Skip to main page content

Patricia Del Carmen

Board Member
EUDC
Participates in 1 Session

Patricia DEL CARMEN is a Franco-Salvadorean Lawyer in Digital Law, CIPP/E certified and a Computational Linguistic Engineer, experienced in data protection, data privacy and cybersecurity. 

After having worked for more than 30 years with global business leaders in their sector (LVMH, Sephora, American Express, Axa, Alstom, Merck…) as a senior manager of complex digital projects  for which Data security and protection were crucial, Patricia decided to create her own consulting firm, Smart Privacy Consulting, and become an external DPO to help NGOs, public bodies and private companies to optimize the knowledge and quality of their data, to ensure the compliance and security of their information assets and to increase the trust of their internal and external customers and the regional and local citizens. 

Pragmatism, a good understanding of the business challenges of data protection and security as well as a long successful experience in change management, data governance and staff training and awareness of data protection and cybersecurity issues are the values that characterize her DPO role. 

Patricia has organized panel discussions at the Sorbonne about “The role of the DPO in public and private organizations”. She has lectured at Telecom Business School in Paris and at the University of Lima, Peru about “International transfers of Personal Data”, "Data Protection, a Further Step Towards Transparency and Respect for Human Rights" and about “GDPR and Cybersecurity”. She is engaged in various teachings and research assignments related to Data Protection, cybersecurity and Artificial Intelligence at the Master in Digital Law at the Sorbonne in Paris. 

A former member of the Board of the European Association of Data Privacy Professionals (EADPP), she is currently a member of the Board of the European Data Compliance Network (EUDC), a network open to all the Compliance Professionals which share the European values in data governance, risk management and compliance in Digital matters. EUDCN and Patricia think that a DPO always needs to be aware of the evolution and development of the technology and law and that  international cooperation is really important. 

Sessions in which Patricia Del Carmen participates

lunes 10 junio, 2024

Zona horaria: (GMT+01:00) Rome
12:00 PM
12:00 PM - 1:00 PM | 1 hour
DPO Cooperation

Introduction In this session, the panel explores the opportunities and challenges of fostering cooperation among DPO federations across Europe and beyond. By connecting expertise, resources, and networks, these federations play a crucial role in promoting best practices, facilitating knowledge, and advocating for strong data protection frameworks on a global scale.  

Sessions in which Patricia Del Carmen attends

lunes 10 junio, 2024

Zona horaria: (GMT+01:00) Rome
8:00 AM
8:00 AM - 9:00 AM | 1 hour
9:00 AM
9:00 AM - 9:30 AM | 30 minutos
Privacy and Democracy

This rich introduction to the Privacy and Democracy track represents a compelling journey into the heart of democratic values and individual privacy rights, featuring high-level speakers from the Italian Institute for Privacy and Data Valorisation and the European Centre for Certification and Privacy. 

9:40 AM
9:40 AM - 10:30 AM | 50 minutos
DPO Cooperation

Introduction The constant and rapid evolution of the digital landscape directly influences the roles and responsibilities of professionals tasked with safeguarding data privacy and ensuring regulatory compliance. This is especially highlighted by recent EU legislations, such as the Digital Services Act, Digital Markets Act, Data Act, Data Governance Act, together with European Data Sp...

11:00 AM
11:00 AM - 12:00 PM | 1 hour
DPO Cooperation

Introduction The new wave of European regulations is directly impacting and redefining the role of the DPOs. In parallel, new standards are emerging to specify the qualification requirements of DPO and data protection professionals. Whether you are a DPO or a data compliance professional seeking to enhance your experience, or an organization aiming to strengthen your data protection s...

12:00 PM
12:00 PM - 1:00 PM | 1 hour
DPO Cooperation

Introduction In this session, the panel explores the opportunities and challenges of fostering cooperation among DPO federations across Europe and beyond. By connecting expertise, resources, and networks, these federations play a crucial role in promoting best practices, facilitating knowledge, and advocating for strong data protection frameworks on a global scale.  

12:00 PM - 12:30 PM | 30 minutos
Scientific Track

The foundation of GDPR compliance lies in clearly defined legal bases for the processing of personal data. While the appropriate application of Article 6 and 9 of the GDPR to standard processing activities is sometimes already difficult, these challenges vastly increase when applied to AI training. The complex data processing activities involved therein, as well as the concrete personal data that is collected and used, turn GDPR-com...

1:00 PM
1:00 PM - 2:00 PM | 1 hour
3:00 PM
3:00 PM - 4:00 PM | 1 hour
Privacy and Democracy
Fundamental rights

Introduction While data protection regulations are adopted by a growing number of countries, there are some divergences in their adoption. Some jurisdictions also question the universal nature of the rig...

