On Friday 15 June 2018 we welcomed more than 80 DPOs (Data Protection Officers) from various sectors in the Van der Valk Hotel in Brussels. A full day was dedicated to interesting keynotes brought by experts in the field of e-Privacy, GDPR 2.0. and Data Subject Rights. These are the 5 takeaways from the DPO Conference 2018:
1. Collect as little data as possible
According to legal advisor Julieta Corremans, being a responsible steward of data goes further than meeting legal requirements. She highlighted the corporate advantages of shifting towards an ethical paradigm. DPOs should use what minimizes the harm to individuals while accomplishing its company achievements, it is about reducing harms. Also embracing transparacy, simplicity and security is important. When ignoring these principals, customers will eventually ignore you.
“Go beyond what’s legally requiered and think about what’s ethically desired.” – Julieta Corremans
2. Keep calm, and protect data
The keynote speaker Bart van Buitenen gave practical tips about what to do and not to do as a DPO. It’s easy to say X or Y isn’t compliant with GDPR but the challenge is providing advice on how to make it GDPR compliant. Ask the following questions: ”Why are we doing this?” and “How can we do this in a way that actually works and adds value?”. Don’t only tell what isn’t allowed as a DPO (Data Protection Officer).
“Don’t only tell what isn’t allowed” – Bart van Buitenen
3. Be transparant
Philippe De Backer, Belgian Secretary of State for Privacy gave a presentation about the new Belgian Privacy law. We learned that we need to ensure that people have control over their data and are free to choose what they share and with who they share it while simultaneously creating more opportunities for the digital economy and for the entrepreneurs.
“Privacy is an ongoing process you need to work on” – Philippe De Backer
4. Protect websites against hackers
Erwin Geirnaert, CEO & Chief Hacking Officer at ZION SECURITY learned us how easy it is to steal personal data from a website. During his presentation we learned how vulnerabilities like SQL Injection and broken authorization allow hackers to steal GDPR data via websites. With a tool as Gotcha you can check if your password got stolen.
“Facebook is more secure than most websites of banks.” – Erwin Geirnaert
5. Get explicit consent
We got a practical approach to lawfulness of processing from Dr. Prof. De Hert at the VUB. It’s important to consider the consent given. The consent must be freely given and expressily confirmed. Also the conditions must be easy to understand. Keep in mind that there is always the right to withdraw consent at any time and the controller needs to keep a record of all consent.
This were our takeaways. What did you learn at #DPOconf? Hope to see you soon at one of our next events!