IAPP Data Protection Intensive: Deutschland 2018 in Review
Isabelle Vereecken, head of the EDPB Secretariat at the European Data Protection Board, offered delegates to the IAPP Data Protection Intensive: Deutschland 2018 in Munich her sentiments on the current state of the EDPB and the environment surrounding data protection in Europe. Her words though, could just as easily described how those in attendance felt about the event itself.
"As we see the law moving from theory to the practice, it's a good time to be in data protection law," she said. "We're a data-driven society, so it's a pleasure to be here at the moment."
Over the two days filled with sessions delivered in parallel English and German language tracks, privacy experts spoke to packed rooms of practitioners about their experiences with the cornerstones of their privacy management programs: data mapping, vendor management, the DPO's place in the organization, conducting DPIAs, data subject access rights, and privacy by design.
In a series of “micro talks,” privacy experts gave 15-minute snapshots of their individual experiences over the last year, providing interesting insight even for experienced privacy professionals.
One of the highlight sessions, included Vereecken, who was joined by Bas Van Bockel, head of Department of International, Policy and Strategy at the Dutch DPA. Together, they enumerated several initiatives underway within the EDPB and expectations for this new EU-wide regulatory body that include:
- The potential adoption of 22 opinions on data protection impact assessment lists prepared by member state supervisory authorities
- Providing an opinion, at the request of the European Commission, on the recently published draft adequacy decision on Japan
- The potential release of guidance on the territorial scope of the GDPR which will likely provide guidance on the eEvidence Regulation
In a parallel session joining Mirka Möldner, DPA of Bavaria for the Private Sector with the head of the DPA in the German state of Lower Saxony, Barbara Thiel, the audience learned Thiel’s DPA had begun to audit GDPR compliance with 50 companies. At the moment, the focus is not to fine companies — but DPAs made it clear that companies have to be structurally prepared for the GDPR requirements.
Questions and discussions also arose during the conference around the level of complaints and breach notifications since the GDPR took effect, how European case law will align with the GDPR, and what will happen with Brexit.
In all, this first-ever IAPP conference in Germany was so successful that plans are already being developed for DPI: Deutschland 2019. If you can’t wait that long, we encourage you to explore two other upcoming IAPP European conferences:
IAPP Europe Data Protection Congress 2018 in Brussels on 28-29 November
IAPP Data Protection Intensive: France 2019 in Paris on 12-13 February (bilingual event)