Patricia DEL CARMEN is a Franco-Salvadorean Lawyer in Digital Law, CIPP/E certified and a Computational Linguistic Engineer, experienced in data protection, data privacy and cybersecurity.
After having worked for more than 30 years with global business leaders in their sector (LVMH, Sephora, American Express, Axa, Alstom, Merck…) as a senior manager of complex digital projects for which Data security and protection were crucial, Patricia decided to create her own consulting firm, Smart Privacy Consulting, and become an external DPO to help NGOs, public bodies and private companies to optimize the knowledge and quality of their data, to ensure the compliance and security of their information assets and to increase the trust of their internal and external customers and the regional and local citizens.
Pragmatism, a good understanding of the business challenges of data protection and security as well as a long successful experience in change management, data governance and staff training and awareness of data protection and cybersecurity issues are the values that characterize her DPO role.
Patricia has organized panel discussions at the Sorbonne about “The role of the DPO in public and private organizations”. She has lectured at Telecom Business School in Paris and at the University of Lima, Peru about “International transfers of Personal Data”, "Data Protection, a Further Step Towards Transparency and Respect for Human Rights" and about “GDPR and Cybersecurity”. She is engaged in various teachings and research assignments related to Data Protection, cybersecurity and Artificial Intelligence at the Master in Digital Law at the Sorbonne in Paris.
A former member of the Board of the European Association of Data Privacy Professionals (EADPP), she is currently a member of the Board of the European Data Compliance Network (EUDC), a network open to all the Compliance Professionals which share the European values in data governance, risk management and compliance in Digital matters. EUDCN and Patricia think that a DPO always needs to be aware of the evolution and development of the technology and law and that international cooperation is really important.
Sessions in which Patricia Del Carmen participates
lunes 10 junio, 2024
Introduction In this session, the panel explores the opportunities and challenges of fostering cooperation among DPO federations across Europe and beyond. By connecting expertise, resources, and networks, these federations play a crucial role in promoting best practices, facilitating knowledge, and advocating for strong data protection frameworks on a global scale.
Sessions in which Patricia Del Carmen attends
lunes 10 junio, 2024
This rich introduction to the Privacy and Democracy track represents a compelling journey into the heart of democratic values and individual privacy rights, featuring high-level speakers from the Italian Institute for Privacy and Data Valorisation and the European Centre for Certification and Privacy.
Introduction The constant and rapid evolution of the digital landscape directly influences the roles and responsibilities of professionals tasked with safeguarding data privacy and ensuring regulatory compliance. This is especially highlighted by recent EU legislations, such as the Digital Services Act, Digital Markets Act, Data Act, Data Governance Act, together with European Data Sp...
Introduction The new wave of European regulations is directly impacting and redefining the role of the DPOs. In parallel, new standards are emerging to specify the qualification requirements of DPO and data protection professionals. Whether you are a DPO or a data compliance professional seeking to enhance your experience, or an organization aiming to strengthen your data protection s...
Introduction In this session, the panel explores the opportunities and challenges of fostering cooperation among DPO federations across Europe and beyond. By connecting expertise, resources, and networks, these federations play a crucial role in promoting best practices, facilitating knowledge, and advocating for strong data protection frameworks on a global scale.
The foundation of GDPR compliance lies in clearly defined legal bases for the processing of personal data. While the appropriate application of Article 6 and 9 of the GDPR to standard processing activities is sometimes already difficult, these challenges vastly increase when applied to AI training. The complex data processing activities involved therein, as well as the concrete personal data that is collected and used, turn GDPR-com...
Introduction While data protection regulations are adopted by a growing number of countries, there are some divergences in their adoption. Some jurisdictions also question the universal nature of the rig...
The adequacy requirement plays a significant role in EU data protection law. The third country must provide adequate data protection to make personal data transfer free, i.e., treat the transfer as if it happens within the EU. A third country must pass the assessment conducted by the European Commission to do so. The doctrine describes the assessment as not transparent enough and influenced by the political background. There are few...
Introduction As Europe continues to strengthen its cybersecurity framework in response to evolving threats and challenges, understanding the intricacies of this legislative landscape is essential for org...
