After a quick reminder of the definition of the register and its various supports, we will address three topics that we feel are particularly important for maintaining a complete, compliant and up-to-date register on a daily basis.
First of all, we will recap the different types of governance that can be envisaged to manage the compliance of new processing.
For each of these governance models, we will then discuss the different processes that need to be put in place to ensure that the register is always complete and up-to-date.
Finally, we will share some of the best practices that we have seen and that should be kept in mind for the day-to-day operation of the data processing register
1. What are the types of governance for the day-to-day compliance management of a company’s new projects?
Many types of governance are possible: having the DPO maintain the data processing register centrally, allowing business points of contact to integrate processing but asking the DPO to validate them, on the contrary delegating the validation of new processing to the referents, or excluding the DPO from any responsibility for validation?
There are as many models as major types of companies. We will thus present the different governance models for maintaining and updating the processing register, presenting for each its advantages and disadvantages.
2. What processes should be put in place to ensure a consistently complete and up-to-date register?
How do you ensure that the register is consistently complete and up-to-date? How to impose on employees to notify the DPO of changes to processing, how to ensure that they will inform the points of contact and DPO about all new processing?
Here again, several organizations are possible: setting up project committees, mandatory passage through the Chief Data Officer, project sheets, etc. In the same way, we will review them and present their respective advantages and disadvantages.
3.For good management: good practices!
In the third part, we will present effective practices for good register management and its standard models.
We will answer the following questions: what form should the register take? Is the CNIL model sufficient? What information is useful?
Practical information:
On December 16, 2021 at 10:00 am in metropolitan France
_________
MORNING: ROUNDTABLES
9:15-10:00 am
Roundtable 1
The Challenges of the DPO Profession
Guests: Patricia Campos from Aesio Group and Kélig Dugue from Fives
Group
10:00-10:30 am
E-privacy and commercial prospecting presentation./p>
10:45-11:30 am
Roundtable 2
Co-responsibility
Guests: Carole Chartier from PSA and Attorney Romain Waiss Moreau
12:00-12:30 pm
IoT blockchain presentation
Guests: Attorney Alan Walter andThierry Matusiak from IBM
12:30-1 pm
Presentation of myDPO features: Impact Assessment and Subcontractor Relations
—
AFTERNOON: WORKSHOPS
2:00-3:30 pm
Workshop 1
Managing Data Subject Requests
Workshop 2
PIA
Guest: Nassor Azad from Natixis
Workshop 3
Data Breach
4:00-5:30 pm
Workshop 4
Consent
Guest: Vincent Godinot from PMU
Workshop 5
Retention Periods
Guest: Claire Botherel Sayous from ADP
Workshop 6
Register and Action Plan
Guest: Christophe Droit from CDC Habitat