Program 2019

8.40 – 9.10

Registration and welcome coffee

9.10 – 9.20

Opening remarks from Euroforum and the conference chair

Bojana Bellamyflagge-eng Bojana Bellamy
President, Centre for Information Policy Leadership,
Hunton Andrews Kurth LLP

9.20 – 9.40

GDPR – the first year – most important findings and a new quality of cooperation

Dr Andrea Jelinekflagge-eu Dr Andrea Jelinek
Chairwoman, European Data Protection Board;
Director, Austrian Data Protection Authority (EDPS)

9.40 – 9.50

qa Q&A and Discussion

9.50 – 10.10

International Legal Environment AD 2019. Is GDPR really influential outside of EU?

Wojciech Wiewiórowski Wojciech Wiewiórowski
Assistant Supervisor, EDPS

10.10 – 10.20

qa Q&A and Discussion

10.20 – 10.40

Looking back at the first year of GDPR

Johannes Casparflagge-eng Prof. Dr Johannes Caspar
Data Protection Officer,
Federal State Hamburg, Germany

10.40 – 10.50

qa Q&A and Discussion

10.50 – 11.10

Google and the GDPR, Year 1

Peter Fleischerflagge-fr Peter Fleischer
Global Privacy Counsel
Google, Inc., France

11.10 – 11.40

Coffee break

11.40 – 12.00

Ensuring privacy and prosperity in the digital economy

sullivan James Sullivan
International Trade Administration,
U.S. Department of Commerce, USA

12.00 – 12.10

qa Q&A and Discussion

12.10 – 12.30

ePrivacy: Protecting confidentiality of communications in the 21st century – a view from the European Parliament

Birgit Sippelflagge-eu Birgit Sippel
Group of the Progressive Alliance of Socialists and
Democrats in the European Parliament, MEP

12.30 – 13.00


The ePrivacy Directive in the digital age

Birgit Sippel Caroline Louveaux Simon Hania

flagge-eu Birgit Sippel
Caroline Louveaux,
Chief Privacy Officer, Mastercard, Belgium
 Simon Hania, Data Protection Officer, Uber, The Netherlands

13.00 – 14.00


14.00 – 14.20

Update from the French Data Protection Authority

Florence Raynalflagge-fr Florence Raynal
Deputy Director, Head of Department of
European and International Affairs, CNIL, France

14.20 – 15.00


Chances and challenges in international data protection

Peter Fleischer Dr Andrea Jelinek Florence Raynal sullivan

flagge-fr Peter Fleischer
flagge-eu Dr Andrea Jelinek
flagge-fr Florence Raynal, Deputy Director, Head of Department of European and International Affairs, CNIL, France
James Sullivan

15.00 – 15.20

One year on: The office of the DPO at Facebook

Stephen Deadman Stephen Deadman
Data Protection Officer, Facebook, UK

15.20 – 15.40

A global perspective on U.S. privacy developments

Julie Brill Julie Brill
Corporate Vice President and
Deputy General Counsel, Microsoft, USA

15.40 – 16.10

Coffee break

16.10 – 16.30

The role of a Lead Supervisory Authority – an update from the Irish Data Protection Commission

Dale Sunderland
Deputy Commissioner,
Data Protection Commission Ireland

16.30 – 16.50

UK’s international strategy: Looking forward

Steve Wood Steve Wood
Deputy Commissioner, Executive Director Policy,

16.50 – 17.00

qa Q&A and Discussion



On the evening of the first EDPD conference day, we cordially invite you to an exciting Trabi Safari. The Trabi (Trabant) was the most common vehicle in Eastern Germany (the former GDR). Experience Berlin’s famous sights and enjoy a traditional Berlin “Currywurst” after the tour!

8.30 – 9.00

Registration and welcome coffee

9.00 – 9.10

Opening remarks from Euroforum and the conference chair

Prof. Dr Ulrich Wuermeling LL.M. Prof. Dr Ulrich Wuermeling LL.M.
Visiting Professor, Queen Mary University of London;
Latham & Watkins, Germany

9.10 – 9.30


Rebecca Kelly Slaughter Rebecca Kelly Slaughter
Federal Trade Commission

9.30 – 9.40

qa Q&A and Discussion

9.40 – 10.20


Dealing with individual rights requests on GDPR

Christian Brennholt Idriss Kechida Kalinda Raina

Christian Brennholt, Global Dpty. Chief Privacy Officer, Coca-Cola GmbH
Idriss Kechida, Global Head of Privacy, Matchgroup, Ireland
Aku Odunton, Data Protection Associate, Facebook, Instagram, Oculus and WhatsApp, UK
Kalinda Raina, Head of Global Privacy, Senior Director, LinkedIn, USA

10.20 – 10.40

Data driven business models respecting fundamental rights – how?

  • Ubiquitous data collection and use nowadays has real effects on people in the physical world
  • Many modern services and business models fundamentally rely on big data and AI
  • GDPR aims to help protect fundamental rights also beyond privacy: security of person, freedom of thought, expression, work etc.
  • Can GDPR be used to reconcile these rights in a practical way?
Simon Hania Simon Hania
Data Protection Officer,
Uber, The Netherlands

10.40 – 11.00

How to deliver both: Innovation and data protection compliance

Anna Pouliouflagge-fr Anna Pouliou
Head of Privacy,
CHANEL, France

11.00 – 11.30

Coffee break

11.30 – 11.50

Building a culture of privacy: The opportunity ahead

  • Trust
  • Values driven
  • Privacy is everyone’s Job
Kalinda Raina Kalinda Raina
Head of Global Privacy,
LinkedIn, USA

