GDPR compliant cloud transformation

This course aims to introduce GDPR regulations in the context of cloud computing services. In addition, we will share practical implications of adopting cloud solutions, while complying with the main provisions of GDPR.

The goal is to enable participants to increase their comfort level when confronted with cloud specific regulation in order to support their digital transformation process.

By the end of this training, participants will be able to:

• understand the roles and responsibilities of a DPO, in the context of a cloud transformation;
• identify and understand what contractual aspects must be put in place in their Cloud Service Agreements;
• explain the technical measures to be put in place to ensure a cloud architecture which is GDPR compliant.

• Introduction
  • Definition of the cloud and cloud service models
  • Latest trends, European and local initiatives
  • Sovereign Cloud/Gaia-X
  • Schrems II
  • Putting these concepts into perspective in relation to the financial sector
• DPO perspective on cloud transformation
  • Points of attention
  • Organisational aspects (DPO role, privacy by design, impact analysis)
• Legal and contractual perspective
  • New regulations and guidelines
  • Contractual aspects and recommendations
• Technical perspective
  • Shared security model
  • Technical solutions for a cloud infrastructure in compliance with the GDPR

This training is coordinated by Stéphane Zema, Jacques-Félix Wirtz, Directors at PwC Luxembourg.

Stéphane Zema is a director at PwC specialising in cloud and ICT infrastructure services with over 16 years of experience. He leads cloud transformation initiatives, focusing on strategy, architecture, governance, compliance, implementation, and operations. Stéphane has strong expertise as a programme manager and technical expert, engaging effectively with both CxO-level executives and operational field specialists. His technical proficiency spans cloud computing (Microsoft Azure, AWS, sovereign cloud), IT infrastructure, digital workplace solutions, mobile networks, and project management. He has contributed to major projects for clients including the European Investment Bank, European Parliament, NATO, and various European agencies, national ministries, and telecommunications companies.

Jacques-Félix Wirtz is a director leading the Luxembourgish Government and Public Services advisory at PwC Luxembourg, specialising in evaluation, project management, organizational performance assessment, and GDPR compliance within the public and health sectors. He possesses extensive expertise in evaluation methodologies, including Better Evaluation guidelines and OECD criteria, and has successfully conducted numerous ex-ante, mid-term, and ex-post evaluations of EU-funded projects and public policies. His organisational audit work involves assessing structures, governance, responsibilities, and key processes. Notable projects include sustainable food system visioning, intercultural living law modules, satellite telecommunications evaluation, nation branding governance, and GDPR compliance for Luxembourgish agencies.