Program 2018

8.20 – 8.50

Registration and welcome coffee

8.50 – 9.00

Opening remarks from Euroforum and the conference chair

Bojana Bellamyflagge-eng Bojana Bellamy
President, Centre for Information Policy Leadership
Hunton & Williams, UK

9.00 – 9.20 KEYNOTE

jourovaflagge-eu Vera Jourová
European Commissioner for Justice, Consumers and Gender Equality
European Commission

9.20 – 9.30

qa Q&A

9.30 – 9.50

Irish DPC final reflections – The new data protection era dawns

Helen Dixonflagge-irland Helen Dixon
Data Protection Commissioner

9.50 – 10.10

The new law enforcement infrastructure of the GDPR

Johannes Casparflagge-eng Prof. Dr Johannes Caspar
Data Protection Officer
Federal State Hamburg, Germany

10.10 – 10.30

Innovation in compliance with GDPR

Peter Fleischerflagge-fr Peter Fleischer
Global Privacy Counsel
Google, Inc., France

10.30 – 11.10


GDPR, compliance and current developments in data protection – chances and challenges

Johannes Caspar Helen Dixon Peter Fleischer Zoe Strickland

Prof. Dr Johannes Caspar
Helen Dixon
Peter Fleischer
Zoe Strickland, Managing Director, Global Chief Privacy Officer, JPMorgan Chase & Co.

11.10 – 11.40

Coffee break

11.40 – 12.00 KEYNOTE

Giovanni Buttarelliflagge-eu Giovanni Buttarelli
European Data Protection Supervisor (EDPS)

12.00 – 12.20

A new regulatory chapter for (UK) data protection – what to expect from a regulator with an international outlook

Elizabeth Denhamflagge-eng Elizabeth Denham
Information Commissioner, UK

12.20 – 12.40 KEYNOTE

Florence Raynalflagge-fr Florence Raynal
Deputy Director, Head of the Department of European and International Affairs
CNIL, France

12.40 – 13.00 KEYNOTE

Barbara Thielflagge-eng Barbara Thiel
Data Protection Officer
Federal State Niedersachsen, Germany

13.00 – 13.20

GDPR, 25th May 2018: The end of the beginning

Stephen Deadmanflagge-eng Stephen Deadman
Global Deputy Chief Privacy Officer

13.20 – 14.20


14.20 – 14.40

Data Privacy developments: An American Perspective

stevensonflagge-usa Hugh Stevenson
Deputy Director, Office of International Affairs
U.S. Federal Trade Commission, USA


14.40 – 15.00

Privacy Shield: Protecting Privacy and Enabling Cross-Border Data Transfers in a Global Economy

sullivanflagge-usa James Sullivan
International Trade Administration
U.S. Department of Commerce, USA

15.00 – 15.40


Privacy challenges in international data transfers

Elizabeth Denham Bruno Gencarelli sullivan Eu Gene Tan

Elizabeth Denham
Bruno Gencarelli,
Head of Unit International Data Flows and Protection, European Commission
James Sullivan
Eu Gene Tan, Legal Counsel Ethics & Compliance, Data Privacy, Accenture, Singapore

15.40 – 16.10

Coffee break

16.10 – 16.30

Update on the proposed ePrivacy Regulation

Fenneke Buskermolenflagge-eu Fenneke Buskermolen
Unit Cybersecurity and Digital Privacy
European Commission

16.30 – 16.50

GDPR versus ePrivacy: Where is the right balance?

Stefano Frattaflagge-Spain Stefano Fratta
Legal Director for Consumer, Fintech and Big Data
Telefónica CCDO, Spain

16.50 – 17.30


ePrivacy: 2018 and beyond

Fenneke Buskermolen Stephen Deadman Willem DebeuckelaereStefano Fratta David Martin

Fenneke Buskermolen, Unit Cybersecurity and Digital Privacy, European Commission
Stephen Deadman, Global Deputy Chief Privacy Officer, Facebook
Willem Debeuckelaere, President, Commission for the Protection of Privacy, Belgium
Stefano Fratta, Telefonica
David Martin, Senior Legal Officer, BEUC



The German Spy Museum Berlin gives a unique insight into the gloom of espionage right where the Wall once divided the city. Visitors are welcome to use the most recent multimedia-based technology to detect all the bizarre and sneaky methods of agents and secret services. Afterwards we cordially invite you to a typical Berlin dinner with “Currywurst”.

