25.04.2023 IT Data GDPR IT

Conference on the occasion of the 5th anniversary of the GDPR

© Chambre Commerce Luxembourg

For the five years of the entry into force of the General Data Protection Regulation (GDPR), the Chamber of Commerce organized a morning conference on April 24, 2023. The various presentations dedicated to personal data news focused on the principles to be mastered and the tools available to companies to ensure their compliance.

The Director of the legal department of the Chamber of Commerce welcomed the 150 participants to the event. Several speakers then followed one another to address the practical questions raised by an increasingly dense regulatory framework.

Given the importance of being able to guarantee the security of the processing of personal data, Mr Alain Herrmann, commissioner at the National Commission for Data Protection (CNPD) returned to what must be understood of the principle of security of processing (provided for in article 32 of the GDPR) in the context of VSEs/SMEs. He also presented the future self-assessment tool for these companies that the CNPD (in collaboration with the Luxembourg House of Cybersecurity in particular) is developing for the Grand Duchy. This simple, intuitive and free compliance tool project is called the “ALTO project”.

Data processing in the field of human resources, from the recruitment phase to the end of the employment contract was presented by Maître Virginie Liebermann, counsel within the MOLITOR study, who notably highlighted the good reflexes to be adopted in terms of informing employees and keeping their personal data.

Maître Mickaël Tome, partner in the Togouna & Tome study, presented the main points of attention involved in the use of cloud-based services, an increasingly widespread solution, which can present risks in terms of information security and hence data confidentiality.

The certification of personal data processing under the “GDPR-CARPA” certification scheme was presented by Mr. Cédric Leroy, Regulatory & Compliance partner at Haca Partners. He detailed the operation of this certification developed by the CNPD for the Luxembourg ecosystem, allowing a company to demonstrate that one or more personal data processing operations it carries out comply with the GDPR.

Maître Dorothée Ciolino, counsel at the Norton Rose Fulbright firm, then presented the good reflexes that any company should adopt in terms of informing visitors to websites, mainly concerning the management of cookies and related legal notices.

The Conference ended with the theme of the emergence of a body of European rules as an extension of the GDPR. Ms Mona-Lisa Derian, from the legal department of the Chamber of Commerce, gave an overview of several European regulations which are largely inspired by the GDPR (Data Governance Act, Digital Market Act, Digital Services Act) or in the process of being so ( Data Act), emphasizing the challenges and opportunities for companies in this European “digital package”).

The speakers’ presentations are available for download in the appendix.

Source: Chambre Commerce Luxembourg