Desent
← Back to Outing Schedule

Saturday, April 18, 2026 · 09:15 - 12:15

Security & Data Protection Seminar

Led by Lukas & Ramsey · 3 hours · Monis.rent Office

Seminar Outline

09:15 - 09:45

1. Why Security Matters for Us

  • Our responsibility: we handle student data, tutor data, and payment information at ubiMaster
  • Real-world examples of breaches at education & SaaS companies
  • Legal consequences under GDPR (fines up to 4% of annual revenue or €20M)
  • Reputational damage and loss of user trust
09:45 - 10:15

2. GDPR & Data Protection Fundamentals

  • What counts as personal data (names, emails, IP addresses, student learning data)
  • Special category data: minors' data requires extra protection
  • Lawful bases for processing: consent, contract, legitimate interest
  • Data subject rights: access, deletion, portability
  • Data processing agreements with third-party services
  • Data retention policies — don't keep what you don't need
10:15 - 10:30

Break

10:30 - 11:00

3. Password Security & Authentication

  • Why weak passwords are the #1 attack vector
  • Using a password manager (mandatory for all work accounts)
  • Two-factor authentication (2FA) — how to set it up everywhere
  • Never reuse passwords across services
  • What to do if you suspect a password is compromised
11:00 - 11:30

4. Phishing, Social Engineering & Everyday Threats

  • How to spot phishing emails and messages (real examples)
  • Social engineering tactics: pretexting, baiting, tailgating
  • Safe browsing habits and recognizing suspicious links
  • Reporting suspicious activity — when in doubt, ask
  • Handling sensitive data in messaging apps (Slack, WhatsApp)
11:30 - 11:50

5. Device Security & Remote Work

  • Keeping OS and software up to date (auto-updates on)
  • Full disk encryption on all work devices
  • Locking your screen when stepping away
  • Secure Wi-Fi usage — avoid public Wi-Fi without VPN
  • Separating work and personal accounts/devices
  • What to do if a device is lost or stolen
11:50 - 12:05

6. Incident Response & Reporting

  • What counts as a security incident (data leak, unauthorized access, lost device)
  • Our incident response process: who to contact, how fast
  • GDPR requires reporting breaches within 72 hours
  • No blame culture — report immediately, don't try to fix it alone
  • Documentation: what to write down when something happens
12:05 - 12:15

7. Knowledge Test

  • 10 multiple-choice questions covering today's topics
  • Scroll down to take the test!

Knowledge Test

Answer all 10 questions and submit to see your score. You need to get all questions right!

1. A parent emails asking for their child's complete learning history and all data you have on file. Under GDPR, what must you do?

2. You receive an email from 'IT Support' asking you to click a link and re-enter your password because of a 'security upgrade'. What should you do?

3. What is the maximum GDPR fine for serious violations?

4. Which of the following is considered personal data under GDPR?

5. You accidentally send a spreadsheet with student emails to the wrong person. What should you do?

6. What is the best way to manage your work passwords?

7. You're working from a café and need to access internal company systems. What should you do?

8. How quickly must a data breach be reported to the supervisory authority under GDPR?

9. ubiMaster processes data of minors (students under 18). Which statement is correct?

10. Your work laptop is stolen from your bag while traveling. What is the correct first step?