On May 25, 2021, the exemption from the obligation to perform a Privacy Impact Assessment (PIA) ended, for personal data processing, prior to May 25, 2018.
In 2018, GDPR introduced the obligation to perform a PIA regarding the implementation of certain processing operations that are likely to result in high risks to the rights and freedoms of data subjects. For the sake of simplicity and support and as this was a new obligation in 2018, the CNIL had then granted an exemption from this obligation, under certain conditions, for a period of 3 years.
May 25, 2021 marked the end of this exemption. From now on, the completion of a PIA becomes fully mandatory for the processing of “sensitive” personal data that is a source of risk for data subjects.
In Summary:
Contextual reminder: 3-year exemption from the
PIA obligation, what is it?
When is a PIA required?
As a company, does this affect me?
What method and tool should I use?
What are the pitfalls to avoid?
What are the best practices to implement?
Practical information:
On October 28, 2021 at 10:00 am in metropolitan France
_________
MORNING: ROUNDTABLES
9:15-10:00 am
Roundtable 1
The Challenges of the DPO Profession
Guests: Patricia Campos from Aesio Group and Kélig Dugue from Fives
Group
10:00-10:30 am
E-privacy and commercial prospecting presentation./p>
10:45-11:30 am
Roundtable 2
Co-responsibility
Guests: Carole Chartier from PSA and Attorney Romain Waiss Moreau
12:00-12:30 pm
IoT blockchain presentation
Guests: Attorney Alan Walter andThierry Matusiak from IBM
12:30-1 pm
Presentation of myDPO features: Impact Assessment and Subcontractor Relations
—
AFTERNOON: WORKSHOPS
2:00-3:30 pm
Workshop 1
Managing Data Subject Requests
Workshop 2
PIA
Guest: Nassor Azad from Natixis
Workshop 3
Data Breach
4:00-5:30 pm
Workshop 4
Consent
Guest: Vincent Godinot from PMU
Workshop 5
Retention Periods
Guest: Claire Botherel Sayous from ADP
Workshop 6
Register and Action Plan
Guest: Christophe Droit from CDC Habitat