Lexing Conference 2017, MilanThe Lexing® network members held on June 15th 2017 their 6th annual conference  in Milan (Italy).Preceding their annual general meeting, the members took part to the conference dedicated to the General Data Protection Regulation (GDPR).

This was the opportunity to review the stakes of the GDPR, less than a year from its entering into application, as it will drastically change the whole digital world and impact directly on any public or private organisation, independently from it being EU-based or not (1).

The network members, representing almost all of the network’s countries, used that forum to each give a unique insight into the challenges and opportunities raised by the GDPR based on the specificities of their respective country.

They had the honour to share their views with special guests and speakers invited to attend the conference: Mr Giovanni Buttarelli, European Data Protection Supervisor, Mr Francesco Cajani, Procuratore della Repubblica (Milan), Mr Fabio Rastrelli, Chief Compliance Officer, Banca Intesa (Milan), Mr Alberto Caselli, Garante Privacy (Rome), Mr Roberto De Simone, Legal Adviser at SKY Italy and Mr Marc Mossé Director of Legal and Public Affairs at Microsoft at Microsoft.

Discussions were mainly focused on the following topics: the new “privacy by design” requirements, the principle of “accountability” and the sanctions incurred for non-compliance , data transfers issues in an open world, and the new key role of the DPO (data protection officer).

Lexing conference 2017, Milan (Italy)The next Lexing annual conference, which will take place in Paris (France) in June 2018, will be the opportunity to make a first assessment of the GDPR’s deployment, just a few weeks after itsentering into application.


(1) The GDPR applies not only to controllers and processors established in the EU, but also to those not established in the EU, where their processing activities are related to the offering of goods or services to EU residents or the monitoring of their behaviour. In practice, EU law will therefore apply whenever a European resident is directly targeted by the processing of data, including via the Internet.