As today’s supply chains get more and more fractioned and complex and being more and more exposed to cyber attacks ( ENISA, Threat Landscape for Supply Chain Attacks, 29 July 2021) and to national security interventions by third countries, the challenge to make and keep such structures compatible with all GDPR requirements is becoming increasingly demanding. For a sound understanding of which GDPR requirements are applicable to which party involved in the processing chain, it is essential to assess at first the attribution of the various roles to each party ((joint) controller, processor, third party, recipient) with regard to each processing operation involved.
In July 2021 the EDPB adopted new guidelines (07/2020) on the concept of controller and processor. During this first BENELUX Square Table of ISACA, Vincent Wellens (Luxembourg), Peter Craddock (Brussels) and Terrence Dom (Amsterdam) of Benelux law firm NautaDutilh will lead us through these new guidelines. They will explain the impact of these guidelines on how relations with suppliers can best be structured from the perspective of compliance with the GDPR”
Speakers: Vincent Wellens – Peter Craddock – Terrence Dom
Vincent Wellens is a partner with NautaDutilh and head of the Luxembourg Intellectual Property & Technology law practice group. He represents major international, national and public sector clients on IT and digital transformation projects as well as on high-end privacy matters, also in a contentious context. Vincent practiced IP, Technology and competition law at other first-tier Luxembourg and Brussels law firms and gained in-house experience as EU TMT regulatory counsel at Post Luxembourg. He is the author of numerous publications, a frequent speaker at conferences and a member of several IP&ICT associations.
Peter Craddock has extensive experience handling complex projects in the fields of privacy and data protection, cybersecurity, e-commerce, software contracting and procurement, and the outsourcing of IT services. His unique combination of legal expertise and experience as a software developer allows him to provide targeted advice to SMEs and global players in a manner that reconciles business, technical and regulatory requirements. He also regularly assists clients with projects relating to new technologies and new ways of using data. Peter has assisted in the development of various tools for clients, particularly in the fields of data protection and cybersecurity, including a tool to assess the severity of data breaches and a smart checklist for compliance monitoring purposes.
Terrence Dom specialises in privacy and data protection law and is a member of the Benelux Data Protection Team and the Technology Group. He advises both national and international clients, often in a cross-border context, on all aspects of compliance with privacy rules and regulations including the General Data Protection Regulation (GDPR), the Dutch GDPR Implementation Act and the Dutch Telecommunications Act. Terrence’ services include, among other things, drafting and negotiating privacy related documents (e.g. privacy statements and data processing agreements) and assisting clients with respect to internal privacy conduct, data subjects’ rights, international data transfer, e-privacy (including cookies), e-marketing and telemarketing, personal data breach management and notification, data protection impact assessments, legitimate interest assessments and matters relating to statutory confidentiality obligations.