*This conference is a part of the Croatian Data Protection Agency’s ongoing awareness-raising campaign, encompassing monthly Data Protection Officer (DPO) trainings. These sessions include at least one training organized by AZOP and another conducted in collaboration with the State School for Public Administration.
On 26 April 2006 the Council of Europe decided to launch a Data Protection Day to be celebrated each year on 28 January, the date on which the “Convention 108”, first legally binding international instrument in the data protection field, was opened for signature. Data Protection Day is now celebrated globally and is called Privacy Day outside Europe.
To mark this special day, AZOP is organising a high-level conference “DPO-the job of the future”, dedicated to data protection officers from public, financial and IT sectors.
Although data protection officer forms a key part of the accountability obligations under the data protection legal framework and GDPR sets out that when appointing a DPO, organisations must make sure the appointment of a DPO is on the basis of his/her professional qualities and expert knowledge, reality paints a different picture.
The research that AZOP conducted with DPOs has shown that 54% of DPOs in Republic of Croatia have minimal experience and knowledge of data protection, and 82% of them clearly articulated their need for further education in the field of data protection. Most DPOs do not fully understand their responsibilities, and they exhibited insufficient knowledge about basic data protection concepts.
The goal of organising the conference is to raise awareness on the importance of the role of DPO among organisations from private and public sector, as well as give the opportunity to DPOs to exchange their real life best practice and gain new knowledge.
In the first part of the conference we expect keynote speeches from the high government officials, European Data Protection Supervisor, Mr Wojciech Wiewiórowski and Ms Anna Hänninen from the Finnish Data Protection Authority. Namely, the topic for the second coordinated enforcement action (CEF action in 2023) of the European Data Protection Board will concern the designation and position of the data protection officer. In a coordinated action, the EDPB prioritises a certain topic for data protection authorities (DPAs) to work on at the national level. The results of these national actions are then bundled and analysed, generating deeper insight into the topic and allowing for targeted follow-up on both the national and the EU level. The Finnish DPA is the coordinator of the CEF 2023 action on the designation and role of the DPO.
In the second part of the conference, divided in three panel sessions (dedicated to DPOs from public, financial and IT sectors), data protection experts from various fields will exchange their experiences, challenges and advice on how to overcome some of the GDPR compliance challenges.
Also, the conference will be an excellent opportunity to introduce participants to the proposal for a Regulation of the European Parliament and of the Council on the European Health Data Space, Artificial Intelligence Act and to a comprehensive set of new rules for all digital services- Digital Services Act (DSA) and Digital Markets Act (DMA).
Furthermore, one of the topics of the panel discussion will be the new directive of the Council of the European Union on Security of Network and Information Systems (NIS 2), which entered into force on 16 January 2023. Together with the NIS 2 Directive, the Critical Entities Resilience Directive (CER) and the Directive on Critical Entities Resilience. In addition to these two directives, DORA was adopted — the Digital Operational Resilience Act. The new NIS 2 will also apply to financial institutions (key sector — banking), with DORA being a lex specialis. The NIS 2 Directive aims to ensure the cybersecurity resilience of critical entities and the DORA aims to strengthen the security of financial entities. These regulations imply a systematic approach to compliance, and additional investments in human resources and cybersecurity which will certainly represent a challenge for organisations. To what extent the above-mentioned directives are related to the GDPR and how will this reflect to DPOs in hospitals, banks or to those in energy and telecommunication companies, to DPOs in state administration bodies that processes personal data of all citizens of the Republic of Croatia? Find out the answers to these and other questions at the conference on 27 January 2023 in Westin, Zagreb.
The aim of Data Protection Day is to raise awareness of the importance of data protection among all stakeholders and to improve knowledge of data protection rules in the Republic of Croatia. This is of utmost importance for the Republic of Croatia in the context of preserving European democratic values, cybersecurity, development of digital single market, ensuring free flow of data between EU and third countries and boosting economic growth.
PROGRAMME
11.00 – 11.45 – Keynote speeches
Mr Zdravko Vukić, director of the Croatian Personal Data Protection Agency
Mr Petar Mišević, advisor of the President of the Croatian Chamber of Economy,
Mr Bernard Gršić, State Secretary at the Central State Office for the Development of Digital Society
Mr Wojciech Wiewiórowski, European Data Protection Supervisor
Mr Nikola Mažar, Emissary of the President of the Parliament
PhD Mario Banožić, Emissary of the Prime Minister of the Republic of Croatia and Defence Minister
___________________________________________________________________________________________________________
11.45 – 12.45 – Panel session “The role of the DPO in the public sector”
Moderator: Ms Iva Nappholz, Croatian Employers’ Association
Keynote speech: Anna Hänninen, Coordinator of the EU- matters, Finnish Office of Data Protection Ombudsman
Panelists:
Ms Vlatka Vuković (lawyer and DPO, Horvath Wolf),
Mr Ivan Pristaš (Head of Department for Medical Informatics, Croatian Institute of Public Health),
Mr Igor Barlek (DPO, GDPR Croatia),
Mr Ante Barać (DPO, national power company HEP),
Ms Renata Mekovec, PhD (Faculty of Organization and Informatics)
______________________________________________________________________________________________________________
12.45 – 13.15 – Break
______________________________________________________________________________________________________________
13.15 – 14.15 – Panel session „Personal data protection in the financial sector: challenges and solutions”
Moderator: Ms Iva Katić, Croatian Personal Data Protection Agency
Panelists:
Ms Lara Grubišić (DPO, Erste Card Club),
Ms Renata Sabljić (Head of Compliance, Croatia insurance company),
Ms Josipa Višnjić (Head of Compliance and Legal Affairs, EOS Matrix),
Ms Danijela Pedić (DPO, Croatian Post Bank),
Mr Hrvoje Kuterovac (DPO, Financial Agency)
______________________________________________________________________________________________________________
14.15 – 14.30 – Break
______________________________________________________________________________________________________________
14.30 – 15.30 – Panel session “Is technology destroying privacy?”
Moderator: Mr William Bello, IAPP KnowledgeNet chapter Croatia
