This is the introductory slide deck for the joint event by the legal hackers (Brussels chapter) and the Belgian data scientists on 1 August 2017. The aim was mainly to introduce the session where everybody could ask questions and those with the answers could give them.
The event's page is here: https://www.meetup.com/Brussels-Legal-Hackers/events/241266134/
The event's message board is here: https://www.meetup.com/Brussels-Legal-Hackers/messages/boards/thread/51045002
A second session is planned for 5 September 2017 at Digityser in Brussels.
5. COMMON GOAL
•SUPPORT THE BUSINESS IN HANDLING AND USING (PERSONAL) DATA
•“RESPONSABLY”,
•LIKE A “GOOD HEAD OF THE FAMILY”,
•IN LINE WITH THE STATE-OF-THE-ART AND THE LAW
12. CHATHAM HOUSE RULE
• THE CHATHAM HOUSE RULE ORIGINATED AT CHATHAM HOUSE WITH THE AIM OF PROVIDING ANONYMITY TO
SPEAKERS AND TO ENCOURAGE OPENNESS AND THE SHARING OF INFORMATION. IT IS NOW USED
THROUGHOUT THE WORLD AS AN AID TO FREE DISCUSSION.
• THE CHATHAM HOUSE RULE READS AS FOLLOWS:
•WHEN A MEETING, OR PART THEREOF, IS HELD UNDER THE CHATHAM
HOUSE RULE, PARTICIPANTS ARE FREE TO USE THE INFORMATION
RECEIVED, BUT NEITHER THE IDENTITY NOR THE AFFILIATION OF THE
SPEAKER(S), NOR THAT OF ANY OTHER PARTICIPANT, MAY BE REVEALED.
https://en.wikipedia.org/wiki/Chatham_House_Rule
15. QUESTIONS…
• RAISE QUESTIONS
• DID ANYONE PREPARE A PRESENTATION FOR HIS / HER QUESTION?
• QUESTIONS CAN BE LEGAL, TECHNICAL, ORGANISATIONAL, PRACTICAL,…
• QUESTIONS OF PEOPLE A BIT FURTHER FROM A PRACTICAL IMPLEMENTATION MAY SHED A FRESH LIGHT
ON THINGS.
16. … & ANSWERS
• WE HOPE WE HAVE GATHERED ALL TYPES OF SKILLS IN THE ROOM TO FIND THE ANSWERS.
• ANSWERS CAN BE
• A CLEAR VIEW ON THE THEORY,
• POTENTIAL TOOLING,
• TEMPLATES OR (ANONYMISED) EXAMPLES,
• …
• ANSWERS ARE NOT ADVICE , JUST A BEST EFFORT NUDGE IN A (GOOD) DIRECTION.
17. TALLY UP
KNOWLEDGE
• LAW
• DATA SCIENCE
• DATA GOVERNANCE
• BUSINESS INTELLIGENCE
• MARKETING
• HUMAN RESOURCES
• TOOLING
EXPERIENCE
• PROJECT LEAD
• EXPERT
• DATA STEWARD / IMPACTED BUSINESS
• COMPLAINTS HANDLING / DS RIGHTS
18. TALLY UP
SIZE
• ONE MAN
• SME
• LARGE COMPANY
• GROUP
• AFFILIATE
• (REGIONAL) TOP
SECTOR
• LOW ON (PERSONAL) DATA
• MANUFACTURNING
• IOT PRODUCTS
• DATA GOVERNANCE TOOLING
• BIG DATA MANAGEMENT TOOLING
• HIGH ON (PERONSONAL) DATA
• PROCESSOR
• CLOUDSERVICES
• MARKETING AGENCY
• R&S AGENCY
• PAYROLL AGENCY
• CONSULTANCY
• CONTROLLER
• DATA BROKERAGE
• HEALTH
• FINANCE
• R&S COMPANY (“INTERIM”)
19. TALLY UP
SYSTEMS
• NO LEGACY SYSTEMS
• WORKING WITH STANDARD SYSTEMS
• SYSTEMS SOMEWHAT CUSTOMIZED
• CORE SYSTEMS ARE CUSTOMIZED (= ”LEGACY”)
• CLOUD
• ALL CLOUD PRODUCTS
• SOME CLOUD PRODUCTS
• NO CLOUD PRODUCTS
PROFIT
• NOT-FOR-PROFIT
• GOVERNMENT
• ASSOCIATION
• FOR PROFIT
• COMMERCIAL ENTERPRISE
• COMMERCIAL CORPORATION
20. TIME MANAGEMENT
18:30 Welcome and introduction … that’s where we are now
19:00 Break-out 1 A:
B:
19:45 Break + switch Central stage - bar
20:00 Break–out 2 A:
B:
20:40 Re-assemble and short debrief (max. 5’ per BO) Central stage
21:15 The floor is open Central stage - bar
21. SUGGESTION 1
1 2
A GDPR supporting tooling GDPR in SMEs
B GDPR and public information GDPR in the Business as Usual
25. AVOID SYMANTIC DISCUSSIONS
• TRY TO USE OR LINK TO THE DEFINITIONS IN THE GDPR
• TRY TO CONNECT LANGUAGES: EXPLAIN TERMS (IN SHORT)
26. KEEP IT PRACTICAL
• DOES NOT MEAN: DON’T ABIDE THE LAW, OR PUT IT ASIDE,…
• IF RISK TAKING IS INVOLVED, MENTION IT
• TRY TO BE CONCRETE
• WHAT TOOL CAN YOU USE?