3:30 PM
3:30 PM - 4:00 PM | 30 minutos
Scientific Track

The adequacy requirement plays a significant role in EU data protection law. The third country must provide adequate data protection to make personal data transfer free, i.e., treat the transfer as if it happens within the EU. A third country must pass the assessment conducted by the European Commission to do so. The doctrine describes the assessment as not transparent enough and influenced by the political background. There are few...

4:30 PM
4:30 PM - 5:30 PM | 1 hour
Making Data Secure
Cybersecurity

Introduction As Europe continues to strengthen its cybersecurity framework in response to evolving threats and challenges, understanding the intricacies of this legislative landscape is essential for org...

5:30 PM
5:30 PM - 6:00 PM | 30 minutos
Making Data Secure
Cybersecurity

Introduction This session will wrap up the track on making data secure, by sharing perspectives on priority strategies to address cybersecurity challenges.  Key questions and objectives What is the main takeaway on making data secure?How...

6:00 PM
6:00 PM - 7:00 PM | 1 hour
Privacy and Democracy
Fundamental rights

Introduction This Welcome Reception invites you to discover the Privacy MelodIA: An original musical composition on data protection, performed in an outstanding setting and surrounded by the largest collection of Tintoretto’s paintings. 

martes 11 junio, 2024

Zona horaria: (GMT+01:00) Rome
9:00 AM
9:00 AM - 10:30 AM | 1 hour 30 minutos
International Cooperation

The International Cooperation track serves as platform for dialogue, exchange, and collaboration, where we get to explore innovative solutions and build meaningful partnerships beyond borders and across various disciplines. This session offers an introductory discussion that brings together an esteemed panel of high-level speakers and experts, such as the Italian Minister of Justice, US Federal Trade Commissioner, Pr...

11:00 AM
11:00 AM - 12:00 PM | 1 hour
Socio-economic Perspective

Introduction Most companies perceive compliance with data protection regulations as a source of costs. This session will explore a new perspective: how to turn compliance into a source of economic and financial value creation, and how to move from cost to investment perspective. This session also focuses on the relationship between compliance efforts and their financial and economic e...

11:40 AM
11:40 AM - 12:20 PM | 40 minutos
International Cooperation

Introduction This session provides an in-depth analysis of the recent evolution and current status of cross-Atlantic data protection collaboration and convergence. It will discuss the challenges and opportunities for both regions to overcome their differences and develop common frameworks. The panel will consider the common interests and interdependencies of the two regions and their ...

12:20 PM
12:20 PM - 1:00 PM | 40 minutos
International Cooperation
Regulatory evolution

Introduction We live in a world defined by unprecedented data flows and digital interconnectedness, which means that protecting personal information across borders has become a pressing concern. This session focuses on the progress in terms of multilateral data protection, with a focus on three major international organizations: the Council of Europe, the OECD, and the UN.  ...

2:00 PM
2:00 PM - 2:45 PM | 45 minutos
International Cooperation

Introduction This session will analyze the policies, initiatives, and collaborative efforts undertaken by G7 member countries to establish solid frameworks that prioritize individuals’ privacy rights, while maintaining innovation and economic growth. The attendees will explore the challenges, responsibilities, opportunities, and aspirations in building a world where privacy and data r...

2:45 PM
2:45 PM - 3:30 PM | 45 minutos
International Cooperation
Regulatory evolution

Introduction The panel of this session will examine the dynamic interplay among various European Data Regulations, including the Digital Markets Act (DMA), Digital Services Act (DSA), Data Act (DA), Artificial Intelligence Act (AIA), and Market in Crypto-assets Regulation (MICA). It will also focus on unraveling the complexities surrounding these regulations and offer insights into ov...

4:00 PM
4:00 PM - 4:50 PM | 50 minutos
International Cooperation
Regulatory evolution

Introduction Through insightful discussions and comparative analyses, speakers in this session explore the dynamic landscape of data protection regulations and practices at regional levels. They will also discuss various regional perspectives, from Asia-Pacific to Africa and Latin America, as well as present a comprehensive view on ongoing regional evolutions, commonalities, and disti...

4:00 PM - 5:00 PM | 1 hour
Data Protection in Italy
Artificial IntelligenceSessions available in Italian
4:30 PM
4:30 PM - 5:15 PM | 45 minutos
Socio-economic Perspective

Introduction There has been an emerging innovative approach to marketing in the digital realm that utilizes the concept of privacy by design. In this session, attendees will discover this approach, especially regarding online marketing that prioritizes user privacy from the outset. From data minimization to transparent consent mechanisms, the speakers will unveil strategies for buildi...

