Taking place at RAI Amsterdam on September 27 and 28, #RISK Amsterdam examines the trends and best practices organisations are employing to navigate today’s rapidly evolving risk landscape.
Puma Smagge has some 20 years of experience in Data Protection in various roles such as a Privacy Counsel, Privacy Officer and the GDPR defined position of Data Protection Officer.
Having worked in the pharmaceutical industry (R&D clinical trials worldwide), financial investment and the financial services sector, he is well versed with all categories of personal data being processed worldwide and within a complex chain of multiple processing levels.
Puma holds the firm opinion that data risk, ethics, governance, cyber security and privacy are intrinsically linked and that these issues do not stand in the way of doing business.
Puma will be at #RISK Amsterdam to discuss strengths and weaknesses of the new EU-US data transfer framework.
- Is Adequacy for EU-US Data Transfers Truly Adequate - Wednesday 27th September, 10:00 - 11:00pm (CEST) - Privacy, Security & ESG Theatre
We spoke with Puma about his professional journey and for an introduction into the themes on the table at his #RISK Amsterdam session.
Could you outline your career pathway so far?
My industry experience has been built up through years working with legal principles across numerous sectors, including healthcare law, pharmaceutical law, and privacy law. I am currently in a GDRP-related role as Data Protection Officer at Blauwtrust Groep BV, in an internal supervisory position.
Following the replacement of Privacy Shield, have we seen the last of transatlantic data transfer stresses?
The stresses will continue for a multitude of reasons. The stress should be more in how to overcome the challenges in order to ensure the rights of the Data Subjects at hand whilst enabling trans-Atlantic transfers.
What are the primary strengths and weaknesses of the new EU-US data transfer framework?
Among the strengths, the new EU-US data transfer framework leads to an awareness of what GDPR means and is making people take data protection more seriously.
In terms of weaknesses, we have a case of self-certification, but where is the proof of the certification? The self-certification goes back to Safe Harbour, with companies listed on the Data Privacy Framework (DPF) registry dating back to the Safe Harbour scheme. Have all these companies upgraded from Safe Harbour to Shield to DPF?
Fundamental differences with approaches to data protection between the two sides of the Atlantic remain. An Executive order as basis is weak insofar as it can always be repealed.
Replacing Privacy Shield has been a long and complicated process, apparently accelerated by the war in Ukraine and several concessions from the negotiators. But with Max Schrems already declaring his intention to challenge the new agreement, will EU and US data controllers ever truly be out of limbo?
This session will examine the new data transfer framework’s strengths and weaknesses, and explore what action businesses can take to prepare if the framework fails.
Also on the panel:
- Cassandra Moons, Head of Compliance & Data Protection Officer, TomTom
- Joseph Byrne, Principal Solutions Engineer, FIP, CIPP/E, CIPM, CIPT, GRCP
- Akkeroos Kremers, Legal Counsel, Data & Privacy, ESL FACEIT Group
- Graciela van Doornum, Chief Privacy Officer, The Netherlands Authority for Consumers and Markets
- Session: Day 1, Is Adequacy for EU-US Data Transfers Truly Adequate
- Theatre: Privacy, Security & ESG Theatre
- Time: 10:00 – 11:00pm (CEST)
- Date: Wednesday 27 September 2023
#RISK Amsterdam is also available on-demand for global viewing.