8.40 – 9.10

Registration and welcome coffee

9.10 – 9.20

Opening remarks from Euroforum  and the conference chair

Prof. Dr Ulrich Wuermeling LL.M.flagge-eng Prof. Dr Ulrich Wuermeling LL.M.
Visiting Professor, Queen Mary University of London
Partner, Latham & Watkins, Germany

9.20 – 9.40

Data protection towards security, prevention and law enforcement: Cut the Gordian knot

Willem Debeuckelaereflagge-eng Willem Debeuckelaere
Commission for the Protection of Privacy, Belgium

9.40 – 9.50

qa Q&A

9.50 – 10.10

The cybersecurity requirements of GDPR – a regulatory and practical analysis of the requirements

Ilias Chantzosflagge-eng Ilias Chantzos LL.M.
Senior Director EMEA and APJ, Global CIP and Privacy
Advisor Government Affairs, Symantec Corporation,

10.10 – 10.30

Artificial Intelligence and data protection

Julie Brillflagge-usa Julie Brill
Corporate Vice President and Deputy General Counsel
Microsoft, USA

10.30 – 10.50

Machine Learning with Personal Data under the GDPR

  • What is automated individual decision-making and when is it permitted?
  • Making sense of the requirement to provide ‚meaningful information about the logic involved‘
  • Practical design implications for machine learning processes

Prof Christopher Millardflagge-eng Prof. Christopher Millard
Professor of Privacy and Information Law, Centre for Commercial Law Studies
Queen Mary University of London, UK

10.50 – 11.00

qa Q&A

11.00 – 11.30

Coffee break

11.30 – 11.50

Subject Access Rights: DSGVO Implementation Guide

  • DSGVO grants data subjects new rights including: data portability, access, erasure or “right to be forgotten”, and rectification.
  • Data controllers have new specific record keeping requirements around the time to respond, the ability to request an extension, the requirement to validate the identity, and securely transmitting the response to the individual.
  • Learn how with privacy management software can streamline and automate requests, validation, and notification processes.

Ian Evansflagge-usa Ian Evans
Managing Director
OneTrust EMEA

11.50 – 12.10

Data Breach Notification under the GDPR: Practical Lessons from the U.S. Experience

  • Similarities and contrasts between EU and U.S. requirements
  • Tailoring the right breach notification procedures for your organization
  • Establishing the breach response team – before the breach occurs!
  • Planning and practicing – how to conduct a realistic table top exercise
  • Interacting with regulators, activists and the press
  • Best practices for data subject notification
  • Successfully communicating developments to senior leadership

Jonathan Avilaflagge-usa Jonathan Avila
Chief Privacy Officer
Wal-Mart Stores, Inc., USA

12.10 – 12.20

qa Q&A

12.20 – 12.40

GDPR: Beyond the Talk, Let’s Get to Execution

  • How to take a strategic view of the data management challenges in GDPR
  • How to repurpose the data (and slash costs) to solve other governance issues such as eDiscovery, compliance, and records management
  • Methodologies in evaluating and comparing different GDPR/governance solutions in the marketplace

Kon Leongflagge-usa Kon Leong
ZL Technologies, USA

12.40 – 13.40


13.40 – 14.00

Communicating data practices to children: How to achieve substantive protections through transparency

Katherine Tassiflagge-usa Katherine M. Tassi
Deputy General Counsel
Snap Group Limited, USA

14.00 – 14.20

The new DPO role from a practical perspective

Marc Placzek flaggeDr Anna Zeiter LL.M.flagge

Marc Placzek, Director Global Privacy, Data Protection Officer, PayPal (Europe) S.à r.l. et Cie, S.C.A.,  Luxembourg
Dr Anna Zeiter LL.M. (Stanford), Chief Privacy Officer, eBay Inc., Switzerland

14.20 – 14.40

Privacy trends in Asia Pacific

  • News on CBPR
  • Data localization trends by country
  • China, India and beyond

Eu Gene Tanflagge-singapur Eu Gene Tan
Legal Counsel Ethics & Compliance, Data Privacy
Accenture, Singapore

14.40 – 15.00

Health data protections and the new risk landscape

  • Recent changes in health data uses and what it means
  • The role of consent in health data uses
  • Key current controversies in health data uses
  • Matching health data protections to the emerging risks: What does GDPR protect/leave out?

