In this activity, the course and the GDPR will be introduced to you.

We will learn about the concepts of privacy and data protection, the associated human rights and compliance with them.

In this activity, we will focus on the old and new legal regimes of the EU on data protection and discuss the scope of the GDPR and its applicability.

Together, we will examine different concepts and definitions laid down in the GDPR that are essential to understanding the new regulation and assess a number of important data protection roles.

This activity deals with six essential data protection principles, the issue of consent and minors in the context of the GDPR.

In this activity, we will provide a conclusion of Week 1.

In this activity, we will introduce Week 2 to you, discuss the Google case and the need for data subjects' rights.

The focus of this activity is on the general requirements for the processing of personal data introduced in the GDPR: the so-called transparency and modalities requirements.

We will examine four rights that data subjects have under the GDPR. Those are the rights of access, rectification, object and restriction of processing.

In this activity, we would like to address the rights to erasure and to data portability and explain the judgment of the CJEU in the Google Spain case.

In this activity, we will deal to a spectrum of remaining data subjects rights concerning complaints, judicial remedies, automated individual decision-making, representation and compensation.

We will discuss possible ways to restrict rights of data subjects and talk about the most often used types of restriction.

In this final activity, our goal is to give you a quiz on data subjects' rights testing your acquired knowledge and to conclude Week 2.

In this activity you will learn how the GDPR defines data controllers, joint controllers and processors before diving into their obligations and responsibilities for legal compliance.

In this activity, you will learn what a data controller's obligations and responsibilities are and how to comply with these legal requirements.

Controllers need to keep records and inform supervisory authorities and data subjects of their processing activities and notify them in case of a data breach. In this activity you will learn more about this topic.

Under certain circumstances the GDPR provides that Data Protection Impact Assessments need to be carried out and Data Protection Officers need to be appointed. This activity discusses these topics.

When can a joint controller act in data processing under the GDPR and what are the legal obligations? This activity discusses more on this topic.

In the following steps, you will learn the GDPR obligations of data processors and how they might be similar to and different from the obligations of data controllers, taking into account their different data processing roles.

Week 3 summary and concluding remarks.

In the following steps you will learn a number of mechanisms that the GDPR provides to ensure the fair and lawful processing of personal data as well as the consequences for data controllers and processors in case of infringement.

In the following steps, you will learn about the legal status, tasks and powers of national data protection supervisory authorities as well as on the European Data Protection Board and their role in enforcing the GDPR.

In the following steps a number of tools for facilitating the operation of data controllers and processors while bringing it in line with the GDPR are presented.

In the following steps you will learn about the GDPR requirements for lawful data transfers and processing outside the territory of the EU.

In the following steps you will learn about the liabilities, responsibilities and penalties of data controllers and processors in case they do not comply with the GDPR provisions.

Is this the end of our course? Of course, not. It is the end of the beginning at most. Now, we should recap what we have discussed and leave it to you to apply this knowledge in practice.