GDPR for DPOs

The GDPR entered in effect on the 25th of May 2018, putting emphasis on the Data Protection Officer (DPO) as a key person to ensure personal data is kept and managed safely.

During this 1-day training session, DPOs, as well as other staff coordinating data protection, will gain knowledge of the key concepts underlying the GDPR as well as to their roles in an organisation.

While this training session does not support a DPO certification, it aims at providing a comprehensive and solid ground for DPOs and alike in their day-to-day activities.

By the end of this training, participants will be able to:

• have a proper understanding of the Luxembourg and EU regulatory framework as to data privacy;
• understand their role and function as a key person in charge of data privacy;
• explain the key concepts of the GDPR and how they apply to their respective organisation, whether locally or a group level;
• define their action and monitoring plans for compliance with the regulation;
• interact with the data protection authorities.

• Introduction: overview of the regulation
  • Purpose, territorial scope, material scope, general principles, controller/processor, data privacy by design and by default, register of processing
• Role and position of a DPO
  • Mission and role of the DPO, typical tasks of a DPO, management of conflict of interest, criteria leading to the appointment of a DPO
• Lawfulness of processing
  • Different lawful bases as per the regulation, attention areas applicable to each base, case study
• Consent as a lawful base
  • Valid consent, balancing test vs the data subject rights, case study
• Management of personal data of special category
  • Children, criminal convictions, special category of data, case study
• Data subject rights
  • Different rights, limitations and conditions to the exercise of rights, role of the DPO, case study
• Requirements for data controllers and data processors
  • Information security, DPIA, incident and breach management, training, case study
• Transfer of personal data in/ou the EEA
  • Conditions for transfer incl BCR, case study
• CNPD
  • Organisation, approach, certification
• When it goes wrong
  • Fines, practical examples
• Q&A and closing

An attendance certificate will be sent to participants.

This training is coordinated by Frédéric Vonner, Partner and Antonin Jakubse, Senior Manager at PwC Luxembourg.

From daily operations to regulatory compliance, Frédéric, Partner, has been helping local and global asset managers, fund service providers and banks for more than 20 years to successfully run their businesses.

His areas of focus are: UCITS, AIFMD and GDPR regulations, private equity and real estate, organisation setup and review, project management.

Frédéric is also engaged in sustainability and sustainable finance matters, delivering assignments ranging from strategy and regulatory compliance to practical implementation. He is an experienced trainer and course designer /facilitator for soft skills and technical trainings.

Since joining PwC, Antonin developed an expertise on the General Data Protection Regulation ("GDPR") as well as in project management skills, delivering various types of projects ranging from gap analysis to implementation, ensuring a timely delivery of the project and a high level of engagement of all involved stakeholders. He is the solution driver for the privacy (incl. GDPR) topics, supporting the partner in charge to develop business relationships with existing and new clients.