GDPR in Practice

GDPR in Practice

A unique combination of legal and data management expertise to reach GDPR compliance

1 June 2017 (14-21h)
Location: Parker Hotel (Diegem)
Presented in English by Patrick Van Eecke and Christoph Balduck
Price: 720 EUR (excl. 21% VAT)
Register Now »

This event is history, please check out the List of Upcoming Seminars, or send us an email

Check out our related in-house workshops:

 Learning Objectives

Why this workshop on GDPR ?

May 25th, 2018 is the fixed deadline for your company to be compliant with the General Data Protection Regulation (GDPR). It is a European regulation, not a directive, so it immediately comes into effect in all countries, without local modification or further parlementary approval. You can find the full text of the regulation here in English, and also in the 23 other official languages of the EU. Of course there is also an app for this, courtesy of DLA Piper, and you can find the Android and iOS version here.

We are now halfway through the two-year transition period, which means your company should prepare for compliance now. Although there are still 12 months left, companies should start asap as the implementation of GDPR could involve much more work than the Y2K compliance project.

Besides the damage to your brand reputation when customers see that you don't sufficiently protect their privacy and personal data, companies also risk to be fined for being non-compliant, and this may scare business people more than anything else. For example, a company can be fined up to 2% of global revenue for not having their records in order (article 30), not notifying the supervising authority and data subject about a breach (articles 33, 34), or not conducting impact assessments (article 35). More serious infringements can be charged up to a 4% fine, such as violations of basic principles related to data security (article 5) and conditions for consumer consent (article 7), which are the basis for the Privacy by Design concepts of the GDPR.

But which steps do you need to take ?

  • You'll likely need a Data Protection Officer (DPO), and you can read the fine print in article 37. He or she will advise on, oversee and monitor GDPR compliance, and represent the company when contacting the supervising Data Protection Authority (DPA). Even if you are not explicitly obliged to have a DPO, it is a good idea to have a Chief Privacy Officer (CPO), who will work closely with your Legal Department, your Chief Information Architect (CIA) and your Chief Information Security Officer (CISO). Of course, having an internal/external DPO does not exempt the company's board of directors from its responsibilities and eventual fines in the case of non-compliance.
  • Controllers need to notify the DPA (see above) of a personal data breach within 72 hours (at the latest) after detecting the exposure of personal data which results in risk to the consumer. This could be an accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.
  • The GDPR gives more rights to individuals, such as the right to view, rectify and erase personal data (the latter is often referred to as the "right to be forgotten"), as well as the right to data portability.
  • Even US, UK, Canadian, Japanese, ... companies that process personal information about EU data subjects (customers, personnel, ...), will have to comply with the GDPR because of the extraterritoriality principle. Unfortunately, not every e-commerce, social media player and multinational is aware of this.

All of these steps should be implemented, documented and monitored. This workshop is a unique cooperation of an information governance consultant and a legal GDPR expert who has shared a lot of information to tackle the GDPR:

Who should attend ?

This event is specifically aimed at end-users who want to reach compliance while implementing better information management. The latter includes good data classification, master data management, information governance, security, monitoring, reporting, ... and this may be a good time to start implementing or revisit the best practices, industry standards and information security guidelines that have been around for years. The combination of speakers who focus on the 2 sides of the coin (the legal side and the IT side of GDPR) makes this a highly unique event.

This workshop will be value-for-money for:

  • Data Protection Officers and responsibles for privacy and data protection
  • Information Security Officers and anyone who is responsible for security
  • Information and Data Management professionals
  • Business and Information analysts
  • IT managers, directors and CIO's
  • Information owners, managers and stewards
  • Information, Solution, Process, Integration and Enterprise Architects
  • Legal Staff and Compliance Officers in the public and private sector
  • Business managers, directors and key business users who work with personal data
  • Every stakeholder who works or is responsible for data, tooling, guidelines, security, processes, ...

Some familiarity with the GDPR is required. Check out our collection of the most interesting URLs on privacy, data protection and GDPR.

Also, do not hesitate to send us your questions about GDPR to the organizer of this workshop.

