13:00 Welcome coffee
Ann Guinée, Project Manager, Beltug (English)
13:45 Paradigms of privacy engineering
Getting privacy right is challenging, and the GDPR increases the pressure. The emerging field of privacy engineering aims to address the gap between privacy research and engineering practice, by systematising and evaluating methods, techniques and tools to capture and address privacy issues when engineering information systems. Seda Gürses, who works on privacy and requirements engineering, privacy enhancing technologies, cybersecurity and surveillance, will give an overview of privacy research paradigms in computer science and the nascent field of privacy engineering, discussing how it relates to and goes beyond the requirements of data protection by design.
Seda Gürses, FWO fellow at the COSIC group in the Department of Electrical Engineering, University of Leuven and affiliate at the Center for Information Technology and Policy (CITP) at Princeton University (English)
14:15 Q&A: Your questions, your experience
14:25 What happens if you’re not ready for the GDPR?
Most organisations are already working towards GDPR compliance. But due to different situations including lack of awareness, funds or experienced data protection specialists, a high work load, etc. some will not be ready by 25 May 2018.
During this session we will cover some of the key questions facing businesses who are not certain they will be prepared in time:
- Is there a grace period to achieve compliance?
- What should I do if I suspect my organisation will not be ready on time?
- What is the best way to approach the required work if we started late or have not yet started preparation?
- How will the data protection authorities determine the applicable sanctions?
- What is the worst-case scenario if my company doesn’t achieve compliance?
- If I move all my IT systems to the cloud, can I forget about GDPR?
Rogelio Aguilar, Data Protection Senior Consultant, Sungard Availability Services (English)
14:55 Q&A: Your questions, your experience
15:05 Short coffee break
15:20 New Beltug guidelines - Incident management & privacy management
Bavo Van den Heuvel will present the two newest templates created for Beltug members:
- The Personal Data Breach Management Policy provides guidelines on how to handle a personal data breach: from discovery through lessons learned.
- The Personal Data Protection Management Guidelines will help you ensure that your company’s GDPR compliance level is in line with the regulations, is maintained and is continuously improved.
Bavo Van den Heuvel, Founder/Director of Product Innovation, Cranium (English)
15:50 Q&A: Your questions, your experience
16:00 Your payroll consultant holds massive amounts of sensitive data
Payroll consultants (social secretariats) have access to personal data on your staff. Beltug has developed a questionnaire that you can present to your payroll consultant to verify their own compliance with the GDPR, and to ensure they will process your data in full compliance with the regulation. Danielle Jacobs walks you briefly through this document.
Danielle Jacobs, General Manager, Beltug (English)
16:10 Short coffee break
16:25 The GDPR – what does this mean for your contracts?
The GDPR requires data controllers to include certain clauses in their contracts with data processors. As a consequence, whenever a company outsources part of a processing activity to a third party, these clauses must be included.
In this session, we will discuss, among others:
- which clauses you must include in your contracts with third parties (subcontractors and suppliers);
- the deadline to ensure your contracts are updated;
- what happens if the third-party subcontractor appoints another sub-subcontractor;
- template wording that you can use for your contracts.
To create an interactive discussion, you are invited to share your experiences, both on the content and process for updating your contracts.
Peter Van Dyck, Partner, Allen & Overy (English)
17:25 Wrap up & Closing drink