Security of Personal Data Processing Event - 8th October - Athens (Greece)


One of the core obligations for all businesses, including SMEs, acting either as data controllers or data processors, in GDPR is that of the security of personal data. In particular, according to GDPR security equally covers confidentiality, integrity and availability and should be considered following a risk-based approach: the higher the risk, the more rigorous the measures that the controller or the processor needs to take (in order to manage the risk).

The workshop is part of's Annual event and is coorganised with ENISA. It is organized within the context of relevant ENISA’s work in 2016 and 2017, especially targeting SMEs (where we collaborated with experts from Italian and Greek DPAs) and as a follow up on the event organized on February 8, 2018 in Rome. speakers include Paolo Balboni, Founder, ICT Legal Consulting and Sebastiano Tofaletti, Secretary General, Digital SME Alliance.

9:30 - 9:45

Welcome Messages

 A. Mitrakas (ENISA)

 K. Menoudakos (HDPA)

9:45 - 11:00

 Panel Session I

SMEs preparation for GDPR


Chair:  V. Zorkadis (HDPA)


S. Toffaletti (European DIGITAL SME Alliance,

P. Balboni (ICT Legal Consulting,

A. Oikonomopoulos (Skroutz S.A.)           

11:00 - 11:30

Coffee break


11:30 - 12:45

 Panel Session II

Security measures for SMEs

Chair: C. Lambrinoudakis (UniPi)


G. Panagopoulou (HDPA)

G. D’ Acquisto (Garante)

F. Guasconi (European DIGITAL SME Alliance, SBS)

P. Drogkaris (ENISA)

12:45 - 13:45

Lunch break


13:45 -15:00 


Panel Session III

Personal data breaches - what an SME should know/do


Chair: D. Kampouraki (EDPS)


P. Van Eecke (DLA Piper)

K. Limniotis (HDPA)

K. Panagos (Vodafone)

G. Patsis (Obrela)

15:00 - 15:30

Coffee break


15:30 - 16:45


Panel Session IV

Data protection by design for SMEs


Chair: G. Yannopoulos (UoA)


A, Bourka (ENISA)

K. Limniotis (HDPA)

V. Verykios (EAP)

Y. Kotsis-Giannarakis (HAMAC)

16:45 - 17:00

Closing remarks



A Holistic framework: Business Process Re-engineering and functional toolkit for GDPR compliance

BPR4GDPR is one of the GDPR cluster projects that will provide a holistic framework able to support end-to-end GDPR-compliant intra- and interorganisational ICT-enabled processes at various scales, while also being generic enough, fulfilling operational requirements covering diverse application domains. Read this to find out more.

Future Events

IAM Online Europe live webinar - AARC Extensions to the REFEDS Assurance Framework

AARC is holding a live webinar on 27 June 2019 at 15:00 CEST, that will explain extensions to the REFEDS Assurance Framework and implementations that were devised in the AARC project.

Representation of the State of Hessen to the EU
04/07/2019 to 05/07/2019

Project CyberSec4Europe (Cyber Security for Europe) is holding it next event - "Representation of the State of Hessen to the EU" in Brussels, Belgium on 4-5 July 2019. 

Other three pilots are invited during CyberSec4Europe meetings.