Registration and welcome coffee
9.10 – 9.20Opening remarks from Euroforum and the conference chair
Bojana Bellamy
President, Centre for Information Policy Leadership,
Hunton Andrews Kurth LLP
GDPR – the first year – most important findings and a new quality of cooperation
Dr Andrea Jelinek
Chairwoman, European Data Protection Board;
Director, Austrian Data Protection Authority (EDPS)
Q&A and Discussion
International Legal Environment AD 2019. Is GDPR really influential outside of EU?
Wojciech Wiewiórowski
Assistant Supervisor, EDPS
Q&A and Discussion
Looking back at the first year of GDPR
Prof. Dr Johannes Caspar
Data Protection Officer,
Federal State Hamburg, Germany
Q&A and Discussion
Google and the GDPR, Year 1
Peter Fleischer
Global Privacy Counsel
Google, Inc., France
Coffee break
11.40 – 12.00Ensuring privacy and prosperity in the digital economy
James Sullivan
International Trade Administration,
U.S. Department of Commerce, USA
Q&A and Discussion
ePrivacy: Protecting confidentiality of communications in the 21st century – a view from the European Parliament
Birgit Sippel
Group of the Progressive Alliance of Socialists and
Democrats in the European Parliament, MEP
DISCUSSION
The ePrivacy Directive in the digital age



Lunch
14.00 – 14.20Update from the French Data Protection Authority
Florence Raynal
Deputy Director, Head of Department of
European and International Affairs, CNIL, France
DISCUSSION
Chances and challenges in international data protection





One year on: The office of the DPO at Facebook
Stephen Deadman
Data Protection Officer, Facebook, UK
A global perspective on U.S. privacy developments
Julie Brill
Corporate Vice President and
Deputy General Counsel, Microsoft, USA
Coffee break
16.10 – 16.30The role of a Lead Supervisory Authority – an update from the Irish Data Protection Commission
Dale Sunderland
Deputy Commissioner,
Data Protection Commission Ireland
UK’s international strategy: Looking forward
Steve Wood
Deputy Commissioner, Executive Director Policy,
ICO, UK
Q&A and Discussion
EVENING ACTIVITY
On the evening of the first EDPD conference day, we cordially invite you to an exciting Trabi Safari. The Trabi (Trabant) was the most common vehicle in Eastern Germany (the former GDR). Experience Berlin’s famous sights and enjoy a traditional Berlin “Currywurst” after the tour!
Registration and welcome coffee
9.00 – 9.10Opening remarks from Euroforum and the conference chair
Prof. Dr Ulrich Wuermeling LL.M.
Visiting Professor, Queen Mary University of London;
Latham & Watkins, Germany
KEYNOTE
Rebecca Kelly Slaughter
Commissioner,
Federal Trade Commission
Q&A and Discussion
DISCUSSION
Dealing with individual rights requests on GDPR
Christian Brennholt, Global Dpty. Chief Privacy Officer, Coca-Cola GmbH
Idriss Kechida, Global Head of Privacy, Matchgroup, Ireland
Aku Odunton, Data Protection Associate, Facebook, Instagram, Oculus and WhatsApp, UK
Kalinda Raina, Head of Global Privacy, Senior Director, LinkedIn, USA
Data driven business models respecting fundamental rights – how?
- Ubiquitous data collection and use nowadays has real effects on people in the physical world
- Many modern services and business models fundamentally rely on big data and AI
- GDPR aims to help protect fundamental rights also beyond privacy: security of person, freedom of thought, expression, work etc.
- Can GDPR be used to reconcile these rights in a practical way?


Data Protection Officer,
Uber, The Netherlands
10.40 – 11.00
How to deliver both: Innovation and data protection compliance
Anna Pouliou
Head of Privacy,
CHANEL, France
Coffee break
Building a culture of privacy: The opportunity ahead
- Trust
- Values driven
- Privacy is everyone’s Job


Head of Global Privacy,
LinkedIn, USA 11.50 – 12.10
STARTUP
From GDPR compliance to Users‘ control:
let’s crowdsource for Privacy
- Digital Ethics
- Control
- User-centric monitoring
- Crowdsourcing
Marie-Charlotte Roques-Bonnet
EU Tech for Good Entrepreneur &
Founder of ID side
Building true accountability for privacy
Mikko Niva
Group Privacy Officer and Head of Legal,
Vodafone, UK
Health data and data privacy
- Balancing interests under GDPR
- Removing obstacles created by conflicting legislation
- Defining controllership in complex business models


