Data privacy in Luxembourg: GDPR and beyond

Introduction

The General Data Protection Regulation (GDPR) is certainly the most significant personal data legislation since 20 years. Organisations will have to start their compliance journey now before the regulation comes into force in May 2018. To what extent are you prepared to pay a fine that might reach 4% of your organisation turnover?

Attend our training and get practical advice on how to set up a compliant programme within your organisation.

ObjectivesBy the end of this training, the participants will be able to:

• explain the main principles of the regulations and their impacts;
• determine the steps to implement in order to ensure compliance;
• establish a GDPR compliance programme;
• review and analyse the current personal data protection programme taking into account the new requirements.

1. Regulatory framework for personal data processing

Regulatory context related to the processing of personal data and, in particular, the new principles (i.e. data minimisation, personal data protection by design, etc.)
Processing conditions, and data subject rights, in particular, the new rights (i.e. portability, the right to be forgotten, etc.)
Personal data types, their locations as well as their retention period
Archiving rules and destruction of personal data

2. Communication of personal data

Personal data transfers to third parties
Personal data transfers out of the EEA
Internal and external actors that are involved in personal data processing
Responsibility of the service provider

3. How to demonstrate accountability?

Maturity evaluation
Implementation of adequate rules
Sustainable compliance

4. Implementation of the needed measures to ensure security and confidentiality of personal data

Legal obligation to protect personal data
Specificities of the personal data management by third parties and risks related to cloud computing
Importance of impact studies and vulnerability studies

An attendance certificate will be sent to participants.

This training is coordinated by Frédéric Vonner, Partner at PwC Luxembourg.

Frédéric Vonner is a partner. From daily operations to regulatory compliance, Frédéric has been helping local and global asset managers, fund service providers and banks to successfully run their businesses for nearly 20 years. Areas of focus: UCITS, AIFMD and GDPR regulations, PERE, organisation setup and review, project management.

Antonin Jakubse is a senior manager. Since joining PwC, Antonin developed an expertise on the General Data Protection Regulation ("GDPR") as well as in project management skills, delivering various types of projects ranging from gap analysis to implementation, ensuring a timely delivery of the project and a high level of engagement of all involved stakeholders. He is the solution driver for the privacy (incl. GDPR) topics, supporting the partner in charge to develop business relationships with existing and new clients.