Session Overview Slides

Overview Speakers and Facilitators

Day 1 – Thursday, March 7th

8:30 – 9:00

Coffee and Welcome

Welcome and Intro
Speakers: ISB / CEESA / Zagreb

9:00 – 10:30

Session 1: GDPR: The Foundations of Data Privacy

Presentation: Cosimo

Speaker: Cosimo Monda, ECPC

  • Legal Framework – context.
  • What is Personal Data / Data Protection:
  • Key concepts of GDPR
  • Principles (lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage, integrity, accountability).
  • The value of case law moving forward: relevant examples for schools

10:30 – 10:45

Coffee Break


10:45 – 12pm

Session 2: Data Processing in Schools

Presentation: Leena

Facilitator: Lee Fertig
Speaker:  Leena Kuusniemi, FIPRA

  • Lawful Basis (Article 6): Grounds for processing within schools:
  • The trouble with Legitimate Interests
  • What Consents should you be seeking as a school?

12 – 1:30pm

Session 3: To DPO or not to DPO?

Presentation: Chris and Irene

Facilitator:  John Mikton – ISL

  • DPOs: Do you need one? (GDPR Chapter III) Practices carried out by schools in support of Chapter III (Rights of the data subject)
  • Legal interpretation of the text
  • DPO on the frontline: School DPO representative – questions arising in support of the value of the role to date
  • Presentation: Baseline list of policies required

1:30 – 2pm

Working Lunch


2 – 3:30pm

Session 4: Data Mapping and Data Subject Rights

Presentations: Peter and Tash


Facilitator: Sylvia Gillpatrick, CEESA
Presentation: Tash WhitakerWhitaker Solutions Ltd.

  • Data Subject Rights – what rights do your data subjects have to their data and when?
  • Schools presentation of Data Mapping and practical experience of the process
  • Discovery/ experience of Gap Analysis via the DM process.
  • Maintenance of Record of Processing Activities and monitoring schedule

3:45 – 5pm.

Session 5: Accountability: DPIAs, DPAs, Data Transfers

Presentation: Tash


Facilitator:  Neven SoricAISZ
Presentation: Tash WhitakerWhitaker Solutions Ltd.

  • Are you a Controller or a Processor? (Controller/ Processor vs Controller to Controller relationship)
  • DPIA and DPAs
  • Rules around Data Transfer
  • Best Practice/ Poor Practice: What to look out for
  • Risk Management and Risk Mitigation – Social media focus
Day 2 –  Friday, March 8th

8:25am – 8:55 am

American International School Zagreb School Tour


9am – 10:30 am

Session 6: Time – Limited Responses: Data Breach and Subject Access Requests

Presentation: Mark and Leena

Facilitator:  Mark DilworthZIS
Expert Presentation: Leena Kuusniemi Legal Advisor, FIPRA

  • Data Breach, and SAR
  • Experience of a SAR

10:30 – 10:45



10:45 – 11:45 am

Session 7: Challenges and Change Management: Building a successful culture for Privacy by Design.

Facilitator:  Cosimo Monda, ECPC

  • GDPR-PR(!) Risk Management and the culture of change: key messages and practices
  • IT Security: Best practice, levels of security appropriate to the risk, BYOD
  • Communications, Marketing, and Alumni
  • Awareness raising in the workforce:
  • Challenges and Success from the frontline

12 – 1pm

Session 8: Closing Session

Presentation:  Leonardo Cervera Navas
Presentation: Cristina Hoyos Morillas


  • Presentation from the European Data Protection Supervisor
  • Presentation from the European Schools
  • Zagreb Declaration

3 pm

Post Conference Reflection