Data Privacy: GDPR & HIPAA Online Certificate

Boston College Continuing Education, in collaboration with Kevin Powers, Director of the M.S. in Cybersecurity Program at Boston College, is launching a new, online, non-credit certificate program.

The Data Privacy: GDPR & HIPAA Certificate provides you with advanced knowledge in the major privacy and data protection laws and regulations in the U.S. and globally, including health care privacy and security laws (i.e., HIPAA / HITECH) and the European Union’s General Data Protection Regulation (GDPR) (e.g., policy and applicability, fundamental rights of data subjects, corporate requirements and obligations, breach notification rules, and fines and penalties).

The certificate consists of five online courses (approximately 90 minutes each in length). You may complete the courses in any order you choose and at your own pace. There is no obligation to complete the certificate; you may take any course(s) without committing to completing the certificate.

Some courses are approved for CLE credit in CA, CT, FL, NJ, and NY. Reporting requirements vary by state and we recommend that you check with your state's bar association for their guidelines on reporting requirements.

Who should attend: attorneys, paralegals, accountants, business and government executives, managers and employees, human resources professionals, compliance and privacy officers, IT and project managers, health care professionals, and individuals seeking knowledge of U.S., EU, and health care privacy and data protection laws.

See full listing of courses


 

Courses

Course Details

GDPR: Breach Notification and Penalties

Course Fee: $300

Course Description:

On May 25, 2018, the European Union's General Data Protection Regulation (GDPR) went into effect. The GDPR is, arguably, the most significant legislation pertaining to the protection of privacy and personal information and, with its reach outside of the EU, will impact business entities on a global scale. This course focuses on the GDPR's breach notification requirements for data controllers and data processors, including reporting and record-keeping requirements. This course also examines the decision-making process (i.e., the role of, and interactions with, supervisory authorities) and the types of fines and penalties for non-compliance with the GDPR.

Learning Objectives:

  • You will understand the breach notification requirements for both data controllers and data processors.
  • You will understand the role of the supervisory authority in the breach notification process and the requirements for data controllers and data processors in dealing with same.
  • You will understand the types of fines and penalties for non-compliance with the GDPR and know the factors considered by the supervisory authority in determining the appropriate punishment, if any, under the GDPR.
 

GDPR Compliance: Scope, Concepts, and Applicability

Course Fee: $300

Course Description:

On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) took effect. The GDPR is, arguably, the most significant legislation pertaining to the protection of personal data and, with its reach outside of the EU, impacts business entities on a global scale. This course examines the core concepts of the GDPR as set forth in the first 50 Articles. We will explore when and how the GDPR applies, key definitions and terms, the foundational principles, legal bases of processing and special protections for sensitive information. We will cover how to build a privacy notice, what are the data subject rights, and concepts such as data protection by design and default. This course will touch briefly on the role of controllers versus processors, but we will cover issues such as the role of the data protection officer, how to conduct a privacy impact assessment, what are the minimum security requirements, and obligations for breach notification. Finally, the course will cover certain business concepts including data mapping and how to make risk based determinations to help avoid boiling the ocean for compliance. By the end of this course, you will have a good overview of what it means to be “GDPR compliant” and provide an excellent foundation from which to build a GDPR compliance program.

Learning Objectives:

  • You will understand when and to what extent the GDPR may apply to businesses and business functions around the world.
  • You will understand the foundational principles and the key terms, roles, and responsibilities associated with the GDPR and the fundamental rights of data subjects.
  • You will understand how the GDPR affects the business concerns (i.e., data management, processing, and protection) of entities within the EU and globally.
     

GDPR: Requirements for Data Controllers and Data Processors

Course Fee: $300

Course Description:

On May 25, 2018, the European Union's General Data Protection Regulation (GDPR) went into effect. The GDPR is, arguably, the most significant legislation pertaining to the protection of privacy and personal information and, with its reach outside of the EU, will impact business entities on a global scale. This course examines the role and responsibilities of business entities subject to the GDPR (i.e., data controllers and data processors). The course addresses and expands upon key GDPR requirements for data controllers and data processors, including the relationship between data controllers, processors, and supervisory authorities, appointment of a data protection officer, privacy by design, data protection impact assessment, data protection and storage, data transfers, and lawful processing of data.

Learning Objectives:

  • You will understand the major roles and obligations for business entities covered by the GDPR (i.e., data controllers and data processors).
  • You will understand the relationship between data controllers and data processors, including the differences between the two, their interactions with each other, and respective relationships to supervisory authorities.
  • You will understand the role of the data protection officer and the key GDPR requirements facing data controllers and data processors (e.g., lawful processing of data, privacy by design, data protection impact statement, data protection and storage).

Privacy Law and Data Protection

Course Description:

Course broadly examines the principles that underlie the laws and regulations pertaining to the protection of personal information. After discussing these common principles, the course provides an overview of some of the current laws protecting personal data in the United States and around the world, focusing on major Federal and State civil laws and regulations, as well as significant existing and proposed regulations that exist internationally. The course ends by discussing some of the practical considerations associated with operationalizing these requirements within an organization.

Learning Objectives:

  • You will understand the principles that underlie various laws and regulations pertaining to personal data, both in the United States and abroad, and how they relate to cybersecurity.
  • You will understand some of the major personal data protection laws and regulations that exist around the world.
  • You will understand some of the practical considerations relevant to protecting personal data within an organization.

Health Care: Privacy and Security Law

Course Description:

This course provides an overview of the major health care privacy and security laws in the U.S., focusing on the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH) and their state counterparts. The course examines: HIPAA/HITECH policy and applicability; types of health care information; individual rights; compliance and data breach notification requirements; appropriate administrative, physical, and technical safeguards; and penalties for violations.

Learning Objectives:

  • You will understand the key aspects of the major health care privacy and security laws in the U.S., including HIPAA/HITECH, and will be able to identify the entities and information for which HIPAA/HITECH applies.
  • You will understand the compliance obligations pertaining to protected health information (PHI) and the requirements of, and differences between, the HIPAA Privacy and Security Rules.
  • You will understand the breach notification requirements under HIPAA/HITECH and the penalties for violations of such notification requirements.
     


Certificate Pricing

General Admission

General Admission for each online course is $300. 

Active duty military, veterans, and government agencies may contact continuinged@bc.edu for discounted pricing.

Organizations that plan to have 10+ employees complete the certificate program may contact continuinged@bc.edu for discounted pricing.