Wolf Theiss conference prepares companies for the GDPR
Bucharest, 13th of October 2017: The “GDPR Roadmap – Connecting the business lines” conference was organized by the international law firm Wolf Theiss in the context of the European Parliament’s decision to adopt the New EU General Regulation regarding data protection (GDPR). The event aimed to prepare the companies for GDPR application, emphasizing in the same time that companies need to comply with the GDPR no later than 25th of May 2018.
The event was a real success, reaching a number of over 100 participants, representatives from important companies in different industries such as banking, medical – pharma, insurance, IT, telecom, energy, retail, auto, FMCG. The conference was also a good occasion to present the newest Wolf Theiss Partner in Romania, Maria Maxim, a specialist with over 20 years of experience in the legal field, compliance and data protection. Maria also held for seven years the position of Data Protection Officer for six companies active in the Romanian telecommunications market.
„The main purpose of the new General EU Regulation was to adapt both European and national legislation to the current technological development, offering an adequate level of data protection for natural persons. Data operators and their authorized data processors are obliged to align with this legislative standards in a very short period of time in order to avoid tougher penalties, with fines of up to 4% of global turnover”, stated Maria Maxim, Wolf Theiss Partner and Head of Data Protection and Compliance Practice.
The conference was opened by Bryan W. Jardine, Managing Partner of Wolf Theiss Bucharest and included as speakers specialists in the data protection field, representatives of Wolf Theiss, The National Supervisory Authority for Personal Data Processing (ANSPDCP) and Oracle.
Moderated by Gabriela Hârțescu, General Manager of Romanian Banking Institute, the first panel addressed the specific implication of GDPR in Romania, the organizational measures from a legal perspective that can be adopted by companies and the role of the IT systems in the process of ensuring compliance with the GDPR.
Alina Săvoiu, Head of Legal and Communication department ANSPDCP presented the novelty aspects of the Regulation and also the Authority’s priorities for the following period. She presented also ANSPDCP’s implementation Guide issued in September 2017 and which can be found on the Authority’s website.
Maria Maxim offered a legal practical interpretation of the main articles of the Regulation and Helmut Waitzer, Chief Information Officer Wolf Theiss, presented the technical and organizational measures that the data operators must implement in order to ensure the security and confidentiality of the data.
“Internal data classification and technical implementation is very time-consuming but new technologies are available to support the GDPR requirements. Unfortunately, some challenges to fulfil the GDPR like the backup of data are still not solved by the software. Moreover, it should be noted that irrespective of the efforts, 100% IT security is not possible, as human errors may happen. It is very important for the companies – data controllers and data processors to include data protection training in their compliance programs with a frequency established by the companies’ risk matrix” stated Helmut Waitzer.
Moderated by Maria Maxim, the second panel focused on the main rules of security and confidentiality of GDPR. Silviu Teodoru, Enterprise Architect Oracle Romania discussed again about the technical aspects and the IT steps to follow for GDPR alignment.
Daniela Dosan, Wolf Theiss Associate, ended the conference with a discussion on the importance of integrating the Data Protection Officer inside the companies. „A novelty element brought by the new EU General Regulation within the Romanian legislation regarding data protection is the Data Protection Officer. Considered to be one of the main pylons of this new regulation, he/her can ensure a unitary and continuous process of compliance with the legal requirements for the data processing activities made by different entities.”
Read the full text