At this session, we explored several concrete privacy issues from the legal and regulatory perspective: what can you do, what can’t you do, and what must you do. DLA Piper started us off comparing notification requirements based on the various European laws: the NIS2, DORA and GDPR. Then, we looked at whether, how and when companies may access employees’ email boxes, with LYDIAN. Deloitte closed us out with the intersection between the GDPR and the AI Act, specifically in terms of key data protection requirements.

Presentations are available for Beltug members after log-in.

  • DLA Piper presentation: Exploring EU cyber incident notification requirements
  • LYDIAN presentation: Emails at the office – to access or not to access?
  • Deloitte presentation: The EU AI Act and privacy practical attention points for the organisation