GDPR - Assessing your cloud providers, insights from Engie, and preparing for ‘The Day After’ (N-sight + workshop)

Location:Hof ten As, Melsbroek



Invitation to the Beltug N-sight and workshop: GDPR - Assessing your cloud providers, insights from Engie, and preparing for ‘The Day After’.


Companies are moving full throttle towards 25 May 2018, getting ready for the EU General Data Protection Regulation (GDPR).  But what about your cloud provider? Under the GDPR, the 'data controller' always remains accountable, so it is up to you to be sure your processor/Cloud Service Provider (CSP) will treat data in a compliant way.


Beltug has developed and published a ‘GDPR Vendor Assessment questionnaire’, with questions to help companies like yours discuss compliance with cloud providers, and negotiate certain GDPR-required contract clauses.


In the first part of this 2-part N-sight, we'll learn about the GDPR Vendor Assessment questionnaire: what it includes, how it was developed, and how to use it.


We will also look into what companies will need to do to monitor and maintain compliance after the GDPR is implemented. And we’ll discover how multinational company Engie is incorporating data protection in processes throughout the company.


Part 2 (optional) will then go deeper into the GDPR Vendor Assessment questionnaire, with an interactive workshop on the topics covered, and on how to get the most value from using it.


Don't hesitate to bring along your colleague(s) from other departments, who are involved in the demands of the GDPR.



13:00 - 18:30


Hof ten As, Perksesteenweg 37, 1820 Melsbroek




Part 1


13:00 Welcome coffee


13:30 Welcome and introduction: Beltug's support for its members on the road to compliance

Danielle Jacobs will give a short overview of the tools available now, and what we have in mind for the months to come.


Danielle Jacobs, General Manager, Beltug (English)
Ann Guinée, Project Manager, Beltug (English)


13:45 GDPR: preparing for May 26th ('The Day After')

There is a lot of pressure to be ready for 25 May 2018, and ideally, you have already begun on a data register, mapped personal data and updated data processing agreements.  But that’s just the start: what do you need to prepare and what actions do you need to regularly carry out to stay compliant ‘The Day After’?  For example:

  • Maintaining the data register with new software, new processing operations, etc.
  • Assessing new DPIAs and processors
  • Putting in place privacy metrics
  • Keeping up to date with changes from the government, competitors, customers, the market…
  • Ensuring employees are informed
  • Handling data subjects who are exercising their GDPR rights
  • Handling, communicating and preventing data breaches
  • To name a few…

After all, you don’t want to wake up with a hangover the day after!


Bavo Van den Heuvel, Founder/Director of Product Innovation, Cranium (English)


14:15 Q&A: Your questions, your experience


14:30 User story Engie: overcoming real-world compliance challenges

We all know we need to be compliant from 25 May 2018. But what does this look like in the real world? What are the challenges for achieving and maintaining compliance?  Peter Van Rompaey shares best practices and lessons learned from the GDPR journey at Engie, a complex, multinational setting.


Peter Van Rompaey, BU Data Privacy Manager, Engie Benelux - Member of the Beltug GDPR task force (English)


15:00 Q&A: Your questions, your experience


15:15 The Beltug Vendor Assessment questionnaire

Under the GDPR, the data controller company always remains accountable for its data, should an event occur. The regulation specifies that you can only appoint a processor/Cloud Service Provider (CSP) that is proven GDPR-compliant. That means you have the responsibility to assess your cloud vendor. This is no easy task, and you need to know what questions to ask.

Beltug has developed the GDPR Vendor Assessment questionnaire through close collaboration with data protection experts.  The questions help companies like yours to ensure that their cloud suppliers will be compliant themselves, and will also process customer data in a compliant way. In this overview, we take a brief look at the tool and its value.  For those who want a deeper exploration, join us for second part of this session (see below).


Jean-Pierre Bernaerts, DPO & Director GDPR Compliance Services, DPOffice (English)


15:30 Wrap up of Part 1 - coffee break


Part 2: Interactive workshop on the Beltug Vendor Assessment questionnaire


16:00 Maximising the Beltug Vendor Assessment questionnaire

After the overview of the Beltug Vendor Assessment questionnaire in Part 1 of the
N-sight, we now dive deeper into the topics, and how to use it. You will have plenty of opportunity to ask our experts your questions, and gain valuable insights on the benefits as an ICT user and as an ICT provider.


Jean-Pierre Bernaerts, DPO & Director GDPR Compliance Services, DPOffice (English)
Tim Van Honsté, Large Enterprise Account Manager, Veritas Technologies (English)


17:30 Wrap up & closing drink


18:30 End