4:50 PM
4:50 PM - 5:30 PM | 40 minutos
International Cooperation

In 2022 and 2023, the EU Agency for Fundamental Rights (FRA) conducted 70 interviews with heads and staff members of the EU-27 national Data Protection Authorities. Through these interviews, FRA collected experiences, challenges and good practices when it comes to enforcing the GDPR. In this report, FRA 1. identifies common trends and difficulties across Member States, 2. showcases how difficulties can practically harm the effective implementation of DPAs’ mandate, and 3. presents close to 40...

5:30 PM
5:30 PM - 6:00 PM | 30 minutos
International Cooperation

Introduction The EU GDPR entered into force on 24 May 2016 and is applicable since 25 May 2018. It had a worldwide impact and triggered the adoption of many similar regulations across the world. This session will explore the lessons learned. What has been successful and what could be considered for future regulatory evolution? Join top-level authorities and experts for an insightful e...

miércoles 12 junio, 2024

Zona horaria: (GMT+01:00) Rome
9:00 AM
9:00 AM - 10:00 AM | 1 hour
International Cooperation

Introduction In this session, discover how international cooperation and mutual assistance are reshaping the landscape of privacy regulation in order to uphold digital rights and combat global privacy threats. Experts on the panel will uncover the mechanisms, limits, and triumphs of collaborative privacy enforcement cooperation efforts, paving the way for a safer digital future. ...

9:00 AM - 10:00 AM | 1 hour
Data Protection in Italy
Socio-economic perspectiveSessions available in Italian
10:00 AM
10:00 AM - 10:30 AM | 30 minutos
International Cooperation

Introduction The EU GDPR makes over 70 references to certification, and its Article 42 sets the basis for a European Data Protection Seal. In October 2022, the European Data Protection Board approved the Europrivacy criteria to serve as European Data Protection Seal. In March this year, European Accreditation validated the accreditation of Europrivacy at European level in line with Ar...

11:40 AM
11:40 AM - 12:20 PM | 40 minutos
Data Protection in Practice
Socio-economic perspective

Introduction Concerns over data privacy and market concentration have intensified over time, which makes regulatory compliance more extensive to encompass competition policy and privacy protection. This session will explore key EU legal principles related to PET, examining how practices such as user profiling, tracking, and targeted a...

12:00 PM
12:00 PM - 1:00 PM | 1 hour
Technology and Compliance
Socio-economic perspectiveInnovative Technologies

Introduction Biometric data is increasingly used for medical diagnosis, public safety, and home access controls. In the ever-evolving world of data protection and privacy, biometric data compliance and ethics stand at the forefront of the discussion. From fingerprint scans to facial recognition, it represents a unique set of opportunities and risks. This session explores the ethi...

12:20 PM
12:20 PM - 1:00 PM | 40 minutos
Data Protection in Practice

Introduction This session sheds light on the relationship between digital currencies and data protection, focusing particularly on the compliance challenges and opportunities that could emerge. Attendees will find out how these digital currencies continue to shape the financial world, and will gain insights into the unique data protection considerations associated with digital currenc...

2:00 PM
2:00 PM - 3:00 PM | 1 hour
Data Protection in Practice

Introduction The number of compliance regulatory frameworks is getting higher and higher, which can often feel like navigating a maze of rules and requirements. However, compliance sandboxes offer opportunities for innovation to stay ahead of the curve. This session explains the concept of compliance sandboxes, which is a controlled environment where regulators and industry experts co...

2:00 PM - 2:40 PM | 40 minutos
International Cooperation

Introduction Data protection and international trade are increasingly interleaved. The traditional doctrine consisted in dissociating the two topics. However, current WTO negotiations on electronic services highlight inherent connections and interdependencies between trade and data protection. The panel will explore how trade agreements and policies intersect with data protection fram...

2:40 PM
2:40 PM - 3:20 PM | 40 minutos
International Cooperation

The transfer of data across borders is essential to the functioning of the cross-border payments system. Market participants are subject to a range of laws, rules and regulatory requirements as well as technical data standards (“data frameworks”) that relate to transfer of data across borders. Enhancing the interaction between data frameworks and cross-border payments is a priority action to move forward the G20 Roadmap for Enhancing Cross-Border Payments, which aims to address th...

3:20 PM
3:20 PM - 4:10 PM | 50 minutos
International Cooperation

Introduction While several mechanisms exist to support international data transfers, certification is characterized by a higher level of trustability. Contrary to SCCs, for instance, a certification relies on effective third-party audit and validation by qualified experts. It ensures that data is effectively adequately handled without having to cross borders. This session will discuss...

