Francesca Gaudino is the Head of the Data Privacy and Cyber practice of Baker McKenzie in Italy.
Francesca works in the IT/C practice group since she joined the firm, specializing in the area of data protection and security, with specific attention to legal issues emerging in use of cutting-edge technologies. She assists clients in a full range of data protection and cyber related matters, including: data governance, education and training, adoption of devoted e-tools for HR management and reporting, critical personal data processing (i.e. biometric data, health data, profiling and targeting), transfer-border data flows, multi-jurisdictional platforms, social networks, cloud based and IT outsourcing deals. She also advice clients on the EU legislative scenario impacting data and technology, such as AI governance projects, compliance with the Data Act and Data Governance Act.
Francesca also advice clients on cyber matters, from setting up of incident response strategies to audits and governance projects.
Francesca provides advisory and also contentious advice, representing clients in front of the Italian Data Protection Authority and civil Courts.
Francesca is a regular contributor on international reviews and routinely holds lectures at University post-graduate courses; she regularly speaks at national and international conferences and workshops on data protection and cyber issues.
Sessions in which Francesca Gaudino participates
Thursday 15 May, 2025
This session will cover the legal implications and real-world use cases of anonymization, pseudonymization, and synthetic data. From enabling secure data sharing for research and ensuring compliance in clinical trials, the panel will dive into how some techniques can help meet privacy requirements while still fostering scientific progress. Key questions
Sessions in which Francesca Gaudino attends
Monday 12 May, 2025
Discussions surrounding the interplay of AI and Data Protection Laws will reveal how academics and practitioners from around the world manage the intersectionality of these laws. How do data protection laws and emerging AI intersect, and how do they complement each other? If you’re a privacy professional, legal expert, AI developer, or policymaker, this is your must-attend session, as it will feature professionals from Google, EDRI, DG Justice, a...
This panel will explore the new era of data governance, emphasising the importance of building simplified programs that inspire trust. It will take a holistic approach to data, privacy, cybersecurity, and artificial intelligence, incorporating global laws, regulations, and emerging trends. The discussion will highlight the secular nature of global laws, data sovereignty, restrictions on data transfers, and data minimization.
Generative AI development and deployment is exploding, but the recent EDPB Opinion 28/2024 and early enforcement actions (notably the fine against OpenAI by the Garante in Italy) signal that compliance with the GDPR must be taken seriously from the outset. Against this backdrop, our panel will explore how to build trust and avoid pitfalls when developing and deploying LLMs in Europe. We’ll examine the evolving legal landscape—and whether it leaves enough room for meaningful innovation....
This enriching session will shed light on the consequences of data scraping in regard to privacy and intellectual property rights. Data scraping refers to the automated extraction of data from websites, APIs, and other online sources, which consequently raises questions surrounding the secondary uses of such data. Attendees of this session will have the opportunity to hear from several European and global authorities on how they perceive and addr...
This session will explore how to design data spaces that aren’t just legally compliant but also fundamentally structured around privacy, security, and trust. By embedding compliance in the core of data infrastructure design, we can move beyond reactive measures and create environments that foster confidence and cooperation. Key questions
Il panel moderato dall’Avv. Cataleta Il panorama normativo cybersecurity e l’impatto sulle organizzazioni copre diversi aspetti relativi alla cybersecurity e non solo. L’obiettivo del panel è attuare delle riflessioni critiche su: scenario della severity degli attacchi cyber e panoramica nel settore manufacturing. Riflessioni sulla corrispondenza tra spesa in cybersecurity e numero degli attacchi e analisi dei rischi derivanti dall’esternalizzazione della ...
As AI usage seems to proliferate, international regulations may be the way to go to develop cross-border compliance and cooperation. Featuring representatives from both sides of the Atlantic, as well as renowned global think tanks, this session will discuss how organizations can effectively align themselves with international regulations to achieve convergence and interoperability. ...
This panel focuses on integrating the new cybersecurity obligations introduced by the NIS 2 Directive with the GDPR’s existing requirements for data integrity and confidentiality.
The Cyber Resilience Act (CRA) sets obligatory requirements for hardware and software products as well as infrastructure, aiming to guarantee high standards of security for all items connected to the internet. This session brings together experts to explore the CRA’s real-world implications, shedding light on the challenges, opportunities, and urgent questions surrounding cyber resilience.