 Full Programme

Registration with coffee/tea and croissants
Welcome + Introducing the speakers, participants and workshop

This one-day facilitated workshop combines the legal implications of the GDPR with information management, governance and security best practices and guidelines. The workshop starts at 14.00h and ends around 21.00h, and is interrupted by an afternoon tea/coffee break and a dinner buffet around 18.00h

The GDPR from a Lawyer's Point-of-View (Antoon Dierick en Patrick Van Eecke, DLA Piper)
  • Data protection throughout the years
  • The essence of the GDPR
  • The rights of the data subject
  • Advantages of a privacy compliant strategy
  • Personal data and sensitive data
  • The role of Data Protection Authorities (DPAs)
  • The role of the Data Protection Officer (DPO)
  • Obligations of data controllers and processors
  • Checklists and steps to take to become GDPR-compliant
The GDPR from a Data Governance Point-of-View (Christoph Balduck)
  • Get control over your data
  • Privacy by design and Privacy by default
  • Doing a Privacy Readiness and Impact Assessment
  • Identifying gaps and opportunities
  • Implementing consent management and the right to be forgotten
  • Is there a reference architecture for privacy and data protection ?
  • How does the GDPR impact big data processing and analytics ?
  • Profiling, anonymisation and pseudonymisation
  • Best practices for organising information and data governance
  • What are the tasks of the DPO ?
  • Passwords, encryption, identity and access management
  • Responding to a data breach
  • Business and IT changes to support:

    • data breach detection, handling and the strict timeframes for reporting
    • data portability
    • the right to be forgotten
    • consent management
  • Data privacy strategy: how to use privacy as a positive differentiator?
  • Integrating privacy impact assessments in every project and the corporate mindset
  • A practical checklist for your GDPR compliance plan
Summary and Conclusions, Final Q & A
End of this seminar

Interesting links about GDPR:


Patrick Van Eecke (DLA Piper)
DLA Piper

Patrick Van Eecke, Lic.Iur., LL.M., is a lawyer and leads the e-business department of the international law firm DLA Piper, which has 4200 lawyers in 30 countries and more than 60 offices.

Patrick Van Eecke is recommended by the Legal 500 and the European Legal Experts as one of the top lawyers in ICT law in Belgium. He is ranked as 1st Belgian lawyer in the "Guide to the World's Leading Technology, Media & Telecommunications Lawyers" and is also in the world's Top 20.

In 2000-2001, Patrick was a research fellow at the Law School of Stanford University, California, and he wrote his PhD on the legal aspects of the digital signature. He is extensively involved in various research and consulting projects for the European Commission and several national governments. Until June 1999, he was advisor to the Minister of Justice on the legal aspects of the information society and he was involved in the implementation of electronic signature-related legislation, computer criminality, and eavesdropping on electronic communication.

Patrick Van Eecke is the author of several legal articles and books on computer crime, electronic signatures, electronic contracting and privacy. Patrick is editor of the Belgian Revue de Droit Commercial (Larcier), the international Journal of Internet Law (Kluwer), the Belgian-Dutch Computerrecht (Kluwer) and the British Computer Law and Security Review (Elsevier). His most recent book "Recht & elektronische handel" was published by Larcier.

Patrick is a regular speaker at national and international conferences, he is often asked to comment on Internet law-related issues in national and international press, e.g. very recently in The Guardian on the Safe Harbour Agreement. He is also a columnist in the Belgian quality newspaper De Standaard about law and e-business.

Patrick is a professor at the University of Antwerp, teaching European Information and Communications Law. He is also a guest lecturer on Internet law at various universities, such as Solvay Business Institute, Kings College London and Queen Mary University of London (LL.M. Information Technology Law).

Patrick is member of the Brussels bar (since 1994) and is an associate member of the American Bar Association.

Participants of previous sessions with Patrick were very excited, making remarks like "Heel veel interactie, zeer positief!", "Very interesting discussions", "Great examples and use cases", "duidelijke, concrete voorbeelden, pertinent", ...

Christoph Balduck (Data Trust Associates)
Data Trust Associates

Christoph Balduck is a Managing Partner at Data Trust Associates, a company that offers Data Privacy, Data Protection and Information Management services.

Before that, he held the position as Practice Lead for master data management, data privacy and data protection (DPO) at Inpuls. This position covered most information management capabilities such as: information & data governance, information & data architecture, information strategy, data quality, master data management, ... as well as enterprise & process architecture. Besides the typical information management capabilities he advised companies on how to practically prepare for and implement the strict EU data protection and data privacy regulation (GDPR). He also coached, advised and executed on roles as Chief Data Officer (CDO), Data Protection Officer (DPO) and Head of Information Management.

He is a Certified Data Protection Officer via the EIPA (European Institute for Public Administration).

Questions about this ? Interested but you can't attend ? Send us an email !