GDPR compliant cloud transformation

This course aims to introduce GDPR regulations in the context of cloud computing services. In addition, we will share practical implications of adopting cloud solutions, while complying with the main provisions of GDPR. The goal is to enable participants to increase their comfort level when confronted with cloud specific regulation in order to support their digital transformation process.

By the end of this training, the participants will be able to:

• understand the roles and responsibilities of a DPO, in the context of a cloud transformation
• identify and understand what contractual aspects must be put in place in their Cloud Service Agreements
• explain the technical measures to be put in place to ensure a cloud architecture which is GDPR compliant

1. Introduction

Definition of the cloud and cloud service models
Latest trends, European and local initiatives
Sovereign Cloud/Gaia-X
Schrems II
Putting these concepts into perspective in relation to the financial sector

2. DPO perspective on cloud transformation

Points of attention
Organisational aspects (DPO role, privacy by design, impact analysis)

3. Legal and contractual perspective

New regulations and guidelines
Contractual aspects and recommendations

4. Technical perspective

Shared security model
Technical solutions for a cloud infrastructure in compliance with the GDPR

Stéphane Zema is a director leading the Cloud and ICT infrastructure services at PwC (Technology consulting). He has over 14 years of experience in the field of ICT infrastructure. He supports his clients with their cloud transformation, addressing aspects such as strategy, architecture, governance, compliance, implementation and operational aspects. He has extensive experience as programme manager and technical expert, enabling him to interact with CxO level as well as with operational field experts.

Jacques-Félix Wirtz is senior manager in the Industries and Public Sector department at PwC Luxembourg. In his role, Jacques-Félix focuses on business process improvements, fraud detection and GDPR compliance in both the public and health sectors. In particular, he has worked on projects assisting clients in their compliance efforts with the European General Data Protection Regulation by establishing a coherent governance model and analysing the impacts of the data and security risks.

Nicolas Hamblenne is a senior associate within the Technologies & IP department and of the Commercial Contracts practice of PwC Legal Luxembourg. Prior to joining the firm in July 2020, Nicolas spent 5 years in an independent leading Belgian law firm as senior associate of the Data, IP & Media practice. He advises clients on a wide range of information technology and communications matters and has extensive experience in data protection matters (including GDPR compliance), commercial and IT agreements as well as marketing and advertising law.