IAPP Data Protection Intensive: Deutschland 2018 in Review

Isabelle Vereecken, head of the EDPB Secretariat at the European Data Protection Board, offered delegates to the IAPP Data Protection Intensive: Deutschland 2018 in Munich her sentiments on the current state of the EDPB and the environment surrounding data protection in Europe. Her words though, could just as easily described how those in attendance felt about the event itself.

"As we see the law moving from theory to the practice, it's a good time to be in data protection law," she said. "We're a data-driven society, so it's a pleasure to be here at the moment."

Over the two days filled with sessions delivered in parallel English and German language tracks, privacy experts spoke to packed rooms of practitioners about their experiences with the cornerstones of their privacy management programs: data mapping, vendor management, the DPO's place in the organization, conducting DPIAs, data subject access rights, and privacy by design.

In a series of “micro talks,” privacy experts gave 15-minute snapshots of their individual experiences over the last year, providing interesting insight even for experienced privacy professionals.

One of the highlight sessions, included Vereecken, who was joined by Bas Van Bockel, head of Department of International, Policy and Strategy at the Dutch DPA. Together, they enumerated several initiatives underway within the EDPB and expectations for this new EU-wide regulatory body that include:

  • The potential adoption of 22 opinions on data protection impact assessment lists prepared by member state supervisory authorities
  • Providing an opinion, at the request of the European Commission, on the recently published draft adequacy decision on Japan
  • The potential release of guidance on the territorial scope of the GDPR which will likely provide guidance on the eEvidence Regulation

In a parallel session joining Mirka Möldner, DPA of Bavaria for the Private Sector with the head of the DPA in the German state of Lower Saxony, Barbara Thiel, the audience learned Thiel’s DPA had begun to audit GDPR compliance with 50 companies. At the moment, the focus is not to fine companies — but DPAs made it clear that companies have to be structurally prepared for the GDPR requirements. 

Questions and discussions also arose during the conference around the level of complaints and breach notifications since the GDPR took effect, how European case law will align with the GDPR, and what will happen with Brexit.

In all, this first-ever IAPP conference in Germany was so successful that plans are already being developed for DPI: Deutschland 2019. If you can’t wait that long, we encourage you to explore two other upcoming IAPP European conferences:

IAPP Europe Data Protection Congress 2018 in Brussels on 28-29 November

IAPP Data Protection Intensive: France 2019 in Paris on 12-13 February (bilingual event)

Hot Topic Sessions


The DPO’s Place in the Organisation

An effective DPO wants to be helpful, create efficiencies by spotting problems early, and be savvy in reducing risk for the organisation. This panel discussion will explore experiences of fitting and doing great work.

Die Stellung des DSB in der Organisation

Datenschutzbeauftragte schaffen Effizienz, wenn sie Sicherheitsprobleme frühzeitig erkennen und Rechtsrisiken für das Unternehmen reduzieren. In diesem Panel geht es um Fallbeispiele/Praxisbeispiele für effektive und erfolgreiche Datenschutz-Implementierung.


Tackling the DPIA: Formats and Foibles

This session will look at methodologies for performing DPIAs correctly, talk about interactions with regulators when they become necessary, and provide concrete tools for making your process more efficient.

Die Datenschutz-Folgenabschätzung (DPIA) bewältigen: Formate und Schwäche

In dieser Sitzung werden Methoden zur korrekten Durchführung von DPIAs behandelt, es wird über Interaktionen mit den Aufsichtsbehörden gesprochen, wann sie notwendig werden, und es werden konkrete Instrumente zur Verbesserung der Effizienz Ihres Prozesses vorgestellt.


Privacy by Design and Privacy by Default—On the Ground

In this panel discussion, we hear about how these concepts are being honoured in practice, and what success looks like. We’ll also get real-world scenarios outlining what privacy by default does—and does not—look like in the product development process.

Datenschutz durch Technikgestaltung und standardmäßiger Datenschutz in der Praxis

Im Panel diskutieren Praktiker wie Privacy by Design oder by Default umgesetzt wird und stellen dabei erfolgreiche Alltagslösungen vor.

Thank You Sponsors!

Gold Sponsors:

Silver Sponsors:

Other Conferences

Certification Training October 16-17
Workshops October 17
Conference October 18-19

P.S.R. is a one-of-a-kind conference that brings together the best of the best in privacy and security, with innovative cross-education and stellar networking. P.S.R. provides technical solutions to privacy concerns and helps you to see beyond your role so you can excel in your role.

Certification Training 26-27 November
Workshops 27 November
Conference 28-29 November

Your source for European data protection policy debate, multi-level strategic thinking and thought-provoking discussion.  The Congress delivers thought leadership, a thriving professional community and unrivalled education.

Certification Training April 30-May 1
Active Learning May 1
Conference May 2-3
Washington, DC

The world’s premier privacy and data protection conference focuses on international topics, policy and strategy. Recognized as a leading forum for discussion, the Summit features expert speakers and top regulators, and delivers unmatched education and networking opportunities.