Greetings from Brussels!

Coming back from the Atlas Mountains of Morocco late last week, where I attended the International Privacy Conference, it was little more than a pit stop here in Brussels before boarding another flight – destination: the Nordics. It is a busy time for privacy pros, with a packed calendar offering up lots of interesting events. After the taxing heat of Marrakech, the fresher climate of Stockholm was a welcome change. The occasion was the inaugural Nordic Privacy Arena event, hosted by the Swedish Data Protection Forum, or Forum för Dataskydd, as they are known in this part of the world.

As one of Sweden’s key privacy personalities leading GDPR awareness efforts, Caroline Olstedt Carlström is the sitting chairwoman of the Swedish Forum. I am happy to say that Caroline is also a past chair of our local Stockholm chapter KnowledgeNet and also an active member of the IAPP European Advisory Board. I was delighted to be involved in this first event of its kind in the Nordics, providing the opening address on the "Emerging DPO role under the GDPR." Caroline and I had been discussing the framework for the event since June of last year, and it was wonderful to see it realized and with such success. Over 195 privacy pros from Sweden, Finland, Denmark and Norway packed the venue with media present to report on the event.

The agenda was ambitious, covering diverse privacy themes, including the viewpoint of citizens and users’ privacy, as well as the organizational perspective of the GDPR and how this will impact operations. Highlights included a multinational case study on GDPR preparation presented by David Frydlinger, lawyer and partner at Lindahl law firm, and an interesting narrative on the GDPR as a companion for the digital transformation of the financial industry delivered by Maria Holmström Mellberg, Group Lead GDPR & Privacy for Nordea.

Incidentally, Nordea Bank, the largest indigenous bank in the Nordics, is also one of our newest IAPP corporate members, so it was a pleasure to see Maria actively engaged in the event.

There were also a number of panels, one of which reinforced my morning address, on the role of the data protection officer in Europe, providing a roundtable on tips and tricks to solving the privacy puzzle in practice. With renowned privacy thought leaders, the panel was chaired by Bojana Bellamy of CIPL Hunton & Williams. Additional presentations on the theme of international data flows, tools and strategies were concluded with a panel chaired by Michael Hopp, head of Data Protection Law at Plesner Law Firm in Copenhagen. The afternoon was colored with the much-anticipated keynote from Max Schrems, followed by concluding DPA-focused presentations and a panel on the areas of DPA execution, control, and Nordic collaboration, with contributions from Peter Schaar; Kristina Svahn-Starrsjö, Director General, Swedish Data Protection Authority; and Viljar Peep, Director General, Estonian Data Protection Inspectorate.

The Nordic Privacy Arena was clearly insightful and well timed for many, reflected in the conversations I had during the breaks. A good many Nordic professionals are beginning to take note of the GDPR with its coming into force in a little more than 18 months. It was also a decent opportunity to catch up with IAPP members present. I was also able to talk with representatives of Swedish industry groups, who confirmed the need for greater GDPR awareness and that preparation is sorely needed in a region where the debate has been less visible than in other European countries. I was also fortunate to have a meeting with Svahn-Starrsjö of the Swedish Data Protection Authority and Elizabeth Wallin, responsible for the DPA’s international relations, to discuss the state of privacy in Sweden and the growing need for DPO functions in Europe.

The visit to Stockholm on the whole was a great opportunity to discuss how the IAPP is continuing to support the privacy profession in Europe. There is growing momentum and a sense of urgency around GDPR; with the IAPP Data Protection Congress a matter of weeks away, the high rate of registration is testament to the level of attention around GDPR, in what will be our biggest ever event in Brussels.