Data Privacy Workshop

A practical approach for IT implementation and compliance

19 & 20 December 2017
9.00-17.00, 16 CPEs

Limited seats available - Register Now

This 2 day workshop will assist you in familiarizing with the fundamental principles, terminology, and legal implications and issues to manage based on the Data privacy new standards brought by the GDPR regulation. This workshop however will focus on best practices driven from ISACA’s guidelines and applied projects throughout Europe, that will help you understand what the IT Security, Audit, IT Assurance and Risk Professional should know to comply with the new GDPR EU regulation.

Learning objectives

  • Get a thorough introduction to the GDPR legislation, background, terminology, basic principles and the new role of the DPO.
  • Understand the rights for Data subjects, fundamental security issues and Privacy Impact Assessments, and the role and the power of the supervisory authorities
  • Understand the ISACA privacy principles and how to incorporate the ISACA privacy principles into each COBIT 5 enabler.
  • Use ISACA Privacy Principles to Build and Manage a Privacy Protection Program.
  • Use the ISACA privacy principles to perform GDPR-required data protection impact assessments (DPIAs) and how to accomplish GDPR DPIAs using the privacy principles.
  • Perform a case study using the GDPR DPIA tool.

Who should attend: IT professionals, IT Auditors and IT Security Professionals, Risk and Governance professionals and executives that plan to undertake GDPR tasks and responsibilities.


Legal Session (4 hours) presented by Elena Spiropoulou

Shifting from the current Data Protection Legislation to the GDPR. Obligations and Adjustment.


  • Introduction to the GDPR legislation, background and terminology.
  • The seven data protection principles:
    1. Lawfulness, fairness, transparency
    2. Purpose limitation
    3. Data minimization
    4. Accuracy
    5. Storage limitation
    6. Integrity & confidentiality
    7. Accountability
  • Special categories of personal data and the proof of the Data Subject’s consent.
  • The rights of Data Subjects, including access, deletion and profiling.
  • Obligations for the Data Controllers and Processors (privacy by design, privacy by default).
  • Security Issues and Privacy Impact Assessment.
  • The role of the data protection officer (DPO).
  • Transfers of Data to Third Countries (Privacy Shield).
  • The powers of supervisory authorities


Technical Session (12h), presented by Yves Le Roux

Using the ISACA Privacy Principles for implementing a Privacy Protection Program including GDPR.


  • The 14 ISACA Privacy Principles
  • Cobit 5 & the Privacy Principles
  • Using Cobit 5 Enablers to support the privacy protection program by implementing privacy Principles
    1. Privacy policies, principles and frameworks
    2. Processes, including privacy-specific details and activities
    3. Privacy-specific organizational structures
    4. In terms of culture, ethics and behavior, factors determining the success of privacy governance and management
    5. Privacy-specific information types and concepts for enabling privacy governance and management within the enterprise
    6. Service capabilities required to provide privacy related functions and activities to an enterprise
    7. People, skills and competencies specific for privacy
  • The 7 phases for implementing the Privacy Protection Program
  • Relationship of ISACA Privacy principles to. GDPR requirements
  • ISACA GDPR Data Protection Impact Assessment (DPIA)
  • Case study: Using ISACA Privacy principles for a DPIA
  • Ongoing privacy risk management

Participants will receive the following ISACA documents:

ISACA Privacy Principles and Program Management Guide

Implementing a Privacy Protection Program: Using COBIT 5 Enablers With the ISACA Privacy Principles,

GDPR Data Protection Impact Assessments and the Assessment Tool

Workshop Instructors

Yves LE ROUX, CISM CISSP, ISACA Privacy Guidance Task Force Chair

After his graduation from Paris University in 1970, Yves LE ROUX worked in the Rothschild Group where, among others tasks, he was in charge of the network security and other security related issues. In 1981, he joined the French Ministry of Industry where he was in charge of the Open Systems Standardization programs. In 1986, he took the position of European Information Security Manager at Digital Equipment. Then, he joined the security research and development team. In 1999, he went to Entrust Technologies, PKI software editor. In 2003, Yves joined Computer Associates Int. as a Technology Strategist. In April 2017, he retires from CA Technologies He has co-authored three books on security. He is a lecturer at ISEP (Paris Graduate Engineering School) and spoke in many conferences (e.g., EUROCACS/ISRM 2015, SEMAFOR 2015 , (ISC)² EMEA Congress 2015, (ISC)² Benelux, DACH and Dubai SecureSummits 2017).

Elena Spiropoulou, Lawyer, Accredited Mediator and Data Protection Officer 

Elena Spiropoulou, graduated from the Law School and has a Master’s degree in International Relations and Strategic Studies. In 2002 she established a law firm specialized in Internet Law, Intellectual Property and Data Protection and has worked in this field for more than fifteen years counseling and representing international and national firms in such subjects. She teaches legal issues of Digital Marketing in the Educational Institute of Athens University of Economics and Business and other educational institutes. She is an accredited Mediator and a Data Protection Officer.


CONFERENCE: 18 December 2017

Benaki Museum - 138 Pireos Av. 08.00-18.00

WORKSHOP: 19 & 20 December 2017

Hellenic American Union – 22 Massalias St. 09.00-17.00