Introduction This session will wrap up the track on making data secure, by sharing perspectives on priority strategies to address cybersecurity challenges. Key questions and objectives What is the main takeaway on making data secure?How...
Introduction This Welcome Reception invites you to discover the Privacy MelodIA: An original musical composition on data protection, performed in an outstanding setting and surrounded by the largest collection of Tintoretto’s paintings.
martes 11 junio, 2024
The International Cooperation track serves as platform for dialogue, exchange, and collaboration, where we get to explore innovative solutions and build meaningful partnerships beyond borders and across various disciplines. This session offers an introductory discussion that brings together an esteemed panel of high-level speakers and experts, such as the Italian Minister of Justice, US Federal Trade Commissioner, Pr...
Introduction Most companies perceive compliance with data protection regulations as a source of costs. This session will explore a new perspective: how to turn compliance into a source of economic and financial value creation, and how to move from cost to investment perspective. This session also focuses on the relationship between compliance efforts and their financial and economic e...
Introduction This session provides an in-depth analysis of the recent evolution and current status of cross-Atlantic data protection collaboration and convergence. It will discuss the challenges and opportunities for both regions to overcome their differences and develop common frameworks. The panel will consider the common interests and interdependencies of the two regions and their ...
Introduction We live in a world defined by unprecedented data flows and digital interconnectedness, which means that protecting personal information across borders has become a pressing concern. This session focuses on the progress in terms of multilateral data protection, with a focus on three major international organizations: the Council of Europe, the OECD, and the UN. ...
Introduction This session will analyze the policies, initiatives, and collaborative efforts undertaken by G7 member countries to establish solid frameworks that prioritize individuals’ privacy rights, while maintaining innovation and economic growth. The attendees will explore the challenges, responsibilities, opportunities, and aspirations in building a world where privacy and data r...
Introduction The panel of this session will examine the dynamic interplay among various European Data Regulations, including the Digital Markets Act (DMA), Digital Services Act (DSA), Data Act (DA), Artificial Intelligence Act (AIA), and Market in Crypto-assets Regulation (MICA). It will also focus on unraveling the complexities surrounding these regulations and offer insights into ov...
Introduction Through insightful discussions and comparative analyses, speakers in this session explore the dynamic landscape of data protection regulations and practices at regional levels. They will also discuss various regional perspectives, from Asia-Pacific to Africa and Latin America, as well as present a comprehensive view on ongoing regional evolutions, commonalities, and disti...
Introduction There has been an emerging innovative approach to marketing in the digital realm that utilizes the concept of privacy by design. In this session, attendees will discover this approach, especially regarding online marketing that prioritizes user privacy from the outset. From data minimization to transparent consent mechanisms, the speakers will unveil strategies for buildi...
In 2022 and 2023, the EU Agency for Fundamental Rights (FRA) conducted 70 interviews with heads and staff members of the EU-27 national Data Protection Authorities. Through these interviews, FRA collected experiences, challenges and good practices when it comes to enforcing the GDPR. In this report, FRA 1. identifies common trends and difficulties across Member States, 2. showcases how difficulties can practically harm the effective implementation of DPAs’ mandate, and 3. presents close to 40...
Introduction The EU GDPR entered into force on 24 May 2016 and is applicable since 25 May 2018. It had a worldwide impact and triggered the adoption of many similar regulations across the world. This session will explore the lessons learned. What has been successful and what could be considered for future regulatory evolution? Join top-level authorities and experts for an insightful e...
miércoles 12 junio, 2024
Introduction In this session, discover how international cooperation and mutual assistance are reshaping the landscape of privacy regulation in order to uphold digital rights and combat global privacy threats. Experts on the panel will uncover the mechanisms, limits, and triumphs of collaborative privacy enforcement cooperation efforts, paving the way for a safer digital future. ...
Introduction The EU GDPR makes over 70 references to certification, and its Article 42 sets the basis for a European Data Protection Seal. In October 2022, the European Data Protection Board approved the Europrivacy criteria to serve as European Data Protection Seal. In March this year, European Accreditation validated the accreditation of Europrivacy at European level in line with Ar...
Introduction Concerns over data privacy and market concentration have intensified over time, which makes regulatory compliance more extensive to encompass competition policy and privacy protection. This session will explore key EU legal principles related to PET, examining how practices such as user profiling, tracking, and targeted a...
