PIAs: the end of exemptions, what do I need to do to be GDPR compliant?
Published on 06/10/2021

On May 25, 2021, the exemption from the obligation to perform a Privacy Impact Assessment (PIA) ended, for personal data processing, prior to May 25, 2018.

In 2018, GDPR introduced the obligation to perform a PIA regarding the implementation of certain processing operations that are likely to result in high risks to the rights and freedoms of data subjects. For the sake of simplicity and support and as this was a new obligation in 2018, the CNIL had then granted an exemption from this obligation, under certain conditions, for a period of 3 years.

May 25, 2021 marked the end of this exemption. From now on, the completion of a PIA becomes fully mandatory for the processing of “sensitive” personal data that is a source of risk for data subjects.

In Summary:
Contextual reminder: 3-year exemption from the
PIA obligation, what is it?
When is a PIA required?
As a company, does this affect me?
What method and tool should I use?
What are the pitfalls to avoid?
What are the best practices to implement?

Practical information:

On October 28, 2021 at 10:00 am in metropolitan France


Click here to sign up


9:15-10:00 am
Roundtable 1
The Challenges of the DPO Profession
Guests: Patricia Campos from Aesio Group and Kélig Dugue from Fives

10:00-10:30 am
E-privacy and commercial prospecting presentation./p>

10:45-11:30 am
Roundtable 2
Guests: Carole Chartier from PSA and Attorney Romain Waiss Moreau

12:00-12:30 pm
IoT blockchain presentation
Guests: Attorney Alan Walter andThierry Matusiak from IBM

12:30-1 pm
Presentation of myDPO features: Impact Assessment and Subcontractor Relations


2:00-3:30 pm
Workshop 1
Managing Data Subject Requests

Workshop 2
Guest: Nassor Azad from Natixis

Workshop 3
Data Breach

4:00-5:30 pm
Workshop 4
Guest: Vincent Godinot from PMU

Workshop 5
Retention Periods
Guest: Claire Botherel Sayous from ADP

Workshop 6
Register and Action Plan
Guest: Christophe Droit from CDC Habitat