Course Topics
The course deals with the main legal issues on personal and non-personal data processing and about the risk management that a cyber-company faces. In the first part of the course personal and non-personal data processing regulations will be studied. The GDPR’s main provisions will be described, its rules governing data processing and the duties cast upon controllers and processors. The role and obligations of Data Protection Officers (DPO) are dealt with. The second part of the course deals with the basic elements of Cybersecurity with the aim to provide a comprehensive and structured overview of the main topics related to the discipline, addressing both technical and organizational as well as regulatory aspects. First, the course will examine the main threats and vulnerabilities affecting information systems, networks, and applications, with particular attention to the most widespread attack techniques and the ways in which they can compromise the confidentiality, integrity, and availability of information. It will then focus on the principles of risk governance, with the goal of understanding how organizations can adopt effective management strategies and how to conduct a proper risk assessment using internationally recognized methodologies. The course will also cover technical and organizational security measures and best practices aimed at mitigating risks, including security policies, access controls, encryption, and monitoring systems. A specific focus will be placed on the national and European regulatory landscape, with references to regulations and directives such as the NIS2 Directive, to understand legal implications and compliance requirements organizations must meet. The ultimate goal is to provide students with both theoretical and practical tools to critically and effectively face the challenges of Cybersecurity.

Teaching format
Recorded lectures, in-person teaching, exercises. The course adopts a blended, student-centred approach that emphasises problem-based learning and active engagement. A portion of the lecture content is made available online in advance, allowing students to explore key concepts independently and at their own pace before attending class. This preparatory work enables inperson sessions to focus on the application of knowledge through real-world problems, collaborative activities, and guided discussions — fostering critical thinking and deeper learning. The course is fully aligned with the principles of the Italian Universities Digital Hub (EDUNEXT) initiative (https://edunext.eu), which promotes the integration of digital resources and active learning strategies within university teaching.

Educational objectives
Knowledge and understanding: The student acquires advanced knowledge of the legal specificities concerning data processing. Knowledge and understanding of the legal aspects of privacy, the essentials of data protection law and the privacy risks of data release will be developed. Knowledge and understanding of data security aspects, the cybercrime ecosystem, vulnerabilities in companies and institutions in relation to cyber attacks will be developed. Aapplying knowledge and understanding: Ability to master the legal system to deal with common issues concerning data security and privacy. Making judgements: Master graduates will have the ability to apply the acquired knowledge to interpret data in order to make managerial and operational decisions in a business context. Master's graduates will be able to apply the acquired knowledge to support processes related to production, management and risk promotion activities and investment choices through the organisation, analysis and interpretation of complex databases. Communication skills: Master's graduates will be able to communicate effectively in oral and written form the specialised contents of the individual disciplines, using different registers, depending on the recipients and the communicative and didactic purposes, and to evaluate the formative effects of their communication. Learning skills: "MSc graduates should be familiar with the tools of scientific research. They will also be able to make autonomous use of information technologies to carry out bibliographic research and investigations both for their own training and for further education. In addition, through the curricular teaching and the activities related to the preparation of the final thesis, they will be able to acquire the ability - to identify thematic connections and to establish relationships between methods of analysis and application contexts; - to frame a new problem in a systematic manner and to implement appropriate analysis solutions; - to formulate general statistical-econometric models from the phenomena studied.

Assessment
The course grade will be based on the final written exam that include 3 general questions with 3-4 sub-questions. During the II part on Cybersecurity, short tests and simulations may be carried out and, in case of students’ attendance, will be considered for the final vote.

Evaluation criteria
Criteria for the assessment of the written exam: clarity of the answers, mastery of language (knowledge of the legal technical language, and grammatical and logic mastery of language), ability to summarize, evaluate, and establishing relationships between topics.