IAPP Data Protection Intensive France, Hosted by IAPP
Data Protection Intensive (DPI) France is the annual conference hold by the International Association for Privacy Professionals (IAPP) in Paris. The event held this year on 14 and 15 March at Le Meridien Etoile will gather simultaneous English and French panels presentations focusing on international topics, policy and strategy in the personal data protection field.
Claude-Etienne Armingaud will be holding a panel "Codes of Conduct — GDPR’s Prodigal Son Finally Arriving?"
"Codes of conduct overseen by accredited monitoring bodies are one of the breakthrough innovations introduced by EU General Data Protection Regulation. As part of its accountability framework, GDPR not only shifted the onus of demonstrative compliance, but also created the possibility for stakeholders to engage in co-regulatory practices. The goal was to allow the industry to support regulatory implementation by developing workable guidance to concretize the GDPR’s provisions. More flexible than other previously adopted compliance tools, CoCs generated high expectations, particularly in the wake of ‘Schrems II’, as a possible solution to address international data transfers and enable legal foreseeability. CoCs have not yet reached their full potential, with only a handful of national CoCs deployed and even less at the pan-European level. However, as the cloud ecosystem leads the way, this panel will explore the background of this sectoral success while highlighting CoC’s enefits, as well as their limitations.
Camille Scarparo will be presenting on the DPO's role under GDPR: "DPO Lone Rider or Orchestra Leader."
The objective of this panel is to highlight the difficulties that a DPO may face in the exercise of his/her mission and the means to overcome them. The problems encountered may be (i) internal: resources, influence in the decision-making process, independence, relations with members of the management and (ii) external: management of requests to exercise the rights of data subjects and communication with data protection authorities. The objective is to discuss the key elements that allow the DPO to fully participate in the compliance of his structure, both from the point of view of the regulator, the company and a law firm.