11.50 – 12.10


From GDPR compliance to Users‘ control:
let’s crowdsource for Privacy

  • Digital Ethics
  • Control
  • User-centric monitoring
  • Crowdsourcing

flagge-fr Marie-Charlotte Roques-Bonnet
EU Tech for Good Entrepreneur &
Founder of ID side

12.10 – 12.30

Building true accountability for privacy

Mikko Niva Mikko Niva
Group Privacy Officer and Head of Legal,
Vodafone, UK

12.30 – 12.50

Health data and data privacy

  • Balancing interests under GDPR
  • Removing obstacles created by conflicting legislation
  • Defining controllership in complex business models
Knut Mager Knut Mager
Head of Global Data Privacy,
Novartis International AG, Switzerland

12.50 – 13.10

Navigating privacy in a data centric world

Jules Polonetsky Jules Polonetsky
CEO, Future of Privacy Forum, USA

13.10 – 14.10


Choose your individual subject!


Dr. Axel von dem Bussche MODERATOR:
Dr Axel von dem Bussche

Partner, Taylor Wessing, Germany

14.10 – 14.30

International dispute resolution under the GDPR

  • Who is in control of the processing?
  • Management of Third Country data Transfers
  • Restrictions of data subject rights
  • How to prepare?
Dr Friedrich Popp
Senior Associate,
Debevoise & Plimpton, Germany

14.30 – 14.50

GDPR beyond EU – on it’s way to a common global standard?

Dr. Axel von dem Bussche Dr Axel von dem Bussche
Partner, Taylor Wessing, Germany

14.50 – 15.10

Controller-processor relationships – challenges, experiences and possible solutions

Barbara Egglflagge-eu Barbara Eggl
ECB & ESRB Data Protection Officer,
European Central Bank

15.10 – 15.30

Don’t Acquire Your Next Breach: Managing the Vendor Risk Lifecycle

  • Breakdown GDPR regulation, scope, and the new legal obligations it presents for vendor risk management
  • Identify priorities before, during, and after vendor procurement
  • Secure sufficient guarantees from vendors to efficiently work together during audits or incidents
  • Hear real case studies from privacy experts on how to practically tackle vendor risk under Article 28 of the GDPR
Dominic Schmidt-Rieche
Privacy Consulting Manager, Central & Southern EMEA,



John Bowman MODERATOR:
John Bowman
Senior Principal,
Promontory Financial Group (UK) Ltd

14.10 – 14.30

The California Consumer Privacy Act – how it compares to the GDPR and what European companies need to know

  • Background and key concepts of the CCPA
  • Applicability to European companies
  • Enforcement
  • CCPA vs. GDPR – Similarities and differences

D. Reed Freeman, Jr., Partner, Co-Chair Cybersecurity and Privacy Practice, WilmerHale, USA
Dr Martin Braun, Partner and Co-Chair, Big Data Practice, WilmerHale, Germany

14.30 – 14.50

Building and operating a successful
Privacy-By-Design Program

  • The GDPR Article 25 requires Data Protection by Design and by Default, but how do companies fulfill this requirement in practice?
  • How can a company make a privacy-by-design program scalable and sustainable and not slow the business down?
Katherine Tassi Katherine Tassi
Deputy General Counsel,
Snap Group Limited, USA

14.50 – 15.10

Why the GDPR is doing all the ground work to get AI+ML ready – insights on implementation

Jan Wittrodt Jan Wittrodt
Head of Data & IT Law,
Zalando SE, Germany

15.10 – 15.30

Your GDPR compliance: who will question it first?

  • The current state of an official GDPR certification and codes of conduct
  • Example of how companies are demonstrating compliance
  • The benefits of an external third party GDPR validation

Xavier AlabartXavier Alabart
CIPP/E, CIPT, IGP, PMP, MBASenior Privacy Consultant Europe,

15.30 – 15.50

GDPR and its extra-territorial effect from Chinese perspective

  • The positive effect of GDPR on China’s data protection scene: the adoption of the rules under GDPR and the contribution to awareness raising in China
  • The convergence and divergence between Chinese data protection rules and GDPR
  • How much companies can rely on GDPR-centric privacy management program
  • How to deal with unique aspects of Chinese data protection rules: multiple-level protection system, various national standards and sectoral rules, multiple regulators with different regulatory priorities
Gil Zhang
Fangda Partners, China

At the end of the EDPD Conference OneTrust cordially invites you to a reception with drinks.


One year GDPR – lessons learnt and practical experience in key areas:

E-Privacy & marketing under the GDPR after no new e-privacy regulation was agreed (for the time being): how to cope in practice with legal uncertainties and different approaches in different countries

Individual rights, in particular data subject rights requests: scope of obligations and procedures which work for companies based on practical experience and examples – how to deal with unclear, excessive and massive approaches & balancing requests with other parties rights and company confidentiality

Contractual relations: Controller-Processor vs Joint controller vs independent controllers – dealing with the changes required by the GDPR and ways to deal with excessive requests in daily Business

Data breach: how to minimize the damage if the worst case happens? Use cases and practical experience from dealings with Regulators

Brexit: impact on applicable laws, contracts, SCCs, BCRs, supervisory

Lennart Schuessler

Ruth Boardman, Partner, Bird & Bird LLP, UK
Dr Fabian Niemann, Partner, Bird & Bird LLP, Germany
Lennart Schuessler, Partner, Bird & Bird LLP, Germany


8.30–9.00 Registration and welcome coffee
9.00–10.15 Slot 1
10.15–10.45 Coffee break
10.45–12.30 Slot 2
12.30–13.30 Lunch
14.30–15.00 Coffee break
16.00 End