This two-pronged module addresses the now well-entrenched professionalization of privacy managers in the public and private sectors. Building on the knowledge acquired in all the modules, this module gives students a grounding in (1) the policy elements of privacy and data protection such as European and international data protection frameworks and (2) the technical and managerial elements of a role – the Chief Privacy Officer – that is in growing demand. This includes learning how to undertake a privacy impact assessment (PIA) and how to engineer principles such as privacy by design (PbD) and how to set an organizational privacy program.



– Duties and responsibilities of privacy managers

– European and international privacy and data protection frameworks

– Privacy policies in the public and private sectors and Public-Private Partnerships (PPP)

– Assessment of privacy risks and management of information requests





Bamberger, K. and Mulligan D.K. (2011). “New Governance, Chief Privacy Officers, and the Corporate Management of Information Privacy in the United States: An Initial Inquiry”, Law & Policy 33(4): 477-508.

Cavoukian, A., Taylor S. and Abrams M.E. (2010) “Privacy by Design: essential for organizational accountability and strong business practices”, IDIS 3: 405-413.

Wright, D. (2012) “The state of the art in privacy impact assessment”. Computer Law & Security Review 28(1): 54-61.

European Data Protection Supervisor (2005) Position paper on the role of Data Protection Officers in ensuring effective compliance with Regulation (EC) 45/2001. Available online at:

Christensen L., Colciago A., Etro F. and Rafert G. (2013), “The Impact of the Data Protection Regulation in the E.U.” Intertic Research Paper. Available online at:

Stoddart, J. (2013) “Auditing Privacy Impact Assessments: The Canadian Experience”, in David Wright and Paul De Hert (eds.), Privacy Impact Assessment, Dordrecht: Springer.