In this insightful session, experts and professionals in the field will delve into the realm of post-quantum cryptography, exploring how we can strengthen data protection strategies and secure digital infrastructure against emerging threats. The panel will share thoughts on the potential risks and how new approaches are being developed. Key questions
AI systems are becoming more integrated into critical decision-making processes, which makes questions of liability and accountability more pressing than ever. If an AI-based decision goes wrong, who is responsible? This session will unite experts from Meta, Italian Institute for Privacy and Data Valorisation, AI Law Tech Institute, SGS, and CNPD to explore the evolving frameworks for AI liability and the role of certification in building respons...
Cyber threats are evolving at an unprecedented pace, which makes AI and machine learning essential tools in the fight against cybercrime, by enabling faster threat detection, automated responses, and predictive defense strategies. However, with these advancements come new challenges. The panel of this session will explore the future of AI-driven defense and what it means for privacy, security, and resilience.
We will inaugurate the fourth edition of the Privacy Symposium at the Official Welcome Reception. This event marks the beginning of a week rich in insightful discussions and open exchange, set in the inspiring atmosphere of Venice. Guests will have the opportunity to admire the remarkable works of Tintoretto, one of the city’s most celebrated painters, while connecting with professionals from diverse backgrounds and engaging in fruitful discussions. The evening will be enriched by...
Tuesday 13 May, 2025
The International Cooperation track serves as platform for exchanging ideas, building meaningful partnerships, and exploring innovative solutions beyond borders and across various disciplines. This session opens with an insightful discussion featuring an esteemed panel of high-level speakers and experts, such as the Secretary General of the Inter Parliamentary Union, U.N.
This exclusive 2-hour session equips regulators with essential AI knowledge for effective oversight. A seasoned AI-focused leader and two technical experts will offer concise explanations of fundamental concepts—from how AI processes data (tokenization, vectorization) to advanced applications (transformers, retrieval-augmented generation, agents). Attendees will explore synthetic data’s privacy implications, AI/ML security threats (e.g., data poi...
The purpose of the panel is to discuss transparency requirements in the digital data economy, and its benefits. The discussion will focus on the different recipients of transparency (individuals, companies, regulators), the different means (notices, company reporting, certification, KPIs) and how it impacts sustainability/ data responsibility in the age of AI.
In this thought-provoking session, the panel will dive into the intriguing world of neuro privacy. As breakthroughs in neuroscience offer unprecedented insights into the human brain, important ethical questions arise regarding the collection, use, and potential misuse of neural data. The speakers will explore the intersection between neuroscience, privacy, and fundamental human rights, while focusing on the emerging challenges and potential solut...
Standard Contractual Clauses (SCCs) have long been a go-to mechanism for ensuring compliance, but as different jurisdictions update their frameworks, the landscape is shifting fast. SCCs are defined as standardized clauses that allow data transfers outside of the European Economic Area. This insightful session explores the latest developments in SCCs across EU and beyond, with a special focus on the path towards in...
While the EU has set a global benchmark with GDPR, effective privacy enforcement requires collaboration beyond its member states. This simply means that privacy doesn’t stop at borders, and neither should data protection. European Data Protection Authorities face growing challenges in aligning regulations, sharing strategies, and tackling cross-border data transfers with non-EU countries. This session brings together data protection professionals...
While regulators worldwide are fighting the same battles, too often they’re doing it in isolation. This session brings together industry experts and distinguished officials from EDPS, Dutch Data Protection Authority, Office of the Privacy Commissioner of Canada, and US Department of Justice. Attendees will learn about the real challenges of cross-border privacy enforcement and explore the ways in which regulators can work together to turn fragmen...
From GDPR to emerging AI regulations, organizations must navigate complex frameworks while ensuring seamless data flows across borders. This session will bring together experts to discuss practical strategies for overcoming regulatory conflicts, enabling responsible data practices, and fostering global cooperation. Key questions
The last few years have seen a significant increase in digital solutions that support privacy friendly electronic identification and authentication: mobile identity wallets, zero knowledge proofs, verifiable credentials, age assurance applications, and so forth. Legislators are also increasing their support for these solutions. But are they actually trustworthy from a privacy perspective? This session will explore the potential, and the pitf...