4:30 PM
4:30 PM - 5:15 PM | 45 minutos
Data Protection in Practice
Artificial Intelligence

Introduction With the proliferation of artificial intelligence technologies, challenges are inevitable to ensure that data practices comply with evolving legal requirements while utilizing the potential of AI innovation to the maximum capacity. With this session, the speakers will explore the integration of AI legal frameworks into data protection compliance programs. 

5:00 PM
5:00 PM - 6:00 PM | 1 hour
International Cooperation

Introduction This session will discuss the interplay between data protection and economic development. It will try to move beyond position statements, to explore the facts and evidence of such interplay and potential trade-off. Is privacy limiting or accelerating economic development? What are the risks and economic impact on countries that do not provide high-level standards for...

5:15 PM
5:15 PM - 6:00 PM | 45 minutos
Data Protection in Practice

Introduction In this compelling session, the speakers will explore the complexities surrounding the management of personal data belonging to moving people, such as migrants, travelers, and patients. Just like individuals cross borders, their personal data moves with them, raising significant challenges and opportunities for data protection. The speakers will focus on the multifaceted ...

5:15 PM - 6:00 PM | 45 minutos
Technology and Compliance
Innovative Technologies

Introduction As cities worldwide embrace innovative technologies to enhance sustainability and quality of life, it is important to include data protection principles in the fabric of urban development. In this session, high-level speakers will shed light on how smart cities and public administrations ensure data protection by design. They will also share lessons learned and good pract...

jueves 13 junio, 2024

Zona horaria: (GMT+01:00) Rome
9:00 AM
9:00 AM - 10:30 AM | 1 hour 30 minutos
AI and Compliance
Artificial Intelligence

Introduction This session will present views on the risks and opportunities associated with artificial intelligence, by giving the floor to senior experts and authorities from the European Data Protection Supervisor (EDPS), European Parliament, Commission nationale de l'informatique et des libe...

9:30 AM
9:30 AM - 10:30 AM | 1 hour
Data Protection in Practice

Introduction With the Digital Markets Act (DMA) shaping the rules governing online platforms, businesses must adapt to new compliance requirements in this evolving regulatory environment. This session offers a deep dive into the DMA’s provision, their potential impact, and strategies for ensuring compliance in a rapidly changing regulatory world.  

11:00 AM
11:00 AM - 11:40 AM | 40 minutos
AI and Compliance
Artificial Intelligence

Introduction With the adoption of AI-related regulations, this session focuses on the critical imperative of making AI trustable, transparent, understandable, and accountable, as it continues to be integrated in various aspects of society. The speakers will explore strategies and practices for achieving these goals, by empowering organizations and professionals to benefit from the ful...

11:00 AM - 11:45 AM | 45 minutos
Data Protection in Practice

Introduction This comprehensive session presents the transformative potential of the Data Governance Act, Data Act, and Digital Services Act in shaping the future of digital governance. As the European Union seeks to establish a solid regulatory framework to govern data sharing and digital services, understanding the risks and opportunities presented by these legislative initiatives i...

11:00 AM - 12:00 PM | 1 hour
Accountability, Trust and PET

Introduction All democratic regimes recognize both the need to protect fundamental rights of its citizens, while ensuring that authorities can enforce law and protect their citizens against threats, such as terrorist attacks. There is an increasing awareness of the need to balance public interest and fundamental rights. How do government agencies in democratic countries ensure the rig...

11:45 AM
11:45 AM - 1:00 PM | 1 hour 15 minutos
Data Protection in Practice

Introduction From the GDPR to the ePrivacy Directive and beyond, Europe has established a comprehensive regulatory framework for data processing, some of which have their own implementation scheme with dedicated bodies. This session will discuss data regulations interplay and oversight in practice. Key questions and objectives...

12:20 PM
12:20 PM - 1:00 PM | 40 minutos
AI and Compliance
Artificial Intelligence

Introduction Artificial intelligence ingests existing data to generate new data. AI technologies continue to revolutionize industries, but questions surrounding the ownership of data and the protection of intellectual property have become increasingly complex. In this session, the speakers will explore the intersection of artificial intelligence, data ownership, and intellectual prope...

2:00 PM
2:00 PM - 2:45 PM | 45 minutos
AI and Compliance
Artificial Intelligence

Introduction Generative AI drives innovation in various sectors, but compliance with the GDPR presents both future challenges and future opportunities. In this session, the speakers will analyze the relationship between generative AI and the GDPR, in addition to presenting pathways for using generative AI while highlighting best practices, legal considerations, and ethical application...

