Aurélie Pols, Owner of Competing on Privacy, DPO for NY based CDP mParticle and part of the EDPS’ Ethics Advisory Group
Giovanni Comandé, Full Professor of Private Comparative Law, Scuola Superiore S. Anna Pisa, Italy

In this course data protection implications of big data and analytics are specifically analysed, and practical insights on how address compliance and demonstrate accountability in such complex domain will be shared with the participants.

The following questions are addressed:

• How is Big Data defined?
• What does performing analysis on big data mean from the data protection point of view?
• Which are the main provisions of the GDPR which need to be considered in the big data & analytics domain?
• Which are the main documents issued by EU (data protection) authorities/institutions on personal data processing related to big data & analytics?
• Transparency, user control, data protection by design/default and accountability as the main pillars of big data & analytics compliance: how to apply them?
• How to deal with big data & analytics on personal data, pseudonymised data, and anonymized data?
• How to select the most appropriate legitimate ground to process data in the big data & analytics domain (e.g., data subject’s consent, legitimate interest pursued by the controller or by a third party)?
• Doing big data & analytics on personal data already collected or on personal data to be collected: how to deal with these two different scenarios?
• Does big data & analytics trigger the obligation to conduct a DPIA?
• How to determine the appropriate technical and organisational measures to ensure a level of security appropriate to the risk posed by big data & analytics?
• How to assess the lawfulness of and possibly regulate profiling activities carried out by means of big data & analytics in compliance with the GDPR?
• The “compatibility test” and how to apply it to the big data & analytics domain?
• How to correctly comply with the duty to inform the data subjects regarding big data & analytics-related processing activities?
• How to ensure effective compliance with the purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, accountability principles in the big data & analytics domain?
• Why data quality is key in the big data & analytics domain?
• How to effectively regulate big data & analytics’ services offered by third parties in compliance with the GDPR (e.g., data processing agreements, data protection clauses)?
• Big data & analytics, cloud computing and internet of things are converging to develop cutting-edge solutions, how to deal with compliance in complex/data-intensive environment?