After a productive day of engaging sessions, what better way to refresh than by enjoying a traditional Aperol Spritz at the Privacy Professionals’ Meet-up? Join us for a relaxed evening of conversation and connection over this iconic Italian cocktail. It’s a unique opportunity to get to know other participants of the Privacy Symposium, while enjoying a taste of the dolce vita in true Venetian style.
Wednesday 14 May, 2025
Europe’s data regulations are very intricate to form the whole picture, which means that each piece is essential, yet constantly shifting. The Data Act, Data Governance Act and GDPR are not isolated frameworks; they are deeply intertwined to shape the way we interact with the digital reality. This session unites esteemed professionals and officials from Euroconsumers, DG Justice, DG Connect, and Lativia DPA, diving beyond the legal aspect to unco...
With international data transfers under increasing regulatory and judicial scrutiny, organizations must adapt to evolving compliance challenges. From the European General Court’s ruling in Bindl v Commission to ongoing discussions around the EU-US Data Privacy Framework, the need for redundancy in GDPR transfer tools to avoid overreliance on a single transfer mechanism is crucial. This panel will explore key legal developments, risks, and ...
A dedicated meeting to exchange knowledge and showcase innovative approaches to privacy and compliance, bringing together esteemed authorities, organisations, and research projects. It offers a unique opportunity to explore and engage with practical resources, including tools designed to support compliance with data protection regulations.The Exhibition Area will be held in the Atrium of the Scuola Grande di San Giovanni Evangelista and will be accessible the whole week ...
Explore the critical issues shaping HR data privacy in the age of AI. This panel of government and legal experts will address the complexities of cross-border data flows, emerging compliance requirements, and the implications of AI for human resources data. Discover strategies for fostering international cooperation and ensuring robust employee data protection in a rapidly evolving regulatory landscape.
Imagine this: A multinational company grappling with an unexpected ransomware attack. Stakeholders are on edge, the clock is ticking, and swift decisions are paramount. This isn’t just a test of your expertise, but also a measure of how well you can handle pressure, make crucial decisions with your team, and lead during chaos. This two times award finalist service (Finnish Comms Awards 2025 and 2025 SABRE EMEA ...
Il settore della ricerca è probabilmente quello che oggi è più in fermento. Molte sono le novità normative, sia a livello europeo che a livello nazionale; alcune sono già state pubblicate, altre invece stanno completando il loro iter approvativo. Le Regole Deontologiche per i trattamenti a fini statistici e di ricerca scientifica si trovano davvero in mezzo al guado e potrebbero correre il rischio di “nascere già vecchie”.In questo panel, a...
This expert panel will delve into the multifaceted challenges surrounding cybersecurity and privacy incident management, as well as personal data breaches within the European regulatory landscape. With contributions from industry leaders, privacy professionals, and regulators, the discussion will highlight the interplay between key regulations such as the GDPR and the NIS 2 Directive, emphasizing their evolution in the context of AI systems and m...
Marking the halfway point of the conference, have a relaxing evening at the Privacy Professionals’ Meet-up. Enjoy a refreshing spritz while engaging with other privacy experts. After a productive day of sessions, this is an excellent occasion to meet with other participants and speakers, resume discussions, and enjoy a relaxing evening.
Thursday 15 May, 2025
This session will welcome industry professionals to explore the adoption of the European Health Data Space (EHDS) regulation and its impact on obligations and compliance requirements. Drawing on the panel's insights, the discussion will cover the practical aspects of implementing EHDS, while also addressing the challenges and opportunities it presents. Key questions
In pursuit of medical breakthroughs, data is considered a goldmine. At the same time, accessing medical data should not come at the expense of crossing legal and ethical lines. This session will tackle one of the most important issues in medical research today: the lawful use of patient data for secondary purposes like advancing scientific discovery and healthcare innovation. The distinguished panel of this session will explore the complex questi...
Medical research often relies on accessing large and diverse datasets from different regions to ensure the results are comprehensive and unbiased. This session will explore the opportunities, needs, and challenges involved in sharing medical data across borders. The European Health Data Space (EHDS) offers a framework to enable such international collaboration, but how does it function in practice? What are the potential constraints in other juri...