2:45 PM
2:45 PM - 3:30 PM | 45 minutos
AI and Compliance
Artificial Intelligence

Introduction This session will discuss the impact of artificial intelligence on safety and security. What are the new threats to be addressed? In parallel, it will also discuss how to make AI safe and secure by design. Speakers in this session will explore the latest advancements, challenges, and strategies to address security and safety.  

3:00 PM
3:00 PM - 5:00 PM | 2 hours
Deep Dive In
Capacity Building

IntroductionImagine this: A multinational company grappling with an unexpected ransomware attack. Stakeholders are on edge, the clock is ticking, and swift decisions are paramount. This isn't just a test of your expertise, but also a measure of how well you can handle pressure, make crucial decisions with your team, and lead during chaos.Key Questions and objectivesThis is a unique dive into a cyber crisis scenario mirroring the comple...

4:00 PM
4:00 PM - 5:30 PM | 1 hour 30 minutos
Deep Dive In
Capacity Building

While users value personalization, they also want brands and platforms to be responsible and transparent about data practices. Privacy-enhancing technologies will be critical to maintaining user expectations regarding both privacy and utility of digital marketing. Trusted execution environments (TEEs) are a form of PET often used to protect sensitive information such as passwords and credit card numbers. They can also be used to improve data privacy while still providing utility, by allowing ...

5:00 PM
5:00 PM - 6:00 PM | 1 hour
Data Protection in Practice

Introduction Over the years, the decisions of the Court of Justice of the EU have played a significant role in shaping the legal framework for privacy rights within the European Union and beyond. From landmark rulings on data protection to the interpretation of fundamental rights, the speakers will explore the interplay between judicial decisions and the evolution of data protection a...

5:15 PM
5:15 PM - 6:00 PM | 45 minutos
Deep Dive In
Capacity Building

IntroductionData breaches constitute a significant risk for all companies. Based on the previous session, which involved running a data breach simulation, legal, cybersecurity and crisis communication experts will engage in a discussion with participants about their experiences in the simulation. The aim of this discussion is to share examples, best practices and insights for preventing and handling data breaches. The prevalence of sophisticated cyber threats in organ...

5:30 PM
5:30 PM - 6:00 PM | 30 minutos
AI and Compliance
Artificial Intelligence

Introduction This session is designed to reflect on the key insights that have been discussed in the collective exploration of artificial intelligence. To conclude, speakers will talk about the most crucial learnings, trends, and actionable steps, in addition to valuable reflections to inform future endeavors in the realm of AI.  

viernes 14 junio, 2024

Zona horaria: (GMT+01:00) Rome
9:00 AM
9:00 AM - 10:00 AM | 1 hour
Deep Dive In
Artificial IntelligenceCapacity Building

Introduction This deep dive-in session will focus on how to ensure compliance with emerging artificial intelligence regulations, such as the AI Act, in light of AI technologies raising several complex compliance challenges for organizations and professionals across industries. The speakers of this session will explore strategies for navigating these challenges and establishing solid c...

9:00 AM - 10:00 AM | 1 hour
Data Protection Certification

Introduction In recent years, data protection certification has emerged as a new mechanism for demonstrating compliance with the regulation. The European Data Protection Seal under Art. 42 GDPR has recently been unlocked in Europe, and other jurisdictions are adopting similar regulations. This session will review and discuss lessons learned from privacy and data protection certificati...

10:00 AM
10:00 AM - 11:00 AM | 1 hour
Deep Dive In

This workshop is designed to practice the conformity assessment procedure of AI systems in accordance with the emerging AI Act. The workshop is structured to provide theoretical knowledge and hands-on experience, focusing on the Act's obligations and requirements concerning intended use, data governance, transparency, and the technical and organizational measures implemented to ensure compliance.Workshop Activities:Introduction to the AI Act: The facilitators present...

11:30 AM
11:30 AM - 1:00 PM | 1 hour 30 minutos
Deep Dive In
Capacity Building

Introduction This deep dive-in session will focus on how to make marketing privacy compliant by design. Industry experts of this session will share good practices and guidance for making marketing activities compliant. From navigating GDPR and other privacy regulations to implementing data protection measures, attendees will equip marketing professionals with the knowledge and tools n...

11:30 AM - 1:00 PM | 1 hour 30 minutos
Data Protection Certification

Introduction Following last year's discussion, this session will discuss and explore the possibility to support convergence and interoperability in the field of data protection certification between three major international data protection normative frameworks: Convention 108+ of the Council of Europe, the EU GDPR, and the Global CBPR Forum. It will also explore and discuss different...