Privacy and Data Protection Law Forum
The Data Protection Lawyer of the GDPR Era
New to the Congress for 2018. Join data protection law professionals for a special half-day event held in conjunction with Congress workshops on 27 November. The Privacy and Data Protection Law Forum features a distinguished panel of experts in an information-packed programme designed for Europe’s privacy pros.
You can attend just the forum or add it to your Congress registration for a full schedule of learning, networking and collaboration with the data protection community of Europe.
While everyone in privacy and data protection has been focused on complying with the General Data Protection Regulation, there is much more to practicing privacy and data protection law than simply understanding what the GDPR says. What is the data protection lawyer's role inside an organisation? Should the DPO be a lawyer? What role will plaintiffs' lawyers play in the new era of the GDPR and new data subject rights? How will lawyers interact with regulators and when are those interactions likely to lead to seeing them in court? This half-day workshop will focus on answering these questions and more. As an opportunity for data protection lawyers of all stripes to come together and focus on the profession, the workshop is a way to network, learn, and look to the future.
Learn more: Scroll down to Schedule and Programme for expandable session descriptions.
What you’ll take away:
- Discuss the data protection lawyer’s role in the new era of the GDPR and data subject rights
- Greater understanding on interacting with regulators and what may lead to enforcement actions
- Discuss the future of the data protection lawyer as a profession
Schedule and Programme
Tuesday, 27 November
forum 8:00 - 12:45 Registration Open
kitchen 8:00 – 9:00 Breakfast
expand_more 9:00 – 10:00 The Coming Boom in Data Protection Litigation
Up until now, there has been relatively little data protection litigation in the EU. Most enforcement actions have been settled in back rooms and relatively few cases have made it to the Court of Justice. All that is likely to change now. How will the GDPR—which comes with consumer right of action and regulators with bigger fining powers—change the practice of data protection law? How should you be preparing for court?
expand_more 10:00 – 11:00 Advising on Data Subject Access Rights
Kasey Chappelle, CIPP/US, DPO, GoCardless
Paul Lanois, CIPP/A, CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT, FIP, Senior Legal Counsel, Credit Suisse
Jussi Leppälä, CIPP/E, CIPM, CIPT, FIP, DPO, Valmet
The GDPR is here and while DSARs may not be new, there is new attention on them and data subjects seem to have discovered them anew. But what can data subjects actually request? What are organisations obligated to produce? How can counsel ethically protect both the interests of the organisation and the interests of the data subject? Where does the DPO fit in?
local_cafe 11:00 – 11:30 Refreshment
expand_more 11:30 – 12:30 Ethically Advising on Data Security
Vivienne Artz, Global Chief Privacy Officer, Thomson Reuters
Tobias Bräutigam, CIPP/E, CIPM, FIP, Senior Counsel, Bird & Bird
Phillip Lee, CIPP/E, CIPM, FIP, Partner, Privacy, Security and Information, Fieldfisher
The GDPR, much like the Federal Trade Commission’s fairness rules, brings the idea of ‘adequate security’ into law. Both internal and external counsel are going to be asked to define and verify how much, or what kind, of security is adequate. But few lawyers in privacy have the technical know-how to explain exactly what must be done. How do you make it clear that you know what you have to do, but not necessarily how to do it? How do you train your team to speak competently on the subject without them getting mired in firewall configuration and encryption standards? Where is the ethical line for saying, ‘I really don’t know’?
close 12:30 – 12:45 Closing Remarks
Global Chief Privacy Officer, Thomson Reuters
Partner, Osborne Clarke
Senior Counsel, Bird & Bird
Senior Legal Counsel, Credit Suisse
Partner, Privacy, Security and Information, Fieldfisher
Counsel, Castrén & Snellman
Partner, Covington & Burling
CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM and CIPT certificate holders automatically receive 3.25 Group A Continuing Privacy Education (CPE) credits for attending the IAPP Privacy and Data Protection Law Forum. If you have certification questions, please read our CPE policy or e-mail firstname.lastname@example.org.