Introduction Biometric data is increasingly used for medical diagnosis, public safety, and home access controls. In the ever-evolving world of data protection and privacy, biometric data compliance and ethics stand at the forefront of the discussion. From fingerprint scans to facial recognition, it represents a unique set of opportunities and risks. This session explores the ethi...
Introduction This session sheds light on the relationship between digital currencies and data protection, focusing particularly on the compliance challenges and opportunities that could emerge. Attendees will find out how these digital currencies continue to shape the financial world, and will gain insights into the unique data protection considerations associated with digital currenc...
Introduction The number of compliance regulatory frameworks is getting higher and higher, which can often feel like navigating a maze of rules and requirements. However, compliance sandboxes offer opportunities for innovation to stay ahead of the curve. This session explains the concept of compliance sandboxes, which is a controlled environment where regulators and industry experts co...
Introduction Data protection and international trade are increasingly interleaved. The traditional doctrine consisted in dissociating the two topics. However, current WTO negotiations on electronic services highlight inherent connections and interdependencies between trade and data protection. The panel will explore how trade agreements and policies intersect with data protection fram...
The transfer of data across borders is essential to the functioning of the cross-border payments system. Market participants are subject to a range of laws, rules and regulatory requirements as well as technical data standards (“data frameworks”) that relate to transfer of data across borders. Enhancing the interaction between data frameworks and cross-border payments is a priority action to move forward the G20 Roadmap for Enhancing Cross-Border Payments, which aims to address th...
Introduction While several mechanisms exist to support international data transfers, certification is characterized by a higher level of trustability. Contrary to SCCs, for instance, a certification relies on effective third-party audit and validation by qualified experts. It ensures that data is effectively adequately handled without having to cross borders. This session will discuss...
Introduction With the proliferation of artificial intelligence technologies, challenges are inevitable to ensure that data practices comply with evolving legal requirements while utilizing the potential of AI innovation to the maximum capacity. With this session, the speakers will explore the integration of AI legal frameworks into data protection compliance programs.
Introduction This session will discuss the interplay between data protection and economic development. It will try to move beyond position statements, to explore the facts and evidence of such interplay and potential trade-off. Is privacy limiting or accelerating economic development? What are the risks and economic impact on countries that do not provide high-level standards for...
Introduction In this compelling session, the speakers will explore the complexities surrounding the management of personal data belonging to moving people, such as migrants, travelers, and patients. Just like individuals cross borders, their personal data moves with them, raising significant challenges and opportunities for data protection. The speakers will focus on the multifaceted ...
Introduction As cities worldwide embrace innovative technologies to enhance sustainability and quality of life, it is important to include data protection principles in the fabric of urban development. In this session, high-level speakers will shed light on how smart cities and public administrations ensure data protection by design. They will also share lessons learned and good pract...
jueves 13 junio, 2024
Introduction This session will present views on the risks and opportunities associated with artificial intelligence, by giving the floor to senior experts and authorities from the European Data Protection Supervisor (EDPS), European Parliament, Commission nationale de l'informatique et des libe...
Introduction With the Digital Markets Act (DMA) shaping the rules governing online platforms, businesses must adapt to new compliance requirements in this evolving regulatory environment. This session offers a deep dive into the DMA’s provision, their potential impact, and strategies for ensuring compliance in a rapidly changing regulatory world.
Introduction With the adoption of AI-related regulations, this session focuses on the critical imperative of making AI trustable, transparent, understandable, and accountable, as it continues to be integrated in various aspects of society. The speakers will explore strategies and practices for achieving these goals, by empowering organizations and professionals to benefit from the ful...
Introduction This comprehensive session presents the transformative potential of the Data Governance Act, Data Act, and Digital Services Act in shaping the future of digital governance. As the European Union seeks to establish a solid regulatory framework to govern data sharing and digital services, understanding the risks and opportunities presented by these legislative initiatives i...
Introduction All democratic regimes recognize both the need to protect fundamental rights of its citizens, while ensuring that authorities can enforce law and protect their citizens against threats, such as terrorist attacks. There is an increasing awareness of the need to balance public interest and fundamental rights. How do government agencies in democratic countries ensure the rig...
