GDPR for DPOs

The GDPR entered in effect on the 25th of May 2018, putting emphasis on the Data Protection Officer (DPO) as a key person to ensure personal data is kept and managed safely.

During this 1-day training session, DPOs, as well as other staff coordinating data protection, will gain knowledge of the key concepts underlying the GDPR as well as to their roles in an organisation.

While this training session does not support a DPO certification, it aims at providing a comprehensive and solid ground for DPOs and alike in their day-to-day activities.

By the end of this training, participants will be able to:

• have a proper understanding of the Luxembourg and EU regulatory framework as to data privacy;
• understand their role and function as key persons in charge of data privacy;
• explain the key concepts of the GDPR and how they apply to their respective organisation, whether locally or at group level;
• define their action and monitoring plans for compliance with the regulation;
• interact with the data protection authorities.

• Introduction: overview of the regulation
  • Purpose, territorial scope, material scope, general principles, controller/processor, data privacy by design and by default, register of processing
• Role and position of a DPO
  • Mission and role of the DPO, typical tasks of a DPO, management of conflict of interest, criteria leading to the appointment of a DPO
• Lawfulness of processing
  • Different lawful bases as per the regulation, attention areas applicable to each base, case study
• Consent as a lawful base
  • Valid consent, balancing test vs the data subject rights, case study
• Management of personal data of special category
  • Children, criminal convictions, special category of data, case study
• Data subject rights
  • Different rights, limitations and conditions to the exercise of rights, role of the DPO, case study
• Requirements for data controllers and data processors
  • Information security, DPIA, incident and breach management, training, case study
• Transfer of personal data in/ou the EEA
  • Conditions for transfer incl BCR, case study
• CNPD
  • Organisation, approach, certification
• When it goes wrong
  • Fines, practical examples
• Q&A and closing

An attendance certificate will be sent to participants.

This training is coordinated by Frédéric Vonner, Partner and Antonin Jakubse, Senior Manager at PwC Luxembourg.

Frédéric Vonner is a partner with over 22 years of experience managing projects and advising asset managers and securities service providers in the investment fund industry, primarily in Luxembourg. He specialises in operational excellence and regulatory compliance for UCITS and alternative funds, with a strong focus on sustainability and sustainable finance, covering strategy, compliance, and implementation. Frédéric is also an experienced trainer and course facilitator for both soft skills and technical topics. He actively contributes to ALFI and EFAMA working groups and has led numerous client projects including sustainable finance assessments, UCITS V and AIFMD implementations, depositary and GDPR assessments, fund administration reviews, and service provider rationalisation.

Antonin Jakubse is a senior manager and seasoned project manager specialising in optimising operational effectiveness and efficiency, particularly within financial institutions and regulatory frameworks such as GDPR. He has a proven track record of successfully guiding complex projects to completion by focusing on clear communication with all stakeholders and balancing both strategic oversight and detailed project elements to foster team collaboration. As PwC’s subject matter expert on outsourcing activities, Antonin provides clients with comprehensive guidance on project management and regulatory compliance. His leadership includes managing project communication, organising workshops, proposing process improvements, and ensuring seamless collaboration across teams and jurisdictions.