With the GDPR around the corner, we’ve been getting more and more specific about the details. In this N-sight, we turned to our experts for their in-depth knowledge of some specific domains.
The presentations from the event are available, exclusively for Beltug members (after login).
First, we found out about the methodologies, tools and techniques of privacy engineering from Seda Gürses of KU Leuven. Getting privacy right is challenging, and the GDPR increases the pressure. The emerging field of privacy engineering aims to address the gap between privacy research and engineering practice, by systematising and evaluating methods, techniques and tools to capture and address privacy issues when engineering information systems. Seda raised some interesting questions regarding the GDPR. The GDPR was not drafted with new technology in mind, so what gaps and potential challenges does that raise? What about social media: can you tag people in group photos without their permission? As IoT becomes more prevalent in all areas of society, what will be acceptable or not for this technology that has no human ‘social values’? Finally, as we increasingly use algorithms in decision making, most automated systems will be biased: what impact will this have?
What happens if you’re not ready for the GDPR?
Next up was Rogelio Aguilar of Sungard AS, who took us into the topic of what to do if you don’t achieve compliance by the deadline: what you can do, what to expect from the authorities, etc. Rogelio explained that the main problem for companies probably won’t be fines but will instead be linked to what happens when you have a new contract and the customer wants to know about your privacy settings. What sort of image will you have in the privacy domain?
Rogelio reminded us that the GDPR involves and impacts a lot of different job profiles within companies, so it needs to be a business strategy. Rogelio also brought up the specific issue of the many companies with IT set-ups in India, which lack the necessary safeguards. It’s a situation waiting to be exploited, he warned.
New Beltug GDPR tools for members
Then Bavo Van den Heuvel of Cranium presented the most recent Beltug templates and guidelines. Beltug continues to develop GDPR tools for our members, and Bavo took us through two new ones, and how to use them:
Then Danielle Jacobs from Beltug, walked us through the new questionnaire for payroll consultants, targeted especially for the needs of HR departments. Payroll consultants (social secretariats) have access to personal data on your staff. You can present the Beltug questionnaire to your payroll consultant to help you verify their compliance with the GDPR, and to ensure they will process your data in full compliance with the regulation.
What does the GDPR mean for contracts?
Finally, in a 60-minute workshop, we had the opportunity to learn from Peter Van Dyck of Allen & Overy about the contractual aspects of working with subcontractors. We together addressed what the GDPR means for contracts. The GDPR requires data controllers to include certain clauses in their contracts with data processors. As a consequence, whenever your company outsources part of a processing activity to a third party, these clauses must be included. So, which clauses do you need to include in your contracts with subcontractors and suppliers, what is the deadline for updating your contracts, what happens when your third-party subcontractor appoints another sub-subcontractor? We also went over template wording that you can use for your contracts.
Access to more information about this topic and/or to download the paper is easy and fast, but exclusively for Beltug members (just login to get access).
Beltug gathers a lot of information. Here you find the advantages of Beltug membership
The Beltug Team
Click here to login