Introduction From the GDPR to the ePrivacy Directive and beyond, Europe has established a comprehensive regulatory framework for data processing, some of which have their own implementation scheme with dedicated bodies. This session will discuss data regulations interplay and oversight in practice. Key questions and objectives...
Introduction Artificial intelligence ingests existing data to generate new data. AI technologies continue to revolutionize industries, but questions surrounding the ownership of data and the protection of intellectual property have become increasingly complex. In this session, the speakers will explore the intersection of artificial intelligence, data ownership, and intellectual prope...
Introduction Generative AI drives innovation in various sectors, but compliance with the GDPR presents both future challenges and future opportunities. In this session, the speakers will analyze the relationship between generative AI and the GDPR, in addition to presenting pathways for using generative AI while highlighting best practices, legal considerations, and ethical application...
Introduction This session will discuss the impact of artificial intelligence on safety and security. What are the new threats to be addressed? In parallel, it will also discuss how to make AI safe and secure by design. Speakers in this session will explore the latest advancements, challenges, and strategies to address security and safety.
IntroductionImagine this: A multinational company grappling with an unexpected ransomware attack. Stakeholders are on edge, the clock is ticking, and swift decisions are paramount. This isn't just a test of your expertise, but also a measure of how well you can handle pressure, make crucial decisions with your team, and lead during chaos.Key Questions and objectivesThis is a unique dive into a cyber crisis scenario mirroring the comple...
While users value personalization, they also want brands and platforms to be responsible and transparent about data practices. Privacy-enhancing technologies will be critical to maintaining user expectations regarding both privacy and utility of digital marketing. Trusted execution environments (TEEs) are a form of PET often used to protect sensitive information such as passwords and credit card numbers. They can also be used to improve data privacy while still providing utility, by allowing ...
Introduction Over the years, the decisions of the Court of Justice of the EU have played a significant role in shaping the legal framework for privacy rights within the European Union and beyond. From landmark rulings on data protection to the interpretation of fundamental rights, the speakers will explore the interplay between judicial decisions and the evolution of data protection a...
IntroductionData breaches constitute a significant risk for all companies. Based on the previous session, which involved running a data breach simulation, legal, cybersecurity and crisis communication experts will engage in a discussion with participants about their experiences in the simulation. The aim of this discussion is to share examples, best practices and insights for preventing and handling data breaches. The prevalence of sophisticated cyber threats in organ...
Introduction This session is designed to reflect on the key insights that have been discussed in the collective exploration of artificial intelligence. To conclude, speakers will talk about the most crucial learnings, trends, and actionable steps, in addition to valuable reflections to inform future endeavors in the realm of AI.
viernes 14 junio, 2024
Introduction This deep dive-in session will focus on how to ensure compliance with emerging artificial intelligence regulations, such as the AI Act, in light of AI technologies raising several complex compliance challenges for organizations and professionals across industries. The speakers of this session will explore strategies for navigating these challenges and establishing solid c...
Introduction In recent years, data protection certification has emerged as a new mechanism for demonstrating compliance with the regulation. The European Data Protection Seal under Art. 42 GDPR has recently been unlocked in Europe, and other jurisdictions are adopting similar regulations. This session will review and discuss lessons learned from privacy and data protection certificati...
This workshop is designed to practice the conformity assessment procedure of AI systems in accordance with the emerging AI Act. The workshop is structured to provide theoretical knowledge and hands-on experience, focusing on the Act's obligations and requirements concerning intended use, data governance, transparency, and the technical and organizational measures implemented to ensure compliance.Workshop Activities:Introduction to the AI Act: The facilitators present...
Introduction This deep dive-in session will focus on how to make marketing privacy compliant by design. Industry experts of this session will share good practices and guidance for making marketing activities compliant. From navigating GDPR and other privacy regulations to implementing data protection measures, attendees will equip marketing professionals with the knowledge and tools n...
Introduction Following last year's discussion, this session will discuss and explore the possibility to support convergence and interoperability in the field of data protection certification between three major international data protection normative frameworks: Convention 108+ of the Council of Europe, the EU GDPR, and the Global CBPR Forum. It will also explore and discuss different...