Summer Course on General Data Protection Regulation at the University of Lisbon School of Law

The GDPR returns in September in the III Course on the new General Data Protection Regulation. The initiative is sponsored by BAS and applications are open. See here how it went.

The II edition of the same course ended in July, which was divided into two modules – GDPR Framework and Interpretation and GDPR application – and had the participation of two partners of BAS and professors at the University of Lisbon School of Law: Cláudia Monge, with a class on “Data Protection Officer”, and Pedro Madeira de Brito, with the class on “The processing of workers’ data. The September edition, taking place from 11 to 24, will also feature classes from both experts, among others. The program can be found here.

We asked Tânia Vanessa Silva, lawyer, and Mariana Marques Leitão, intern lawyer, both from BAS, who attended the II edition of the course, what was their experience:


What made you attend the course?

TVS: The current relevance of the topic that would be discussed. A lot of things have been said about the RGPD, however, in all the recent publications on the topic the practical component is not addressed. This course was presented with a strong practical component which, from the start, provoked some interest.

MML: The current relevance of the theme and the fact that I have been working in this area. In addition, data protection is in vogue these days and so, having a deeper understanding on the subject would be (and is) an added value for my work. The possibility of understanding abstract concepts and the concrete problems that may arise from the legislation in force made this a very stimulating course.


What were your expectations?

TVS: That the participants had a more practical view on the interpretation and application of the GDPR.

MML: To understand the potential problems, the main differences with regard to the entry into force of the GDPR and which subjects have attracted most interest in the academic world. In addition, my goal was to better understand the subjects that I have dealt with in the office and in my day to day (ex: subcontractors).


Were those expectation met?

TVS: Yes, the course met my expectations and contributed to the practical implementation of the RGPD in companies and in the public and private sector, clarifying some issues.

MML: Without a doubt. Some very interesting questions were presented to those who work directly with data protection matters. In the second part of the course there were very practical presentations, which was important for me to better understand the concepts clarified in the first part of the course, comprehensibly more theoretical.


Which were its most interesting topics?

TVS: A The practical cases related with the implementation of the GDPR by companies.

MML: The topics concerning subcontractors, which unfolded into two “lessons”. And the topics related to impact assessment. These topics raised significant interest because the trainers worked directly in the area and had broad experience.


What’s you opinion on the course?

TVS: Very successful.

MML: The Intensive course is very well thought out for providing an initially theoretical approach to understanding basic fundamental concepts and for differentiating the new European legislation in this area. In this first approach we contacted with international jurisprudence on the subject, which was fundamental. Finally, the workshops gave me more realistic view on the topic, with practical examples in the private and public sector. The participation of the trainees, raising very practical questions, was also fundamental for the practical understanding of the subjects.


Did the course lead you to want to go deeper into the topic? If so, what other courses would you like to attend?

TVS: It would be interesting to have a practical course in which a fictitious company was analysed for the purposes of preparing its assessment in terms of personal data processing and elaboration of the appropriate procedures for the implementation of the GDPR. In this course, given that the participants would have their knowledge conditioned by different realities, according to the companies where they worked, several questions could be raised that would end up enriching all the other participants. In short, a course where the interpretation and implementation of the GDPR was done using a practical case.

MML: Of course. It would be interesting to have a course more focused on the public sector, although it was mentioned briefly in this course (much due to the interventions of the trainees).


What did you get out of this course?

TVS: Elaboration of internal procedures, codes of conduct, privacy policies and binding rules for companies and employee data analysis.

MML: The most practical learnings related to subcontractors and controllers and impact assessment (DPIA – Data Protection Impact Assessment). I would also like to highlight all the contributions of the other trainees who contributed to the clarification of some issues. It is also worth mentioning that some documentation has been enunciated (and sent) that could be very useful in the professional activity related to this area.

More in Communication