Dr Karolina Gałęzowska is a privacy and emerging technologies lawyer with a PhD in Law and an LL.M. in Privacy, Cybersecurity, and Data Management from Maastricht University. She has broad experience as a Data Protection Officer and legal advisor across the banking, e-commerce, food and beverage, and technology sectors. Her work spans privacy and AI governance, regulatory and AML compliance, cloud migration strategy, and digital transformation. Karolina has played a key role in developing privacy programs, leading legal assessments for innovative technologies, and successfully navigating organizations through regulatory audits. She is the author and co-author of several legal commentaries on the GDPR, AML regulations, and the Digital Services Act.
Sessions in which Dr Karolina Gałęzowska participates
Monday 12 May, 2025
Sessions in which Dr Karolina Gałęzowska attends
Monday 12 May, 2025
The AI and Compliance track serves as a dynamic platform for dialogue, knowledge exchange, and collaboration on the evolving legal and regulatory landscape of AI, in addition to its increasing involvement in all aspects of our personal and professional lives. This opening session welcomes the Rector of Ca' Foscari University of Venice and the Chair of the Privacy Symposium to set the stage for insightful discussions.
Discussions surrounding the interplay of AI and Data Protection Laws will reveal how academics and practitioners from around the world manage the intersectionality of these laws. How do data protection laws and emerging AI intersect, and how do they complement each other? If you’re a privacy professional, legal expert, AI developer, or policymaker, this is your must-attend session, as it will feature professionals from Google, EDRI, DG Justice, a...
Compliance with the AI Act relies a great deal on robust risk management. However, small and medium entreprises (SMEs) often do not have a risk management policy in place and it is difficult for them to identify, analyse, assess, and mitigate risks related to AI systems privacy and security. On the other hand, whichever methodology an organisation chooses, the underlying cybersecurity and privacy issues that accompany the use of AI systems remain technically the same. This session will ...
This panel focuses on integrating the new cybersecurity obligations introduced by the NIS 2 Directive with the GDPR’s existing requirements for data integrity and confidentiality.
The Cyber Resilience Act (CRA) sets obligatory requirements for hardware and software products as well as infrastructure, aiming to guarantee high standards of security for all items connected to the internet. This session brings together experts to explore the CRA’s real-world implications, shedding light on the challenges, opportunities, and urgent questions surrounding cyber resilience.
Agentic AI is ushering in a new era of technological capability, with systems designed to autonomously achieve complex goals by reasoning, planning, and using digital tools. This innovation holds transformative potential. Our panel will explore the evolving data protection considerations that accompany these advancements. Join leading experts as they discuss how familiar privacy principles apply in this new context and identify emerging questions, fostering a di...
Cyber threats are evolving at an unprecedented pace, which makes AI and machine learning essential tools in the fight against cybercrime, by enabling faster threat detection, automated responses, and predictive defense strategies. However, with these advancements come new challenges. The panel of this session will explore the future of AI-driven defense and what it means for privacy, security, and resilience.
We will inaugurate the fourth edition of the Privacy Symposium at the Official Welcome Reception. This event marks the beginning of a week rich in insightful discussions and open exchange, set in the inspiring atmosphere of Venice. Guests will have the opportunity to admire the remarkable works of Tintoretto, one of the city’s most celebrated painters, while connecting with professionals from diverse backgrounds and engaging in fruitful discussions. The evening will be enriched by...
Tuesday 13 May, 2025
The session will begin with the presentation of research work on the evaluation of the benefits of compliance (combining costs, returns, gains of compliance analysis). The objective will be then to discuss on the KPIs that can be used to measure the positive returns of compliance by incorporating the perspectives of stakeholders who advocate, monitor, implement, control, or finance compliance actions.
With evolving regulations and shifting privacy frameworks, how can businesses and privacy professionals navigate the global advancements of cross-border data transfers? This insightful session will explore the latest developments on a global scale, in addition to the latest trends and practical strategies for ensuring compliance. The panel includes high-level professionals from DG Justice, Information Commissioner’s Office, European Digital Right...
There is a lack of consensus among governments about what it means to be trusted and how to determine what constitutes a trusted cloud service provider in the context of data protection and cybersecurity. Without a common framework and criteria to assess trustworthiness, there will continue to be a lack of trust in data flows, hindering innovation and growth in today’s data-driven economy. This panel will discuss the development of a criteria-bas...
From GDPR to emerging AI regulations, organizations must navigate complex frameworks while ensuring seamless data flows across borders. This session will bring together experts to discuss practical strategies for overcoming regulatory conflicts, enabling responsible data practices, and fostering global cooperation. Key questions
The last few years have seen a significant increase in digital solutions that support privacy friendly electronic identification and authentication: mobile identity wallets, zero knowledge proofs, verifiable credentials, age assurance applications, and so forth. Legislators are also increasing their support for these solutions. But are they actually trustworthy from a privacy perspective? This session will explore the potential, and the pitf...
Convention 108+, the ‘modernised’ version of the Council of Europe’s data protection treaty, is positioned to play a key role in shaping global data governance and privacy regulations for years to come. This treaty aims to create a more solid framework for data protection to keep pace with the digital world, and to extend beyond Europe’s borders. The esteemed speakers of this panel will present Convention 108+ in the context of striking a balance...