Presented By O’Reilly and Cloudera
Make Data Work
21–22 May 2018: Training
22–24 May 2018: Tutorials & Conference
London, UK

General Data Protection Regulation - GDPR - Tutorial (+ ePrivacy introduction)

Aurélie Pols (Mind Your Privacy)
9:0012:30 Tuesday, 22 May 2018
Law, ethics, and governance, Strata Business Summit
Location: Capital Suite 9 Level: Non-technical
Secondary topics:  Security and Privacy

Who is this presentation for?

Managers of data science teams, responsible to assure their teams are doing the right thing

Prerequisite knowledge


Materials or downloads needed in advance


What you'll learn

The tutorial gives an overall overview of what the GDPR is about. Attendees, depending upon their roles, should be able to carve out what their specific responsibility would be in order to assure compliance while keeping a helicopter view of what these obligations are about. As Forrester said: it takes a village to assure GDPR compliance and no IT (or data) department is an island.


With it’s 173 recitals and 99 articles, Europe’s revision of the current Data Protection Directive (95/46/EC) into the General Data Protection Regulation (GDPR) induces a shift in the risk equation for data fueled businesses because of the fines it allows (up to 4% of global turn-over).
It’s time to step up and understand what this means for your organizations, as a data controller, and the partners that support your data practices in light of the May 2018 deadline.

Walking the audience through basic global privacy concepts to assure responsible data uses, enshrined within the revised OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data as well as the more US based Fair Information Practice Principles, the initial building blocks will be set to understand compliance requirements.
This more theoretical part covers topics such as:
• personal data /PII/personal information,
• purpose
• choice & consent
• privacy principles such as ‘lawfulness, fairness and transparency’, ‘purpose limitation’, ‘data minimisation’, ‘accuracy’, ‘storage limitation’, ‘integrity and confidentiality’, ‘accountability.

Moving onto the GDPR, the discussion will start off with the territorial scope (art. 3) of the GDPR, where attendees will be able to grasp how far their obligations might stretch and whether obligations such as appointing a DPO will be required.

From there, and as each case is different, this interactive session will walk the audience through and discuss the 5+5 pillars of the GDPR Readiness Framework:
(i) Data Security and Breach Notification
(ii) Codes of Conduct and Certifications
(iii) Pseudonymization of Personal Data
(iv) Data Subject Consent
(v) Profiling and the Right to Object
(vi) Cross Border Data Transfers
(vii) The Right to be Forgotten/Deletion/Access
(viii) Data Portability
(ix) Duties & responsibilities data controller/processor/joint controllers
(x) Procedures & fines

Photo of Aurélie Pols

Aurélie Pols

Mind Your Privacy

Aurélie Pols designs Data Privacy best practices: documenting data flows in order to limit Privacy backlashes, minimising risk related to ever increasing data uses while solving for data quality. The most accurate label today would probably be “Privacy Engineer”.
She spent the past 15 years optimising (digital) data-based decision-making processes. This allowed her to co-found and successfully sell her first start-up in Belgium to UK agency Digitas LBi (Publicis). She is used to following the money to optimise data trails; now she follows the data to minimise increasing compliance and Privacy risks while touching upon security best practices and ethical data uses. Her mantra is “Data is the new Electricity, Privacy is the new Green, Trust is the new Currency”.
Aurélie has spoken at various events such as SXSW, Strata + Hadoop World, the IAPP’s Data Protection Congress, Webit, eMetrics summits, and written several white papers on Data Privacy and Privacy engineering best practices. Her experience and network has allowed her to discuss growing data set-ups and requirements as well as their risk, compliance and ethical angles in Europe, the US and Asia.
She leads her own consultancy with data privacy projects all around the world, is part of the European Data Protection Supervisor’s (EDPS) Ethics Advisory Group (EAG) and served as Data Governance and Privacy Advocate for leading Data Management Platform (DMP) Krux Digital Inc., prior to its acquisition by Salesforce. She teaches Privacy and Ethics at IE Business School in Madrid and supports DPO training courses for the Solvay Business School in Brussels as well as Maastricht University, faculty of law. In terms of volunteering, she co-chairs the IEEE’s P7002 – Data Privacy Process standard initiative while serving as a training advisor to the IAPP, the International Association of Privacy Professionals.

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)