13:00 Welcome coffee
13:30 Welcome and introduction: Beltug's support for its members on the road to GDPR compliance
We’ll give you a short overview of the tools currently available, and what’s coming up.
Ann Guinée, Project Manager, Beltug (English)
13:45 Information Governance and GDPR
Organisations used to manage data regardless of what kind of information it included. But the GDPR will change how they need to handle the information contained in the growing data repositories, regardless whether these are onsite or in the cloud.
With this in mind, after the policy side has been dealt with, what specific technical challenges will confront IT departments, and how do other organisations deal with this?
Jaap den Exter van den Brink, EMEA Information Intelligence Solution Lead, Veritas Technologies (English)
14:15 Q&A: Your questions, your experience
14:30 Privacy by Design: a pragmatic approach
Privacy by Design (PbD), which is a key element of the GDPR, requires a structured approach. Based on ENISA recommendations, the Province of Vlaams-Brabant developed a practical and customised approach. Karl Pottie shares this approach, and touches on:
- The 7 pillars of 'Privacy by Design'
- 8 design strategies and how to put them into practice
- Using Privacy Enhancing Techniques (PETs)
- Documenting PbD
Karl Pottie, Expert ICT & CISO, Province of Vlaams-Brabant (Dutch)
15:10 Q&A: Your questions, your experience
15:25 Short coffee break
15:40 The DPIA, record-keeping obligations, and your company
The GDPR requires companies to perform data protection impact assessments and to keep records of their processing activities. These obligations have now been clarified in guidelines from national and European data protection authorities.
We will first look at data protection impact assessments, focussing on:
- which processing activities are impacted by this obligation
- when a DPIA is required
- what, precisely, a DPIA entails.
Next, we will look at the record-keeping obligations: which records companies must retain, and which don’t need to be retained, along with practical examples of what constitutes a record.
Peter Van Dyck, Partner, Allen & Overy (English)
16:10 Q&A: Your questions, your experience
16:25 GDPR in Belgium - status update on the implementation
Charlotte Dereppe will present the two draft acts for implementing the GDPR. The first concerns the reform of the Belgian Privacy Commission and its new powers. The second relates to the principles regarding the handling of data. She will highlight the tools that have been put at your disposal to help you achieve compliance: DPO, certifications, codes of conduct, etc.
Charlotte Dereppe, Privacy adviser to the Cabinet of State Secretary Philippe De Backer (French)
16:55 Q&A: Your questions, your experience
17:10 Wrap up & Closing drink