Head of Global Data Privacy,
Novartis International AG, Switzerland 12.50 – 13.10
Navigating privacy in a data centric world
Jules Polonetsky
CEO, Future of Privacy Forum, USA
Lunch
PARALLEL SESSIONS
Choose your individual subject!
SESSION 1
MODERATOR:
Dr Axel von dem Bussche
Partner, Taylor Wessing, Germany
International dispute resolution under the GDPR
- Who is in control of the processing?
- Management of Third Country data Transfers
- Restrictions of data subject rights
- How to prepare?


Senior Associate,
Debevoise & Plimpton, Germany 14.30 – 14.50
GDPR beyond EU – on it’s way to a common global standard?
Dr Axel von dem Bussche
Partner, Taylor Wessing, Germany
Controller-processor relationships – challenges, experiences and possible solutions
Barbara Eggl
ECB & ESRB Data Protection Officer,
European Central Bank
Don’t Acquire Your Next Breach: Managing the Vendor Risk Lifecycle
- Breakdown GDPR regulation, scope, and the new legal obligations it presents for vendor risk management
- Identify priorities before, during, and after vendor procurement
- Secure sufficient guarantees from vendors to efficiently work together during audits or incidents
- Hear real case studies from privacy experts on how to practically tackle vendor risk under Article 28 of the GDPR


Privacy Consulting Manager, Central & Southern EMEA,
OneTrust
SESSION 2
MODERATOR:
John Bowman
Senior Principal,
Promontory Financial Group (UK) Ltd
The California Consumer Privacy Act – how it compares to the GDPR and what European companies need to know
- Background and key concepts of the CCPA
- Applicability to European companies
- Enforcement
- CCPA vs. GDPR – Similarities and differences




Building and operating a successful
Privacy-By-Design Program
- The GDPR Article 25 requires Data Protection by Design and by Default, but how do companies fulfill this requirement in practice?
- How can a company make a privacy-by-design program scalable and sustainable and not slow the business down?


Deputy General Counsel,
Snap Group Limited, USA 14.50 – 15.10
Why the GDPR is doing all the ground work to get AI+ML ready – insights on implementation
Jan Wittrodt
Head of Data & IT Law,
Zalando SE, Germany
Your GDPR compliance: who will question it first?
- The current state of an official GDPR certification and codes of conduct
- Example of how companies are demonstrating compliance
- The benefits of an external third party GDPR validation
Xavier Alabart
CIPP/E, CIPT, IGP, PMP, MBASenior Privacy Consultant Europe,
TrustArc
GDPR and its extra-territorial effect from Chinese perspective
- The positive effect of GDPR on China’s data protection scene: the adoption of the rules under GDPR and the contribution to awareness raising in China
- The convergence and divergence between Chinese data protection rules and GDPR
- How much companies can rely on GDPR-centric privacy management program
- How to deal with unique aspects of Chinese data protection rules: multiple-level protection system, various national standards and sectoral rules, multiple regulators with different regulatory priorities


Fangda Partners, China
One year GDPR – lessons learnt and practical experience in key areas:
E-Privacy & marketing under the GDPR after no new e-privacy regulation was agreed (for the time being): how to cope in practice with legal uncertainties and different approaches in different countries
Individual rights, in particular data subject rights requests: scope of obligations and procedures which work for companies based on practical experience and examples – how to deal with unclear, excessive and massive approaches & balancing requests with other parties rights and company confidentiality
Contractual relations: Controller-Processor vs Joint controller vs independent controllers – dealing with the changes required by the GDPR and ways to deal with excessive requests in daily Business
Data breach: how to minimize the damage if the worst case happens? Use cases and practical experience from dealings with Regulators
Brexit: impact on applicable laws, contracts, SCCs, BCRs, supervisory



WORKSHOP TIME FRAME
8.30–9.00 Registration and welcome coffee
9.00–10.15 Slot 1
10.15–10.45 Coffee break
10.45–12.30 Slot 2
12.30–13.30 Lunch
14.30–15.00 Coffee break
16.00 End