Greetings from Munich!
“GDPR: strong on paper, weak on enforcement?” That was the question Undine von Diemar, a partner atÂ Jones Day, raised in her opening statement at DPI: Deutschland, the first IAPP conference in Germany. And, in response, German DPAsÂ at the event outlined their ongoing audit requests and discussed their plans to audit GDPR compliance in the next months.
At a pre-conference KnowledgeNet on Monday evening, opened by IAPP President and CEOÂ Trevor Hughes,Â Lothar Determann, partner atÂ Baker McKenzie, providedÂ insight into the California Consumer Privacy Act of 2018 and gave a U.S. perspective on current GDPR requirements. He was followed by Thomas Kranig, president of the Data Protection Authority of Bavaria for the Private Sector.Â Kranig announced plans to audit the privacy management systems of larger corporations in Bavaria with regard to their accountability requirements this month. In October, GDPR audits related to the handling of job applicants’ data are to follow, and the focus in November will be on the processes to monitor security breaches of international processors.
A similar approach will be undertaken by other DPAs in Germany, as well. The head of the DPA in the German state of Lower Saxony, Barbara Thiel, outlined in a joint session together with Mirka Moeldner, DPA of Bavaria for the Private Sector, that her DPA had started to audit GDPR compliance with 50 companies. At the moment, the focus is not to fine companies â€” but DPAs made it clear that companies have to be structurally prepared for the GDPR requirements.
Isabelle Vereecken, head of the EDPB Secretariat at theÂ European Data Protection Board, and Bas Van Bockel, head of Department of International, Policy and Strategy at the Dutch DPA, also weighed in, as Jedidiah Bracy outlines for The Privacy Advisor.
In essence, the IAPP conference in Munich had its focus on practical implementation of the GDPR requirements. In the bilingual sessions, privacy experts spoke about their experiences with the cornerstones of their privacy management programs: data mapping, vendor management, theÂ DPO’s place in the organization, conductingÂ DPIAs, data subject access rights, and privacy by design.
In a series of so-called â€œmicro talks,â€� privacy experts alsoÂ gave 15-minute snapshots of their individual experiences of the last year; it was a very interesting insight even for experienced privacy professionals in the audience.
With the first IAPP privacy conference in Germany being such a success, I am happy to announce that we will also see DPI:Â Deutschland 2019 taking place in Munich.
I would like to take the opportunity to thank Paul Jordan and the IAPP team for bringing the conference to my hometown. I would also like to thank the strong IAPP community in Munich, with its current KnowledgeNetÂ co-chairs Undine von Diemar;Â Ulrich Baumgartner, partner atÂ Osborne Clarke; and Michael Will, of theÂ Bavarian Ministry of the Interior; and all the other active IAPP members in the DACH region for making this event such a success.
To define, promote and improve the privacy profession globally is our mission at the IAPP. And with DPI: Deutschland, our privacy community in the DACH region nowÂ has its own annual platform.
Servus from Munich,