nl en

Data Protection (FGGA)


Admission requirements

This course is part of the ‘cyber security essentials’, open for all Security Studies and Informatics bachelor students.


Data protection and privacy are all too often confused and interchangeably used, although they are two different terms and also different rights. From the perspective of governance, this course will explain these differences and why that matters. Further, this course will dissect the notion of data protection and zoom in on all its components, what they mean, what the applicable governance framework is and what the enforcement and consequences are. The course has an introductory level and reading material is of an introductory nature but students are expected to have experience with independent study.

As components of data protection, the definitions of the basic elements (such as personal data, data processing and consent) will be dealt with as well as the principles governing data processing: the purpose limitation principle and the data retention principle. The governance framework, the policy documents and the relevant case law in the EU and the Council of Europe will be our guideline but a comparative exercise will be made with the data protection governance from other countries and regions such as the US, South America and Asia. Also data exchange between these different jurisdictions will be studied.

The course will study how data breaches are dealt with from a governance point of view and which factors play a role (role of data protection authority and data protection officer, type of organization, risk mitigation, data processing activities, etc.) in organizing data security. The theory will be illustrated with real-life cases where the applicable data protection governance framework has lead to specific consequences such as fines or required adjustments to the data processing activities of an organization.

An important part of the course will be dedicated to the tensions that arise when data protection needs to be balanced against other important interests such as the suppression of criminal offences, national security, public health and economic interests.

Course objectives

After successful completion of this course, students will:

  • have acquired knowledge and understanding of the right to data protection, the right to privacy and the difference between both;

  • have acquired knowledge of definitions, key principles, governance frameworks and the enforcement of data protection;

  • have acquired knowledge and understanding of how data breaches and data security are dealt with from a governance point of view;

  • be able to identify and assess differences between European data protection governance and other data protection frameworks;

  • be able to think independently, responsibly and critically about case law and policy on data protection and about the tensions that exist between data protection and other interests. 


You will find the timetables for all courses and degree programmes of Leiden University in the tool MyTimetable (login). Any teaching activities that you have sucessfully registered for in MyStudyMap will automatically be displayed in MyTimeTable. Any timetables that you add manually, will be saved and automatically displayed the next time you sign in.

MyTimetable allows you to integrate your timetable with your calendar apps such as Outlook, Google Calendar, Apple Calendar and other calendar apps on your smartphone. Any timetable changes will be automatically synced with your calendar. If you wish, you can also receive an email notification of the change. You can turn notifications on in ‘Settings’ (after login).

For more information, watch the video or go the the 'help-page' in MyTimetable. Please note: Joint Degree students Leiden/Delft have to merge their two different timetables into one. This video explains how to do this.

Mode of instruction

7 (interactive) lectures of 3 hours each.
Attendance is mandatory.

Assessment method

Written individual assignment
*Grade must be compensated
*resit not possible
written exam
70 % of final grade
*Grade must be 5.50 or higher to pass the course
*Resit of a fail is possible.
*Resit will take the same form

The calculated final grade must be at least 5.50 to pass the course.

Reading list

See above


From the academic year 2022-2023 on every student has to register for courses with the new enrollment tool MyStudyMap. There are two registration periods per year: registration for the fall semester opens in July and registration for the spring semester opens in December. Please see this page for more information. Exemptions are minor students and fall semester for 1st year bachelor students: the student administration will enroll these groups for courses.

Please note that it is compulsory to both preregister and confirm your participation for every exam and retake. Not being registered for a course means that you are not allowed to participate in the final exam of the course. Confirming your exam participation is possible until ten days before the exam.

Extensive FAQ's on MyStudymap can be found here.


Dr. Els De Busser


This course takes place in The Hague.
All sessions will be in English.
All assignments and exams need to be written in English.

When you register for a certain course, you automatically receive access to the environment of this course via Brightspace.

For more information about Brightspace, click on this link to view the university manuals. If you have any other questions or problems, you can contact the helpdesk of Leiden University.