Data privacy and data protection sentiments are shifting as new legislation becomes applicable. There is a strong need for DPOs (Data Protection Officers) and other privacy experts. Moreover, DPOs want to connect and exchange knowledge, experiences and best practices, also after the GDPR ‘deadline’. A series of EU data protection conferences, kicking off on 15 June 2018 in Brussels (Belgium) makes it possible.
Personal data protection, privacy and compliance with regulations such as the General Data Protection Regulation (GDPR) and the ePrivacy Regulation are ongoing efforts. They are not about just deadlines, avoiding administrative fines, enabling the exercise of data subject rights and projects.
The attitudes regarding privacy and the usage of personal data really are changing since several years. Regulations play a clear role but they are not alone. Personal data protection is a journey amid a changing mindset across the globe and data protection officers or DPOs and the ecosystems within which they work (internal and external) are key in it.
Although many organizations already had DPOs, which is far from a novel function and notion, the number of DPOs certainly has increased.
While before the GDPR only a few countries across the globe, such as Germany, had laws that made a Data Protection Officer mandatory, under the GDPR it’s mandatory in several cases. This doesn’t mean that organizations which don’t fall under the conditions that make a DPO mandatory don’t have DPOs, well on the contrary.
On June 15th, 2018, they meet at the DPO Conference in Brussels.
Why the attention for privacy and personal data protection will continue to grow and DPOs remain in high demand
For many organizations it is hard to fill in the DPO position. Looking at it from the GDPR perspective there are several options. However, given the rising attention for privacy in recent years and certainly with the GDPR, there is a shortage of DPOs.
Furthermore, it doesn’t look as if the attention for privacy and personal data usage and protection is about to drop after the GDPR, ePrivacy Regulation and so forth. And it doesn’t look as if it will be just a matter of the EU and other countries/territories with strong privacy laws, such as Canada.
Two names to make that clear: Facebook and Cambridge Analytica. The story of Facebook and Cambridge Analytica was well known since quite some time except for some details. Yet, it didn’t really got much attention despite several professional journalists having done some serious digging and reporting in leading news media. It took time before it went global and as it now clearly has due to a mix of events and changing circumstances.
We see it as an additional trigger for growing awareness regarding the usage of personal data and privacy overall, the need for data protection laws and most probably more effective privacy laws in countries where perhaps the attention for personal data protection was less outspoken so far.
Shaping DPO communities of knowledge exchange and networking
Taking all this into account it is a good time to become a certified data protection officer as a next career move indeed. On top of all the new data protection officers being certified as a result of GDPR, there are of course many people who have been DPO – or fulfilled that role without explicitly carrying that title – since a long time.
They have different backgrounds and are active in various departments: risk, legal, compliance, IT, security and many others.
A while ago we participated in a DPO round table with some data protection officers (again, not all carrying that title but effectively being one in practice; the GDPR doesn’t say that in order to be a DPO you need to be certified as one under a specific program) of large companies.
It once more was striking to see how de facto DPOs are eager to convene, share best practices, share their concerns and look to understand how others would deal with them and really form a community.
In fact, as 1) there is a clear increasing demand for DPOs, 2) there are ever more DPOs in organizations where personal data processing occurs, 3) there is a shortage of DPOs, 4) there are external parties specializing in providing DPO services to several companies (DPO as a Service) and 5) there are data protection teams, including third parties such as consultants, data privacy experts, lawyers etc. and/or internal legal teams, information governance professionals, cybersecurity experts and so on which are de facto involved and get trained to work under and with a DPO, these forms of knowledge sharing are essential.
The EU data protection conference Brussels: connecting the stakeholders and facilitating exchanges
It’s exactly why we decided to partner with the organizers of this – and other – DPO round tables who kick off this series of EU data protection conferences under the name DPO conference.
Why? Because it truly matters to not just hear experts from different backgrounds but also to convene representatives from all involved stakeholders in the broader ecosystem: from governments and data protection authorities (DPAs) to the academic world, lawyers, providers of DPO services, security experts, information governance experts and, most obviously, the people that watch over compliance, privacy and personal data protection within their organizations: DPOs and the teams, internal and external, they work with.
And let’s not forget the fact that as the European Commission puts it, on top of a concerted effort with several steps and GDPR awareness initiatives, succeeding in GDPR is most of all a matter of people with the know-how and experience to collaboratively strive towards GDPR compliance in a ‘concerted way’ as well, whereby the GDPR articles and GDPR recitals are one thing and practice definitely another.
Speakers and topics at the EU data protection conference in Brussels
For an overview of the agenda take a look at the site of the DPO conference as new names and topics are added. Below is already a list with some topics and speakers.
With confirmed speakers such as the Belgian Secretary of State for Privacy Philippe De Backer (politically responsible for the local DPA); Sentiance DPO and President of the Professional Association of Belgian DPOs Bart van Buitenen; privacy law expert Prof. Dr. Paul de Hert; ICT & Data Protection Lawyer (and external DPO) Johan Vandendriessche (among the first to have intensively worked around the ePrivacy Regulation) and DPO and Data Trust Associates (which among others has a DPO as a Service value proposition) co-founder Christoph Balduck, the organizers succeeded in setting the scene for knowledge exchange and loads of interaction in a community approach.
With the various topics at the DPO conference in Brussels, ample areas are touched upon for local and international visitors. The confirmed topics include “To prevent & protect: how they steal data from your website” (by Zion Security CEO & Chief Hacking Officer Erwin Geirnaert), “The next steps for DPOs” (by Bart van Buitenen), an overview of the GDPR by Prof. Dr. Paul de Hert and of the new Belgian Privacy Law by Belgian Secretary of State for Privacy, Philippe De Backer, a presentation on the free flow of data by Danielle Jacobs (an important international topic, brought by Danielle, the seasoned Chairman of the Board of INTUG and GM of Beltug) and a look at ePrivacy with Johan Vandendriessche.
In the scope of sharing best practices, experiences and knowledge there is also room for networking and, at least as important, for practical examples and cases of organizations, such as Essent with legal advisor Julieta Corremans and the previously mentioned SUSI.ie (Student Universal Support Ireland).
More speakers and topics are coming. The first EU data protection conference series in Brussels will be closed (before the networking and drinks, that is) with a panel on “Successful GDPR projects – now & in the future”, moderated by Christoph Balduck, DPO and Data Trust Associates Managing Partner.
All images are the property of their respective mentioned owners.