Interactive, case-based presentations in English

Ready, set, go! GDPR is getting close, so make sure your company is perfectly equipped with all the tools to pass its test. Our speakers will guide you smoothly through the important changes and challenges of the GDPR.

GDPR is the regulation on everyone’s mind now – it affects any entity that has customers, employees and business partners in EU. GDPR will be effective as of 25 May 2018 and will apply as such in Romania.

GDPR’s impact derives from both new obligations and spectacularly high non-compliance fines, coupled with emerging business opportunities.

Could not think of better reasons to get ready for GDPR.

By attending this event you will know, among others:

  • What to do in case of data transfer (portability right) or data deletion (right to be forgotten) specific requests?
  • What to include in the data processing agreement between the data controller and the data processor?
  • How is data mapping performed? What are the implications of data mapping?
  • In what circumstances is DPIA mandatory?
  • How to properly implement a transborder data transfer?
  • When is the cloud services provider liable for the data stored on cloud by its clients?
  • When does a company need to appoint a DPO?
  • When is the liability of the DPO and/or of the appointing company triggered?
  • What are the measures to employ in case of a security breach?
*This event is in English and comprises interactive case-based presentations, welcome coffee, coffee break and a networking lunch. You will receive the speakers' presentations and other useful documentation via email.

Event duration: 09:00 - 16:00


9.00 9.30 Registration

9.30 – 10.15 – Basis for processing data (including expression of consent). Practical examples. Q&A. – Luís Neto Galvão

10.15 – 10.45 – Right to be forgotten by reference to storage/archiving legal obligations. Portability of data, including of sensitive data. Practical examples. Q&A. – Simona Șandru

10.45 – 11.30 – Data mapping. Data protection impact assessment (DPIA). When is a DPIA mandatory. Practical examples. Q&A. – Bart van Buitenen

11.30 – 11.45 Coffee Break

11.45 – 12.15 – Automated individual decision (including „profiling”). Restrictions. Practical examples. Q&A. – Simona Șandru

12.15 – 12.30 – Security breaches. Record of breaches. Reporting. Time to report. Practical examples. Q&A. – Cristian Driga

12.30 – 13.15 – Particular aspects to be included in the agreement between the data controller and data processor. Cloud computing (including the liability of cloud services provider for illegal content). Practical examples and references to CJEU case-law. Q&A. – Luís Neto Galvão

13.15 – 14.00 Lunch

14.00 – 14.30 – Update on the rules regarding transborder data flows. Q&A. – Luís Neto Galvão

14.30 – 15.00 – How to prevent security breaches and what measures to be immediately undertaken after a security breach occurs. Practical examples. Q&A. – Cătălin Patrașcu

15.00 – 15.45 – What does the Data Protection Officer do? When is its appointment mandatory? Record of processing activities. Liability of the DPO and the liability of the appointing company in case of breach of GDPR obligations. Practical examples. Q&A. – Bart van Buitenen

15.45 – 16.00 – Q&A for all four speakers.

Luís Neto Galvão

Luís Neto Galvão is currently a Partner of SRS Advogados in the TMT Group. Starting 2015 , he acted as an Expert for the Council of Europe (CoE) in the field of Data Privacy & Protection; he co-authored an in-depth course on this topic, aimed at judges, prosecutors and lawyers, which can be found on CoE e-learning platform – European Programme for Human Rights Education for Legal Professionals (HELP). Until 2016, he was also an independent expert of the Cloud Computing Contracts Group, appointed by the Director General of DG Justice of the European Commission.

Bart van Buitenen

Bart van Buitenen is an experienced DPO and data protection consultant working exclusively on data protection issues since long before it was cool, with a focus on health care, technology and government. In addition he has been training future DPOs for a number of years as a trainer at the Data Protection Institute based in Belgium.

Cătălin Pătrașcu

Cătălin Pătrașcu is Head of Information Security and Monitoring Department of CERT-RO. He is a cyber security expert with more than 10 years of experience in the information security field.

Simona Șandru

Ms. Simona Șandru is working in the area of personal data protection since 2002, when the Ombudsman Institution was first established as surveillance authority in the area in Romania. At the moment, Ms. Șandru has the role of Head of the Complaints’ Department at the National Supervisory Authority for Personal Data Processing.

Cristian Driga

Cristian Driga is a Senior counselor at CERT-RO. He is a lawyer specialized in Cybercrime, e-Evidence, Cybersecurity, IT Law, with more than 12 years of legal practice. He provides advise on dealing with cybercrime cases or strengthening the legal side of IT security policies within a company, but also assists his clients in incident handling and recovery, electronic evidence gathering and interpretation in the courts of law.

Are you Ready for GDPR?

Standard feesBRCC / Amcham MembersBRCC / Amcham Members

registering to all 3 future events until 12 Sept. 2017

1 representative870 RON / person783 RON / person696 RON / person
2 representatives780 RON / person702 RON / person624 RON / person
3+ representatives700 RON / person630 RON / person560 RON / person

AmCham Romania and BRCC members benefit of a 10% discount, as seen here and here. Participation to all three future EMEA conferences brings an additional 10% discount. Discounts are cumulative.

E.g.: Participation fees for all three future EMEA events for three or more representatives of a BRCC or AmCham member are: 560 lei/ person for the GDPR event, 560 lei/person for the Competition event and 480 lei/ person for the Employee Engagement event. No implicit requirement that the same three representatives participate to all three events.

Are you Ready for GDPR?

if [menu] equals "2 Participants" then show [group-2]
if [menu] equals "3 Participants" then show [group-3]
if [menu] equals "4 Participants" then show [group-4]

I accept the Terms and Conditions, including the Privacy Policy and I agree that this is a firm order that generates my obligation to pay the registration fee.

[wpgdprc "By using this form you agree with the storage and handling of your data by this website."]

Episcopiei Street 1-3, Bucharest 010292

Event Location

Athenee Palace Hilton Bucharest Hotel