The School of Public Administration and the Catalan Data Protection Authority launch the first certification course for Data Protection Officers in the Catalan public sector

The School of Public Administration of Catalonia (EAPC) was the venue for the launch of the first edition of the Course for Data Protection Officers of the Administration and its public sector, promoted jointly with the Catalan Data Protection Authority (APDCAT).

The inaugural day of this new course was attended by the Secretary General of the Department of Digital Policies and Public Administration and the Acting Director of the EAPC, Xavier Gatius; the Director of the APDCAT, Maria Àngels Barbarà; the Director of the Microsoft–University of Valencia Chair of Privacy and Digital Transformation and member of the Microsoft Health Advisory Council, Ricard Martínez; and the Director General of Digital Administration of the Department of Digital Policies and Public Administration, Ester Manzano. 

The Course for data protection officers of the Administration and its public sector has been designed and will be developed as a result of the collaboration between the School of Public Administration of Catalonia and the Catalan Data Protection Authority. This alliance between the institutions makes it possible for workers in the administrations and the public sector of Catalonia to undertake specialized training, which will be provided by the School of Public Administration as the body in charge of training public workers in Catalonia, and, at the same time, be certified by the APDCAT.

This course will take place between the months of January and July 2020 in a semi-face-to-face format—it will combine face-to-face classes with activities in the virtual environment of the EAPC—and is the first course launched in Catalonia for the professional certification of data protection officers (DPO) of the Catalan administration and public sector.

Maria Àngels Barbarà has stated that the Regulation has meant a 360-degree turnaround in the manner of complying with data protection regulations, which requires entities to rethink how they deal with the processing of personal data.

A course to highlight the figure of the DPO

All in all, the main objective of this course is to provide appropriate knowledge and skills to those entrusted with the tasks of DPO in a changing and global environment. As such, this course will give access to the certification, issued by the Authority, of data protection officers of the Public Administration and the public sector of Catalonia. A figure whose main functions are to inform and advise those managers and employees responsible for the processing of personal data, as well as to monitor compliance with the obligations established in the General Data Protection Regulation (GDPR).

The head of the APDCAT has stated that for the Authority, the figure of the data protection officer is considered to be essential for achieving effective compliance with the General Data Protection Regulation and has ensured that the data protection authorities should be a reference and support for data protection officers. And this is the case with the launch of this specialized training course in data protection.

Programme for the first edition of the course

The Course for the data protection officer of the Administration and its public sector—coordinated by Mònica Vilasau, PhD in Law and Director of the UOC's Postgraduate Degree in Data Protection—lasts 180 hours, is structured into 26 topics and will address all relevant aspects from the point of view of data protection regulations: legal aspects and interpretation of data protection regulations; analysis of sectoral regulations in sensitive areas such as health or social services; issues related to information security, and data management and governance; and the digital transformation process of the administration.

In addition, the course also incorporates a part designed to strengthen the personal and interpersonal skills of DPOs, including communication, negotiation, settlement and the ability to create and work in a team. Finally, throughout the course there will be several conferences on current issues that will feature prominent speakers from the world of data protection.

Maria Àngels Barbarà, director of the APDCAT, stressed that this course seeks to create a dynamic study and learning environment that invites debate and delves into the field of data protection, and explained that the officers do not have a mere formal action and passive interpretation of data protection regulations, but must carry out a proactive task for the better defence of people's rights.

The inaugural lecture of the course on The challenges of the right to data protection was given by Ricard Martínez, director of the Microsoft–University of Valencia Chair of Privacy and Digital Transformation and member of the Microsoft Health Advisory Council, who highlighted, in his speech, the European model of data protection as a constitutional model and guarantee of fundamental rights. He also stated that data protection is consolidated in organizations, mainly within the framework of public administrations, and he focused on the strategic and differentiating task of the figure of the data protection officer.

The person in charge of closing today's presentation was Ester Manzano, Director General of Digital Administration in the Department of Digital Policies and Public Administration, who in her speech highlighted the figure of the data protection officer as a key element in providing security and confidence to the deployment of digital services, and framed the DPO course within the need to share knowledge, experience and vision and, thus, strengthen the deployment of data protection in the Generalitat and its public sector.
In this sense, the General Directorate of Digital Administration is working on the approval of a decree to regulate the figure of the DPO in the Administration of the Generalitat and in public sector entities.

A course with a vocation for continuity

This first edition of the course is addressed to the DPOs of the administration of the Generalitat and its public sector, but the EAPC and the APDCAT are looking at organizing new courses in the future that will be addressed to all officers of the Catalan public sector. Both institutions are also working to promote a new course on data protection of a shorter duration (60 hours), which would be done as a preliminary step to access the Course for Data Protection Officer of the Administration and its public sector and its certification, and which would be addressed to those people who are practising DPOs.