The GDPR 8 months on - let's untie a few knots! (N-sight)

Location:Living Tomorrow, Vilvoorde


Nearly one year ago, companies went full throttle on their GDPR projects: yet even now, their goals to comply with the Data Protection Regulation still require constant effort.


In this session, we’ll start with a look at how we can embed that effort in our daily operations.  Next, we’ll zoom in on a few knotty elements: we’ll hear how Orange handles 'legitimate interest' and we’ll get an update on the Belgian implementation of the GDPR. Then we’ll round it all out with an update on new privacy tools to help Beltug members:


  • determine whether an organisation is a controller or processor
  • evaluate processors.


Feel free to forward this invitation to your colleagues from legal, your DPO, etc.


Living Tomorrow, Indringingsweg 1, 1800 Vilvoorde



13:30 Welcome coffee


14:00 Introduction


Ann Guinée, Project Manager, Beltug (English)


14:15 Case: The never-ending journey to GDPR compliance - a matter of constant monitoring


Complying with the GDPR is a journey, not a one-off exercise. While most companies across Europe (and beyond) have spent the last years planning and executing their GDPR programs, in 2019 many will move towards monitoring their compliance and consistently reporting their progress. David Stevens will clarify some of the basic aspects of this move, with key topics including:

  • It is always said the GDPR is 'risk-based', but what does this mean in practice? How can we evaluate these risks? What are ‘acceptable’ risks?
  • What are the key areas where risks are likely to occur, and how can these be resolved and monitored? What is the role of the data protection officer in this?
  • What role can 'privacy management tools' play?


David Stevens, Data Protection Officer, Europe, Nielsen (English)


14:45 Q&A: Your questions, your experience


14:55 Case: 'Legitimate interests' - from vague to lawful


This session will aim to clear up the vagueness that often surrounds the use of ‘legitimate interests’ as lawful ground for processing. Based on some real-life examples at Orange, Jan Leonard will illustrate how the ‘balancing exercise’ of legitimate interests of the controller, the impact on the data subject and the rights of individuals could work in practice.


Jan Leonard, Data Protection Officer, Orange (English)


15:25 Q&A: Your questions, your experience


15:35 Coffee break


16:00 The ‘ins and outs’ of the Belgian implementation of the GDPR


Belgium implemented the General Data Protection Regulation (GDPR) with the Data Protection Act of 30 July 2018. Although most of the provisions closely follow the GDPR, there are some noteworthy surprises and complexities that companies should be aware of.


In this session, we will discuss:

  • the Belgian Data Protection Act, focusing on the points where it deviates from, or adds to, the GDPR;
  • the new competencies and investigative powers of the Belgian Data Protection Authority.


Peter Van Dyck, Partner, Allen & Overy (English)


16:30 Q&A: Your questions, your experience


16:40 Data controller or data processor? It’s not always straightforward


Determining whether a service provider/partner is a data controller or a data processor may seem at first glance to be straightforward but, unfortunately, this does not always prove true.  Jean-Pierre Bernaerts will discuss 35 types of service providers and explain why each is to be categorised as processor or as controller.

Then we’ll discuss the new questionnaire created by Beltug in cooperation with DPOffice that enables quick scanning of any type of processor, whether by a small, medium or large controller. Beltug had already created two specific and very detailed questionnaires to support controllers in assessing Cloud Service Providers & Payroll Service Providers in this context. This third questionnaire includes the minimum number of questions that need to be asked in order to evaluate a processor.


Jean-Pierre Bernaerts, External DPO & Data Protection Advisor, DPOffice (English)


17:10 Q&A: Your questions, your experience


17:20 Beltug & Privacy


At Beltug, we are working very hard to make the GDPR regulation and privacy rules more transparent to our members.  We’ll give you an update of our efforts to-date, and hope to hear from you about what more we can do.


Danielle Jacobs, General Manager, Beltug (English)


17:30 Wrap up & Closing drink


18:30 End