GDPR dive into the details. Featuring best practices from the Province of Vlaams Brabant (N-sight).

Location:Hof Ten As, Melsbroek




With barely 6 months to go till the GDPR comes into effect, companies now have a good knowledge about the EU data protection regulation, the new rules, and paving the way to compliance.


During this session we’ll dive into some of the GDPR’s more complex features. Veritas Technologies will shed light on the governance of data. We will learn about the approach taken by the Province of Vlaams Brabant for 'Privacy by Design'. We will hear about best practices for a Data Protection Impact Assessment (DPIA) and record-keeping from Allen & Overy. And we'll receive a status update on the implementation legislation from the cabinet of State Secretary De Backer.


Don't forget to pass this invite on to your colleagues, interested in GDPR matters, e.g. your colleagues from legal or business colleagues.


13:00 - 18:00
Hof ten As, Perksesteenweg 37, 1820 Melsbroek



13:00 Welcome coffee


13:30 Welcome and introduction: Beltug's support for its members on the road to GDPR compliance


We’ll give you a short overview of the tools currently available, and what’s coming up.


Ann Guinée, Project Manager, Beltug (English)


13:45 Information Governance and GDPR


Organisations used to manage data regardless of what kind of information it included. But the GDPR will change how they need to handle the information contained in the growing data repositories, regardless whether these are onsite or in the cloud.

With this in mind, after the policy side has been dealt with, what specific technical challenges will confront IT departments, and how do other organisations deal with this?


Jaap den Exter van den Brink, EMEA Information Intelligence Solution Lead, Veritas Technologies (English)


14:15 Q&A: Your questions, your experience


14:30 Privacy by Design: a pragmatic approach


Privacy by Design (PbD), which is a key element of the GDPR, requires a structured approach. Based on ENISA recommendations, the Province of Vlaams-Brabant developed a practical and customised approach.  Karl Pottie shares this approach, and touches on:

  • The 7 pillars of 'Privacy by Design'
  • 8 design strategies and how to put them into practice
  • Using Privacy Enhancing Techniques (PETs)
  • Documenting PbD

Karl Pottie, Expert ICT & CISO, Province of Vlaams-Brabant (Dutch)


15:10 Q&A: Your questions, your experience


15:25 Short coffee break


15:40 The DPIA, record-keeping obligations, and your company


The GDPR requires companies to perform data protection impact assessments and to keep records of their processing activities. These obligations have now been clarified in guidelines from national and European data protection authorities.

We will first look at data protection impact assessments, focussing on:

  • which processing activities are impacted by this obligation
  • when a DPIA is required
  • what, precisely, a DPIA entails.

Next, we will look at the record-keeping obligations: which records companies must retain, and which don’t need to be retained, along with practical examples of what constitutes a record.


Peter Van Dyck, Partner, Allen & Overy (English)


16:10 Q&A: Your questions, your experience


16:25 GDPR in Belgium - status update on the implementation


Charlotte Dereppe will present the two draft acts for implementing the GDPR.  The first concerns the reform of the Belgian Privacy Commission and its new powers.  The second relates to the principles regarding the handling of data.  She will highlight the tools that have been put at your disposal to help you achieve compliance: DPO, certifications, codes of conduct, etc.


Charlotte Dereppe, Privacy adviser to the Cabinet of State Secretary Philippe De Backer (French)


16:55 Q&A: Your questions, your experience


17:10 Wrap up & Closing drink


18:00 End