Epic fails and good practices in the quest for GDPR compliance

This talk has been presented by Cristina DE LISLE, during the 2018 edition with the thematic “Compliance & conformance processes in the time of mainstream Open Source”.

Epic fails and good practices in the quest for GDPR compliance

Uniformisation at the European level of data protection legislation brought on the table a lot of criticism from the private sector specific to the national countries. Before the GDPR, member states had a different approach on how to interpret the previous Data protection directive 95/46/EC and the change raised a variety of interpretations in practice. Also, lots of actors came in the spotlight: the National supervisory authority, different public and private entities coming from all sectors of economy. IT companies found themselves driven in this ride and even with the best intentions nobody was able to find a complete, personalized guide to implement this new ruling that in theory is so welcomed. This talk is about pointing out some epic fails (without naming someone) on applying the GDPR, from which we can all learn. Also, it will point out main good practices in implementing data protection measures inside a company as XWiki – from the IT market sector, open source and with a significant care for data protection.

About Cristina De Lisle :

Office & Legal Administrator / DPO, XWiki

Cristina De Lisle is interested in software ever since beginning to work at XWiki, an open source project which made her more tech aware, coming from a juridical background. As a data protection officer, she is following the GDPR evolution and assessing its compliance with the company’s security standards.