The GDPR is a European regulation, and this international spirit guided the special joint session for users only, on 24 April 2017. Four associations - CIOForum, EuroCIO, INTUG and Beltug - joined forces and invited their members to a GDPR afternoon, with a special focus on IT vendor assessment.
The speakers shared their expertise and experience from very different perspectives. Peter Van Dyck, Partner at Allen & Overy, explained why we all should care about the regulation. He revealed his insights on the clauses that companies need to foresee in their IT contracts.
Ilse Winters then continued. As the Legal Director for AVEVE, she described AVEVE’s experiences heading towards GDPR compliance, best practices, uncertainties in the regulation, pitfalls and more. Then she explained how AVEVE sees their compliance efforts going forward.
Developing a Code of Conduct for cloud providers was the subject for Jörn Wittmann, Managing Director at SCOPE Europe, who spoke about the importance of trusting a Cloud Service Provider (CSP) before you hand over data and applications. He explained how the creation of a draft Code of Conduct for CSPs led to the creation of a General Assembly of the Cloud Code of Conduct. It aims to ensure members are optimally prepared for the GDPR’s entry into force, and to develop steps for implementing the Code. This Code of Conduct was developed within the C-SIG group of the European Commission, in which INTUG and EuroCIO were involved.
Danielle Jacobs, General Manager at Beltug, and Jean-Pierre Bernaerts, CIO at Indaver, then shared the list - created collaboratively - with key questions to ask an IT supplier in order to ensure compliance with the GDPR. They presented the initiative and discussed with the audience how to extend it to the international level.
To top off the afternoon, Pierre Chastanet, Deputy Head of Unit for Cloud and Software at the European Commission, explained how the European Commission supports the development by the industry of cloud-specific Codes of Conduct, and the cooperation between the EC and the business users.