IAPP Data Protection Intensive: Deutschland 2019 in Review
Bavarian Data Protection Commissioner Thomas Petri opened this year’s conference in Munich speaking about challenges in the public sector to meet requirements under the EU General Data Protection Regulation.
Commissioner Petri also highlighted the need to further align practical implementation of the GDPR and passionately spoke about its benefits for citizens in dealing with public authorities and the need to provide more public information on this topic.
In the German session of “The Regulators’ View,” a hot topic of conversation was the use of web-tracking tools. Thomas Kranig, president of the Bavarian Data Protection Authority underlined the position of German DPAs that use of any tracking tools collecting information of website visitors for functions like re-targeting or cross-device tracking requires prior documented consent. He confirmed legal proceedings have begun on Bavarian companies related to this topic and fines will be issued soon.
Barbara Thiel, commissioner at the State Commissioner for Data Protection Lower Saxony, provided insight into her ongoing legal investigations, including health checks on the overall privacy status of approximately 50 companies. Her observation is that companies are struggling to meet minimum IT security standards and to properly conduct privacy impact assessments.
Stefan Brink, commissioner for Data Protection Baden-Württemberg, outlined his perspective on the recent decision allowing DPAs to prohibit use of Facebook Fan Pages in Germany.
Helga Þórisdóttir, data protection commissioner for Iceland, Anu Talus, from the Office of the Data Protection Ombudsman, Finland, and Piotr Drobek, Personal Data Protection Office, Poland, spoke on a panel about enforcement actions in their respective countries and efforts to support and assist DPOs and privacy pros.
As with last year’s event, the session with DPOs speaking to their experience with the GDPR over the last year caught the attention of delegates. Privacy leaders from Birkenstock, BMW, Cerner, Fresenius, Garmin, IBM, PSI Cro and Swiss Re all shared key learnings from their organisations.
Overall, one year on from the GDPR, there was a greater sense of confidence from delegates around compliance with the regulation, and it showed in sessions and questions from the audience that were more focused on the specifics of compliance, program management and the practical nature of process impolementation.
ACCESS 2019 PRESENTATIONS
Where Did All the Handouts Go?
All sponsor handouts are now provided in digital format instead of paper. Access them conveniently at iapp.org/dpide-handouts.