Pam Dixonflagge-usa Pam Dixon
Executive Director
World Privacy Forum, USA

15.00 – 15.30

Coffee break

Choose your individual subject!


Prof. Dr Ulrich Wuermeling LL.M.MODERATOR:
Prof. Dr Ulrich Wuermeling LL.M.

15.30 – 15.50

GDPR: From Challenge to Transformation

  • IBM’s global GDPR readiness journey and beyond
  • Intelligent data governance and processing solutions
  • Creating new business opportunities through trust and transparency
  • Privacy by design in practice

Cristina Cabellaflagge-singapur Cristina Cabella
IBM Corporation
Chief Privacy Officer, Italy

15.50 – 16.10

Could the ISO privacy standards help Data Protection Officers to better sell GDPR compliance tasks to Engineers?

  • Overview ISO privacy framework from a Data Protection Officer’s point of view
  • ISO/IEC 29134 (Guidelines for privacy impact assessments) and Data Protection Impact Assessments under GDPR
  • ISO 25237 (Health informatics – pseudonymization) and pseudonymization under GDPR

Uwe W Fiedlerflagge-eng Uwe W. Fiedler
Chief Privacy Officer
Parexel International, Germany

16.10 – 16.30

Preparing for litigation under the GDPR – the companies’ perspective

  • New litigation options for data subjects under the GDPR – who, when and where?
  • Litigation against supervisory authorities, in particular against fines
  • Relationships between controllers and processors and between joint controllers and their implications for litigation
  • Litigation following data breaches
  • Lessons learned from other areas of the law, and from other countries

Dr Martin Braunflagge-eng Dr Martin Braun
WilmerHale, Germany

16.30 – 16.50

GDPR is here, what now for Processors and Controllers?

Bojana Bellamyflagge-eng Ralph T O’Brien
Principal Consultant, Europe

16.50 – 17.00

qa Final discussion, Q&A


Bojana BellamyMODERATOR:
Bojana Bellamy

15.30 – 15.50

IoT, apps, GDPR and now ePrivacy: What to do to get it right?

Simon Haniaflagge-holland Simon Hania
Vice President Privacy & Security
TomTom, The Netherlands

15.50 – 16.10

Data Protection in a Payment Environment

  • Introduction into Online Merchant’s Payments
  • Touchpoints with personal data
  • Applicable law and use cases
  • Future Developments

Bernd Suchomski LL.M.flagge-eng Bernd Suchomski LL.M.
Legal Counsel Data & IT Law
Zalando SE, Germany

16.10 – 16.30

EU-U.S. and other Third Country data transfers

  • Privacy Shield and the upcoming Commission adequacy findings
  • Standard Data Protection Clauses under CJEU review
  • Are BCRs (or other transfer instruments) a useful alternative?

Dr. Friedrich Poppflagge-eng Dr Friedrich Popp
Debevoise & Plimpton, Germany

16.30 – 16.50

The usage of free social network solutions in the company

  • General company policies for the usage of “external” services
  • The real life experience
  • How to handle the situation from a company’s perspective
  • The responsibilities of the company and the employees
  • Employee information and guidelines

Dr. Claus Dieter Ulmerflagge-eng Dr Claus-Dieter Ulmer
Global Data Privacy Officer
Telekom AG, Germany

16.50 – 17.00

qa Final discussion, Q&A


Welcome GDPR reception with drinks provided by



GDPR Countdown Workshop

1. GDPR goes live: day to day duties

  • Last minute compliance
  • Training, Audits
  • Documentation duties
  • Data Management System installed
  • Regular update data processing register/DPIA

2. Regulator’s Standpoint

  • Summary of all available guidelines
  • Gaps left open by regulator
  • Regulator stricter than the law?

3. Defense Strategies

  • Proceedings against regulator
  • How to deal with activists?
  • Cyber security threats
  • Management of data subject requests

4. Digitalization with GDPR embedded

  • Privacy by design
  • Big data
  • Monetize data
  • Data management of digital projects

Dr. Axel von dem Bussche Paul Voigt

Dr Axel Freiherr von dem Bussche LL.M., Partner, Taylor Wessing Partnerschaftsgesellschaft mbB
Paul Voigt, Salary Partner, Taylor Wessing Partnerschaftsgesellschaft mbB

8.30– 9.00
Registration and welcome coffee

Coffee break


Coffee break