• WHAT ARE SPECIFIC STEPS?
• ….
• AVOID (PURELY) THEORETICAL QUESTIONS / ANDWERS
27. TRY TO GET FACTS STRAIGHT
• IF SOMETHING CAN BE CHECKED OR EXPRESSED OBJECTIVELY, DO IT
• USE THE TEXT OF THE GDPR
• CHECK IT ON THE INTERNET (WITH CARE)
• …
28. BINDING INTERPRETATION OF THE LAW
• EUROPEAN COURT OF JUSTICE : IS NOT HELPFUL SINCE ONLY AVAILABLE IN 3-5 YEARS AT BEST
• EUROPEAN LEGISLATOR (INTERPRETATIVE LAW): UNLIKELY
• NOT (BUT TO BE TAKEN INTO ACCOUNT DUE TO ENFORCEMENT MECHANISM)
• SINGLE EUROPEAN MEMBER OF THE LEGISLATOR (COMMISSION, PARLIAMENT, COUNCIL)
• ARTICLE 29 WORKING PARTY / EUROPEAN DATA PROTECTION BOARD
• NATIONAL DATA PROTECTION AUTHORITY
31. KEEP THE DISCUSSION RELEVANT
• AIM: GET A SPECIFIC ANSWER TO A SPECIFIC QUESTION
• STAY ON TARGET
• PERHAPS PARK SOME (SUB)QUESTIONS OR DISCUSSION TO RESEARCH A BIT FURTHER OR TO OUTSIDE OF THE
GROUP (TO LATER BRING IT BACK IN)
• WHEN SPEAKING TRY TO BE ON POINT AND CONCISE, BUT EXPLAIN TERMS AND ANSWER QUESTIONS IF NEED BE
• DON’T DRAG DISCUSSIONS
• SOMETIMES THERE IS NO SINGLE CORRECT ANSWER (E.G. IN TERMS OF RISK APPROACH)
• CHECK RELEVANCE REGULARLY
33. LEARN
• LISTEN TO WHAT OTHERS (HAVE TO) SAY
• A DIFFERENT APPROACH MAY BE USEFUL JUST AS A BENCHMARK
• ASK QUESTIONS IF YOU DON’T UNDERSTAND SOMETHING, BUT LET PEOPLE FINISH THEIR REASONING IF
POSSIBLE, SO WRITE DOWN FOLLOW UP QUESTIONS
36. TIME MANAGEMENT
18:30 Welcome and introduction … that’s where we are now
19:00 Break-out 1 A:
B:
19:45 Break + switch Central stage - bar
20:00 Break–out 2 A:
B:
20:40 Re-assemble and short debrief (max. 5’ per BO) Central stage
21:15 The floor is open Central stage - bar
41. Whatwecomprehend
What there is to know
What we
don’t know
we know
What we
know we
know
What we
don’t know
we don’t
know
What we
know we
don’t know
Unknown
Unknown
Known
Known
FOCUS
42. GDPR - NEW
• PROCESSOR NOW ALSO AN ADDRESSEE
• ORGANISATION
• ”ACCOUNTABILITY” (REVERSAL OF THE BURDEN OF PROOF), CONCRETE
• PROCESSING REGISTER (AND RISK REGISTER)
• PRIVACY IMPACT ASSESSMENT (“PIA”)
• PRIVACY BY DESIGN AND PRIVACY BY DEFAULT
• DATA PROTECTION OFFICER
• ACKNOWLEDGEMENT OF “FRAME”-MECHANISMS: CERTIFICATIONS, CODES OF CONDUCT,
BINDING CORPORATE RULES,…
• INCIDENT MANAGEMENT AND DATA BREACH NOTIFICATION
• RIGHTS OF INDIVIDUAL ARE INCREASED AND FURTHER ELABORATED
• ENFORCEMENT
• ADMINISTRATIVE FINES UNIVERSAL AND UNIFORM
• COLLECTIVE ACTIONS OF INDIVIDUALS UNIVERSAL AND UNIFORM
You don’t need to win a single étappe, it is smarter to stay in the bus
Jack Whitehal
Possible that we don’t know the answer in the group
It is not ananàs or anànas, but pineapple
If it walks like a duck, and kwaks like a duck, it must be a duck.
1. Roll you sleeves up
2. No discrimination: also for women
3. Proverbially, get your hands dirty
May be stretching it a bit?!
House is portrayed as one of the best differential analysis doctors in the world, and still he has a team
There is so much we don’t know
To remind him of that Umberto Eco has a big library of unread books
Dorfman 1997
Tolerate (retain), Treat (mitigate), Terminate (eliminate) and Transfer (by contract or insurance)
Check GRC Tuesdays: a new approach to risk oversight: A lens to look through and levers to pull” SAP
“As we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don’t know we don’t know.” – Donald Rumsfeld
https://www.theatlantic.com/politics/archive/2014/03/rumsfelds-knowns-and-unknowns-the-intellectual-history-of-a-quip/359719/