Course Topics
The course deals with the main legal issues on personal and non-personal data processing and about the risk management that a cyber-company faces. In the first part of the course personal and non-personal data processing regulations will be studied. The GDPR’s main provisions will be described, its rules governing data processing and the duties cast upon controllers and processors. The role and obligations of Data Protection Officers (DPO) are dealt with. The second part of the course deals with the basic elements of Cybersecurity with the aim to provide a comprehensive and structured overview of the main topics related to the discipline, addressing both technical and organizational as well as regulatory aspects. First, the course will examine the main threats and vulnerabilities affecting information systems, networks, and applications, with particular attention to the most widespread attack techniques and the ways in which they can compromise the confidentiality, integrity, and availability of information. It will then focus on the principles of risk governance, with the goal of understanding how organizations can adopt effective management strategies and how to conduct a proper risk assessment using internationally recognized methodologies. The course will also cover technical and organizational security measures and best practices aimed at mitigating risks, including security policies, access controls, encryption, and monitoring systems. A specific focus will be placed on the national and European regulatory landscape, with references to regulations and directives such as the NIS2 Directive, to understand legal implications and compliance requirements organizations must meet. The ultimate goal is to provide students with both theoretical and practical tools to critically and effectively face the challenges of Cybersecurity.

Teaching format
Recorded lectures, in-person teaching, exercises. The course adopts a blended, student-centred approach that emphasises problem-based learning and active engagement. A portion of the lecture content is made available online in advance, allowing students to explore key concepts independently and at their own pace before attending class. This preparatory work enables inperson sessions to focus on the application of knowledge through real-world problems, collaborative activities, and guided discussions — fostering critical thinking and deeper learning. The course is fully aligned with the principles of the Italian Universities Digital Hub (EDUNEXT) initiative (https://edunext.eu), which promotes the integration of digital resources and active learning strategies within university teaching.

Educational objectives
Intended Learning Outcomes (ILO) ILO 1 Knowledge and understanding: ILO 1.1 The student acquires advanced knowledge of the legal aspects of data processing. ILO 1.2 The student develops knowledge and understanding of the legal aspects of privacy, the essential elements of data protection legislation, and the privacy risks arising from the release of data. ILO 1.3 The student develops knowledge and understanding of aspects related to data security, the cybercrime ecosystem, and vulnerabilities in companies and institutions in relation to cyber attacks. ILO 2 Applying knowledge and understanding: ILO 2.1 Ability to navigate the legal system with confidence in order to deal with common issues relating to data security and privacy. ILO 3 Making judgements: ILO 3.1 The student acquires the ability to apply acquired knowledge to interpret data in order to make directional and operational decisions in a business context. ILO 3.2 The student acquires the ability to apply acquired knowledge to support processes related to production, management and risk promotion activities and investment choices through the organisation, analysis and interpretation of complex databases. ILO4 Communication skills: ILO 4.1 The student acquires the ability to communicate effectively in oral and written form the specialised content of the individual disciplines, using different registers, depending on the recipients and the communicative and didactic purposes, and to evaluate the formative effects of his/her communication. ILO 5 Learning skills: ILO 5.1 The student acquires knowledge of scientific research tools. He/she will also be able to make autonomous use of information technology to carry out bibliographic research and investigations both for his/her own training and for further education. Furthermore, through the curricular teaching and the activities related to the preparation of the final thesis, she will be able to acquire the ability - to identify thematic connections and to establish relationships between methods of analysis and application contexts; - to frame a new problem in a systematic manner and to implement appropriate analysis solutions; - to formulate general statistical-econometric models from the phenomena studied.

Assessment
The course grade will be based on the final written exam that include 3 general questions with 3-4 sub-questions (ILO 1.1, 1.2, 1.3, ILO 2.1, ILO 3.1, 3.2, ILO 4.1). During the II part on Cybersecurity, short tests and simulations may be carried out and, in case of students’ attendance, will be considered for the final vote (ILO 1.1, 1.3, ILO 2.1, ILO 3.2, ILO 4.1, ILO 5.1).

Evaluation criteria
Criteria for the assessment of the written exam: clarity of the answers, mastery of language (knowledge of the legal technical language, and grammatical and logic mastery of language), ability to summarize, evaluate, and establishing relationships between topics.