Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate

There are 3 modules in this course

Vast amounts of personal information are processed in the cloud. But who is legally responsible for such ‘personal data’ in cloud environments? What duties do cloud providers like Amazon, Microsoft, and Google have? And what rights can you, as an individual, exercise under data protection law? If you’d like to find out, then this course is for you!

First, we’ll look at how the European Union’s ‘General Data Protection Regulation’ (‘GDPR’) regulates the processing of personal data in cloud services. You’ll learn to identify controllers and processors, describe their roles and responsibilities, and understand how cloud customers and providers can comply in practice. Second, we’ll look at international transfers of personal data. We’ll explain how the GDPR can apply to cloud providers and their customers anywhere in the world, as well as how restrictions on international transfers apply to cloud services. Third, we’ll look at how the Network and Information Security (‘NIS’) Directive regulates the cybersecurity of critical infrastructure. You’ll learn to identify cloud providers’ duties to notify security breaches and to keep their services secure, and how to apply those duties to concrete case studies. In short, this course covers how the GDPR and NIS Directive apply to cloud services and what cloud providers and their customers should do to comply.

Module details

This week, you'll learn how data protection laws regulate the processing of personal data in cloud services. We will focus, in particular, on the rules applying to cloud service providers and their customers as 'processors' and 'controllers' under the EU's General Data Protection Regulation (GDPR). We will explore the principles that must be followed and consider the legal grounds for processing personal data in the cloud, as well as how individuals might exercise their rights and the potential consequences for cloud providers of failing to comply with their obligations. By the end of this week, you'll be able to identify what is regulated as personal data and analyse what cloud providers and their customers must do to ensure compliance with the GDPR.

What's included

10 videos12 readings3 assignments3 discussion prompts

10 videosTotal 59 minutes

Introduction to data protection and cybersecurity7 minutes
What is personal data?6 minutes
Who are the main GDPR actors?6 minutes
What are the data protection principles?6 minutes
What is lawful processing?4 minutes
What do we mean by 'joint' controllers?6 minutes
What is the relationship between controllers and processors?6 minutes
What are the security obligations?6 minutes
What are individual rights?5 minutes
What are the GDPR provisions on fines and compensation?6 minutes

12 readingsTotal 213 minutes

Introducing Christopher and Dimitra5 minutes
Glossary of Key Terms5 minutes
The definition of personal data20 minutes
The main actors under the GDPR20 minutes
Data Protection Principles15 minutes
Lawful processing20 minutes
Joint controllers10 minutes
Relationship between controllers and processors10 minutes
Security and personal data breach45 minutes
Individual rights45 minutes
Fines and compensation15 minutes
A message from your instructors3 minutes

3 assignmentsTotal 80 minutes

Case Studies40 minutes
Controllers, processors, and lawful grounds for processing20 minutes
Controller-processor relationship and individual rights20 minutes

3 discussion promptsTotal 30 minutes

Discussing the GDPR main actors10 minutes
Discussing data protection principles10 minutes
Discussing individual rights10 minutes

This week, you'll learn how the GDPR applies to international transfers of data in cloud computing. First, we will examine the broad territorial scope of the GDPR in the context of cloud computing. Then we will explore how GDPR may restrict international transfers of cloud data; the legal mechanisms that may be relied on to justify regulated transfers; and possible exceptions to the transfer restriction. By the end of this week, you'll be able to explain the international reach of GDPR and how its data transfer rules apply to cloud providers and their customers.

What's included

10 videos8 readings5 assignments1 discussion prompt

10 videosTotal 57 minutes

Introduction to International Data Transfers6 minutes
The Establishment Test6 minutes
Targeting and Monitoring6 minutes
Third country transfer restriction6 minutes
What is a transfer?6 minutes
Transfer options4 minutes
Adequacy decisions6 minutes
Appropriate Safeguards7 minutes
Derogations4 minutes
Data Transfers Conclusion5 minutes

8 readingsTotal 125 minutes

Glossary of key terms15 minutes
Duty to appoint a representative5 minutes
Other consequences of applying the GDPR10 minutes
Lawful basis for the transfer of personal data15 minutes
The EU-US Data Privacy Framework20 minutes
Binding Corporate Rules 20 minutes
Derogations from the third country data transfer restriction30 minutes
Data Location Services10 minutes

5 assignmentsTotal 85 minutes

Case Studies40 minutes
Establishment in the EU10 minutes
Targeting and monitoring the behaviour of EU data subjects10 minutes
Third country transfer restriction15 minutes
Third country data transfer instruments10 minutes

1 discussion promptTotal 20 minutes

Views on GDPR's third country transfer restriction20 minutes

This week, you'll learn about the regulation of cloud services as critical infrastructure under the Network and Information Security ('NIS') Directive. First, we'll look which cloud services need to comply with this Directive. Then, we'll review the obligations to keep cloud services secure and to report security incidents to a regulator. By the end of this week, you'll be able to describe how a cloud provider can comply with the NIS Directive, as well as the possible penalties for breaking the rules.