13:30 Welcome coffee
Ann Guinée, Project Manager, Beltug (English)
14:15 Case: The never-ending journey to GDPR compliance - a matter of constant monitoring
Complying with the GDPR is a journey, not a one-off exercise. While most companies across Europe (and beyond) have spent the last years planning and executing their GDPR programs, in 2019 many will move towards monitoring their compliance and consistently reporting their progress. David Stevens will clarify some of the basic aspects of this move, with key topics including:
- It is always said the GDPR is 'risk-based', but what does this mean in practice? How can we evaluate these risks? What are ‘acceptable’ risks?
- What are the key areas where risks are likely to occur, and how can these be resolved and monitored? What is the role of the data protection officer in this?
- What role can 'privacy management tools' play?
David Stevens, Data Protection Officer, Europe, Nielsen (English)
14:45 Q&A: Your questions, your experience
14:55 Case: 'Legitimate interests' - from vague to lawful
This session will aim to clear up the vagueness that often surrounds the use of ‘legitimate interests’ as lawful ground for processing. Based on some real-life examples at Orange, Jan Leonard will illustrate how the ‘balancing exercise’ of legitimate interests of the controller, the impact on the data subject and the rights of individuals could work in practice.
Jan Leonard, Data Protection Officer, Orange (English)
15:25 Q&A: Your questions, your experience
15:35 Coffee break
16:00 The ‘ins and outs’ of the Belgian implementation of the GDPR
Belgium implemented the General Data Protection Regulation (GDPR) with the Data Protection Act of 30 July 2018. Although most of the provisions closely follow the GDPR, there are some noteworthy surprises and complexities that companies should be aware of.
In this session, we will discuss:
- the Belgian Data Protection Act, focusing on the points where it deviates from, or adds to, the GDPR;
- the new competencies and investigative powers of the Belgian Data Protection Authority.
Peter Van Dyck, Partner, Allen & Overy (English)
16:30 Q&A: Your questions, your experience
16:40 Data controller or data processor? It’s not always straightforward
Determining whether a service provider/partner is a data controller or a data processor may seem at first glance to be straightforward but, unfortunately, this does not always prove true. Jean-Pierre Bernaerts will discuss 35 types of service providers and explain why each is to be categorised as processor or as controller.
Then we’ll discuss the new questionnaire created by Beltug in cooperation with DPOffice that enables quick scanning of any type of processor, whether by a small, medium or large controller. Beltug had already created two specific and very detailed questionnaires to support controllers in assessing Cloud Service Providers & Payroll Service Providers in this context. This third questionnaire includes the minimum number of questions that need to be asked in order to evaluate a processor.
Jean-Pierre Bernaerts, External DPO & Data Protection Advisor, DPOffice (English)
17:10 Q&A: Your questions, your experience
17:20 Beltug & Privacy
At Beltug, we are working very hard to make the GDPR regulation and privacy rules more transparent to our members. We’ll give you an update of our efforts to-date, and hope to hear from you about what more we can do.
Danielle Jacobs, General Manager, Beltug (English)
17:30 Wrap up & Closing drink