Privacy and Data Protection Law Forum

The Data Protection Lawyer of the GDPR Era

New to the Congress for 2018. Join data protection law professionals for a special half-day event held in conjunction with Congress workshops on 27 November. The Privacy and Data Protection Law Forum features a distinguished panel of experts in an information-packed programme designed for Europe’s privacy pros.

You can attend just the forum or add it to your Congress registration for a full schedule of learning, networking and collaboration with the data protection community of Europe.

Register Now


Schedule and Programme

Tuesday, 27 November

  • forum 8:00 - 12:45 Registration Open
  • kitchen 8:00 – 9:00 Breakfast
  • expand_more 9:00 – 10:00 The Coming Boom in Data Protection Litigation

    Ulrich Baumgartner, Partner, Osborne Clarke
    Kim Parviainen, Counsel, Castrén & Snellman
    Henriette Tielemans, Partner, Covington & Burling

    Up until now, there has been relatively little data protection litigation in the EU. Most enforcement actions have been settled in back rooms and relatively few cases have made it to the Court of Justice. All that is likely to change now. How will the GDPR—which comes with consumer right of action and regulators with bigger fining powers—change the practice of data protection law? How should you be preparing for court?

  • expand_more 10:00 – 11:00 Advising on Data Subject Access Rights

    Kasey Chappelle, CIPP/US, DPO, GoCardless
    Paul Lanois, CIPP/A, CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT, FIP, Senior Legal Counsel, Credit Suisse
    Jussi Leppälä, CIPP/E, CIPM, CIPT, FIP, DPO, Valmet

    The GDPR is here and while DSARs may not be new, there is new attention on them and data subjects seem to have discovered them anew. But what can data subjects actually request? What are organisations obligated to produce? How can counsel ethically protect both the interests of the organisation and the interests of the data subject? Where does the DPO fit in?

  • local_cafe 11:00 – 11:30 Refreshment
  • expand_more 11:30 – 12:30 Ethically Advising on Data Security

    Vivienne Artz, Global Chief Privacy Officer, Thomson Reuters
    Tobias Bräutigam, CIPP/E, CIPM, FIP, Senior Counsel, Bird & Bird
    Phillip Lee, CIPP/E, CIPM, FIP, Partner, Privacy, Security and Information, Fieldfisher

    The GDPR, much like the Federal Trade Commission’s fairness rules, brings the idea of ‘adequate security’ into law. Both internal and external counsel are going to be asked to define and verify how much, or what kind, of security is adequate. But few lawyers in privacy have the technical know-how to explain exactly what must be done. How do you make it clear that you know what you have to do, but not necessarily how to do it? How do you train your team to speak competently on the subject without them getting mired in firewall configuration and encryption standards? Where is the ethical line for saying, ‘I really don’t know’?

  • close 12:30 – 12:45 Closing Remarks



Vivienne Artz

Global Chief Privacy Officer, Thomson Reuters

Ulrich Baumgartner

Partner, Osborne Clarke

Tobias Bräutigam, CIPP/E, CIPM, FIP

Senior Counsel, Bird & Bird

Phillip Lee, CIPP/E, CIPM, FIP

Partner, Privacy, Security and Information, Fieldfisher

Kim Parviainen

Counsel, Castrén & Snellman

Henriette Tielemans

Partner, Covington & Burling


Continuing Education

CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM and CIPT certificate holders automatically receive 3.25 Group A Continuing Privacy Education (CPE) credits for attending the IAPP Privacy and Data Protection Law Forum. If you have certification questions, please read our CPE policy or e-mail