Data privacy in Luxembourg: GDPR and beyond
The General Data Protection Regulation (GDPR) is certainly the most significant personal data legislation in the past 20 years.
- To what extent are you prepared to pay a fine that might reach 4% of your organisation turnover?
Attend our training and get practical advice on how to set up a compliant programme within the organisation.
This module is part of our Data & AI curriculum.
Duration: 4h
Language: Available in English and French. The supporting material is only available in English.
Number of participants: up to 15
Available as intra-company course (i.e. dedicated session on demand)
Course content can be customised on demand under specific conditions.
Objectives
By the end of this training, participants will be able to:
- explain the main principles of the regulations and their impacts;
- determine the steps to implement in order to ensure compliance;
- establish a GDPR compliance programme;
- review and analyse the current personal data protection programme taking into account the new requirements.
Content
- Regulatory framework for personal data processing
- Regulatory context related to the processing of personal data and, in particular, the new principles (i.e. data minimisation, personal data protection by design, etc.)
- Processing conditions, and data subject rights, in particular, the new rights (i.e. portability, the right to be forgotten, etc.)
- Personal data types, their locations as well as their retention period
- Archiving rules and destruction of personal data
- Communication of personal data
- Personal data transfers to third parties
- Personal data transfers out of the EEA
- Internal and external actors that are involved in personal data processing
- Responsibility of the service provider
- How to demonstrate accountability
- Maturity evaluation
- Implementation of adequate rules
- Sustainable compliance
- Implementation of the needed measures to ensure security and confidentiality of personal data
- Legal obligation to protect personal data
- Specificities of the personal data management by third parties and risks related to cloud computing
- Importance of impact studies and vulnerability studies
Target audience
- Data protection officers
- Chief information system officers
- Compliance officers
Our lead experts
This training is coordinated by Frédéric Vonner, Partner, and Antonin Jakubse, Senior Manager at PwC Luxembourg.
Frédéric Vonner is a partner with over 22 years of experience managing projects and advising asset managers and securities service providers in the investment fund industry, primarily in Luxembourg. He specialises in operational excellence and regulatory compliance for UCITS and alternative funds, with a strong focus on sustainability and sustainable finance, covering strategy, compliance, and implementation. Frédéric is also an experienced trainer and course facilitator for both soft skills and technical topics. He actively contributes to ALFI and EFAMA working groups and has led numerous client projects including sustainable finance assessments, UCITS V and AIFMD implementations, depositary and GDPR assessments, fund administration reviews, and service provider rationalisation.
Antonin Jakubse is a senior manager and seasoned project manager specialising in optimising operational effectiveness and efficiency, particularly within financial institutions and regulatory frameworks such as GDPR. He has a proven track record of successfully guiding complex projects to completion by focusing on clear communication with all stakeholders and balancing both strategic oversight and detailed project elements to foster team collaboration. As PwC’s subject matter expert on outsourcing activities, Antonin provides clients with comprehensive guidance on project management and regulatory compliance. His leadership includes managing project communication, organising workshops, proposing process improvements, and ensuring seamless collaboration across teams and jurisdictions.
