Take a deep dive into the details of the GDPR (N-sight)

Location:Hof ten As, Melsbroek


With the GDPR around the corner, we’ve been getting more and more specific about the details. In this N-sight, we turn to our experts for their in-depth knowledge of some specific domains. First, find out about the methodologies, tools and techniques of privacy engineering from Seda Gürses of KU Leuven. Then, what happens if you suspect you won’t quite achieve compliance in time? Rogelio Aguilar of Sungard will go over what you can do, what to expect from the authorities, etc.


As Beltug continues to develop GDPR tools for our members, Bavo Van den Heuvel of Cranium will explain the most recent templates and guidelines and how to use them. Danielle Jacobs will go over the new questionnaire for payroll consultants, targeted especially for the needs of your HR department.


Finally, in a 60-minute workshop, we’ll have the opportunity to learn from Peter Van Dyck of Allen & Overy about the contractual aspects of working with subcontractors.


Is there someone else in your company who would be interested in these specific GDPR issues? Feel free to pass it on to your colleagues involved in legal, procurement, etc.


Hof ten As
Perksesteenweg 37
 1820 Melsbroek





13:00 Welcome coffee


13:30 Introduction


Ann Guinée, Project Manager, Beltug (English)


13:45 Paradigms of privacy engineering

Getting privacy right is challenging, and the GDPR increases the pressure. The emerging field of privacy engineering aims to address the gap between privacy research and engineering practice, by systematising and evaluating methods, techniques and tools to capture and address privacy issues when engineering information systems. Seda Gürses, who works on privacy and requirements engineering, privacy enhancing technologies, cybersecurity and surveillance, will give an overview of privacy research paradigms in computer science and the nascent field of privacy engineering, discussing how it relates to and goes beyond the requirements of data protection by design.


Seda Gürses, FWO fellow at the COSIC group in the Department of Electrical Engineering, University of Leuven and affiliate at the Center for Information Technology and Policy (CITP) at Princeton University (English)


14:15 Q&A: Your questions, your experience


14:25 What happens if you’re not ready for the GDPR?


Most organisations are already working towards GDPR compliance. But due to different situations including lack of awareness, funds or experienced data protection specialists, a high work load, etc. some will not be ready by 25 May 2018.


During this session we will cover some of the key questions facing businesses who are not certain they will be prepared in time:

  • Is there a grace period to achieve compliance?
  • What should I do if I suspect my organisation will not be ready on time?
  • What is the best way to approach the required work if we started late or have not yet started preparation?
  • How will the data protection authorities determine the applicable sanctions?
  • What is the worst-case scenario if my company doesn’t achieve compliance?
  • If I move all my IT systems to the cloud, can I forget about GDPR?


Rogelio Aguilar, Data Protection Senior Consultant, Sungard Availability Services (English)


14:55 Q&A: Your questions, your experience


15:05 Short coffee break


15:20 New Beltug guidelines - Incident management & privacy management


Bavo Van den Heuvel will present the two newest templates created for Beltug members:


  • The Personal Data Breach Management Policy provides guidelines on how to handle a personal data breach: from discovery through lessons learned.
  • The Personal Data Protection Management Guidelines will help you ensure that your company’s GDPR compliance level is in line with the regulations, is maintained and is continuously improved.


Bavo Van den Heuvel, Founder/Director of Product Innovation, Cranium (English)


15:50 Q&A: Your questions, your experience


16:00 Your payroll consultant holds massive amounts of sensitive data


Payroll consultants (social secretariats) have access to personal data on your staff. Beltug has developed a questionnaire that you can present to your payroll consultant to verify their own compliance with the GDPR, and to ensure they will process your data in full compliance with the regulation.  Danielle Jacobs walks you briefly through this document.


Danielle Jacobs, General Manager, Beltug (English)


16:10 Short coffee break




16:25 The GDPR – what does this mean for your contracts?


The GDPR requires data controllers to include certain clauses in their contracts with data processors. As a consequence, whenever a company outsources part of a processing activity to a third party, these clauses must be included.


In this session, we will discuss, among others:


  • which clauses you must include in your contracts with third parties (subcontractors and suppliers);
  • the deadline to ensure your contracts are updated;
  • what happens if the third-party subcontractor appoints another sub-subcontractor;
  • template wording that you can use for your contracts.


To create an interactive discussion, you are invited to share your experiences, both on the content and process for updating your contracts.


Peter Van Dyck, Partner, Allen & Overy (English)


17:25 Wrap up & Closing drink


18:00 End