nl en

Data Protection (FGGA)


Admission requirements

This course is part of the ‘cyber security essentials’, open for all Security Studies and Informatics bachelor students.


Data protection and privacy are all too often confused and interchangeably used, although they are two different terms and also different rights. From the perspective of governance, this course will explain these differences and why that matters. Further, this course will dissect the notion of data protection and zoom in on all its components, what they mean, what the applicable governance framework is and what the enforcement and consequences are. The course has an introductory level and reading material is of an introductory nature but students are expected to have experience with independent study.

As components of data protection, the definitions of the basic elements (such as personal data, data processing and consent) will be dealt with as well as the principles governing data processing: the purpose limitation principle and the data retention principle. The governance framework, the policy documents and the relevant case law in the EU and the Council of Europe will be our guideline but a comparative exercise will be made with the data protection governance from other countries and regions such as the US, South America and Asia. Also data exchange between these different jurisdictions will be studied.

The course will study how data breaches are dealt with from a governance point of view and which factors play a role (role of data protection authority and data protection officer, type of organization, risk mitigation, data processing activities, etc.) in organizing data security. The theory will be illustrated with real-life cases where the applicable data protection governance framework has lead to specific consequences such as fines or required adjustments to the data processing activities of an organization.

An important part of the course will be dedicated to the tensions that arise when data protection needs to be balanced against other important interests such as the suppression of criminal offences, national security, public health and economic interests.

Course objectives

After successful completion of this course, students will:

  • have acquired knowledge and understanding of the right to data protection, the right to privacy and the difference between both;

  • have acquired knowledge of definitions, key principles, governance frameworks and the enforcement of data protection;

  • have acquired knowledge and understanding of how data breaches and data security are dealt with from a governance point of view;

  • be able to identify and assess differences between European data protection governance and other data protection frameworks;

  • be able to think independently, responsibly and critically about case law and policy on data protection and about the tensions that exist between data protection and other interests. 


On the right side of programme front page of the E-guide you will find links to the website and timetables, uSis and Brightspace.

Mode of instruction

7 (interactive) lectures of 3 hours each.
Attendance is mandatory.

Course Load

The total study load for this course is 168 hours, consisting of:

  • lectures: 21 hours (7 lectures of 3 hours each)

  • self-study, assignment and examination: total of 147 hours

Assessment method

Written individual assignment
*Grade must be compensated
*resit not possible
written exam
70 % of final grade
*Grade must be 5.50 or higher to pass the course
*Resit of a fail is possible.
*Resit will take the same form

The calculated final grade must be at least 5.50 to pass the course.


Students will receive the syllabus for the course before the first lecture via Brightspace. The syllabus will contain required reading material by means of references only. Students are expected to find these sources themselves by means of the Leiden University library and/or online resources.
A list of optional reading material will also be made available.

Reading list

See above


To be announced by OSC staff.


Dr. Els De Busser


This course takes place in The Hague.
All sessions will be in English.
all assignments and exams need to be written in English.