After a two-year gap in the date, the Data Privacy Day 2025 returns on the exact day of the Data Protection Day which is held every year on 28 January. The Data Privacy Day 2025 will take place on Tuesday 28 January 2025, from 09.30 in Esch-Belval.

New in 2025! Data Privacy is now a one-day event with additional conference sessions.

Data Privacy Day 2025 is organised as a hybrid event. You can attend the event live or remotely.

The theme for the 2025 event is ‘Riding the waves of new data protection challenge’

Conference sessions

As of 17 January 2025

09.00 – On site registration

09.15 – Opening of the online event

09.30 – OPENING SPEECH – ‘The GDPR 6 years in – where do we stand?’

by Olivier Micol, DG JUST, European Commission

10.00 – ‘Risk management in privacy: a share perspective of DPO & CISO of the University of Luxembourg

by Laurent Weber, Chief Information Security Officer, and Sandrine Munoz, Data Protection Officer, University of Luxembourg

Read about the session summary

We will discuss the collaboration between the Data Protection Officer (DPO) and the Chief Information Security Officer (CISO) of the University of Luxembourg to illustrate how we handle this in our daily work. This will be highlighted with various examples of our joint efforts for the greater good. Additionally, we will provide a detailed look at how we manage risks together.

10.30 – ‘Responsible digital transformation and innovation: An overview of the tools made available by the CNPD’

by Jérôme Commodi, Legal Counsel and Project Manager, National Commission for Data Protection

Read about the session summary

The CNPD will present the six tools designed during these last 20 months to meet the diverse needs of controllers and processors, ranging from start-ups and small businesses to large organizations, and cover various aspects of GDPR compliance. These six essential tools are helping and will continue to help SMEs and individuals navigate the complex data protection landscape.

11.00 – Coffee Break

11.30 – ‘Privacy and the promotion of access to data under the EU Data Act’

by Mickaël Tome, Partner, Togouna & Tome Avocats

Read about the session summary

The EU Data Act is a pivotal regulation which aims to harmonise rules on access, use and sharing of data generated from a broad range of products and services, including connected objects (“IoT”). It builds on the rules of the General Data Protection Regulation (GDPR), but their objectives differ and they complement each other. Mickaël Tome will present key points of the EU Data Act (and their impact on Luxembourgish and European businesses) and discuss some aspects of the interplay between this new legal framework and GDPR rules.

12.00 – ‘Être DPO dans un établissement d’enseignement supérieur français’

by Guillaume Pourquié, Membre du Conseil de SupDPO and Jean-Luc Tessier, DPO Université de Lille, SupDPO

Read about the session summary (in French)

Présentation de la manière dont dès 2007, dans les Universités et Grandes Ecoles en France, les correspondants informatique et libertés, devenus délégués à la protection des données (DPD) en 2018, se sont organisés pour partager et co-construire des réflexions, des recommandations communes.
Les DPD de l’Enseignement Supérieur et de la Recherche bénéficient de cet espace collaboratif pour les aider se positionner, et fédérer les différents acteurs de leurs établissements respectifs.

12.30 – Lunch Break

14.00 – ‘Ensuring Compliance: Data Protection Laws and Risk Assessment in Research’

by Francesco Vigna, Data Protection Officer, Luxembourg National Data Service

Read about the session summary

Risk assessment is a crucial aspect of data protection law compliance. It involves evaluating the potential risks that the processing of personal data may pose to the rights and freedoms of data subjects. This process includes identifying and analyzing the likelihood and impact of various risks and, consequently, selecting appropriate measures to mitigate these risks. The GDPR, along with other regulatory frameworks, makes risk assessment essential for achieving and demonstrating compliance.

14.30 – ‘Ethical AI and evolution’

by Michael Hofmann, President of APDL, and Shariq Arif, APDL Board member, Association pour la Protection des Données au Luxembourg (APDL)

Read about the session summary

The session is addressed to Data Protection and Cyber professionals and includes selected day to day AI challenges for DPO’s and CISO’s and next steps.

15.00 – End

Exhibition (only for live participants)

As of 14 January 2025

In parallel to the conference, the event includes an exhibition area. This area can only be accessed by attendees physically joining the event.

  • Association pour la Protection des Données au Luxembourg (APDL)’ – Luxembourg Data Protection Association activities (Learn about the collaboration of APDL with other professional organisations within Luxembourg and Europe).
  • BEE SECURE‘ – Awareness raising on cybersecurity basics.
  • Digital Learning Hub / 42 Luxembourg‘ – Professional trainings in cybersecurity offered by the Digital Learning Hub & 42 Luxembourg.
  • The European Commission‘.