Conference themes
- AI and RGPD compliance, with a focus on the AI Act, automation and model governance ;
- The NIS2 directive and cyber resilience issues, including obligations, supervision and DPO-RSSI articulation; ;
- Data protection in the cloud and hybrid environments, particularly in terms of sovereignty and third-party risk management; ;
- International transfers in the post-Schrems II context ;
- The governance and enhancement of data in data strategies; ;
- Data protection awareness and culture within organizations.
Click on each program box to unfold its content and view conference information.
A warm welcome! Our team will welcome you, provide you with a badge and start the day with a cup of coffee.
Digital Omnibus, RGPD & AI: how are our practices changing?
In his talk, he outlines the planned changes to the AI Act and the RGPD as part of the Digital Omnibus project, the positions expressed by the European Committee and the European Data Protection Supervisor, as well as potential changes to our professional practices and how AI issues could be incorporated into a revised version of the RGPD.
Tomorrow's DPO: a key player in global compliance
The conference will highlight the benefits of a DPO fully integrated into data governance: better risk anticipation, stronger strategic steering and simplified compliance.
From RGPD to Cybersecurity: how the DPO becomes a key player in digital resilience?
Today, the RGPD is the foundation stone for securing personal data and, more broadly, information systems, naturally positioning the DPO at the heart of digital resilience issues.
In a context where attacks on information systems are multiplying, notably due to the rise in cyber-attacks, the DPO is called upon to go beyond mere compliance by integrating a genuine risk anticipation and management approach.
Thanks to its cross-functional vision and its role as an interface between the various professions, it is becoming a key strategic player in the digital resilience of organizations.
Beyond RGPD training: structuring sustainable awareness to reinforce compliance
Many organizations have deployed RGPD training courses. Yet incidents linked to digital usage and human error persist. Training transmits knowledge, while awareness-raising instills reflexes and sustainable behavior. In a context of generative AI and digital acceleration, awareness is becoming a structuring lever for compliance and risk management. Feedback and practical suggestions for DPOs wishing to enhance the effectiveness of their approach.
Law and digital health: catch me if you can!
Technology is transforming practices faster than legislators are legislating. In this context, DPOs and CISOs find themselves navigating a fragmented normative space, between RGPD, AI Act, NIS 2, medical device regulation and clinical research law. This talk introduces two emerging concepts: that of digital body - the informational projection of the patient in digital systems, today without a stabilized legal status - and that of’legal and regulatory interoperability, an approach aimed at rethinking the articulation between standards and healthcare information systems. It will also look at possible solutions, including AI-assisted governance, and invite participants to contribute to a white paper currently being drafted on these issues.
This round table, moderated by Matthieu Camus, brings together the key players: Romain Bidault from Dastra, Valentin Sénéchal d’EQS and the data law researcher Anisse Chagraoui to explore the intersecting issues of the NIS2 directive, the RGPD and artificial intelligence. Over the course of an hour, speakers will analyze how to reconcile regulatory requirements and innovation dynamics, highlighting best practices, operational challenges and strategic opportunities for organizations.
The public will also have the opportunity to ask questions and talk directly to the experts!
Matthieu Camus is an expert in data, cybersecurity and artificial intelligence risk management.
After a first decade devoted to the development of AI algorithms, since 2012 he has been working with his company Privacy Impact to support organizations in setting up secure frameworks that reconcile innovation and the protection of fundamental freedoms.
At this year's event, he will be giving the keynote address and moderating the round table.
Romain Bidault is co-founder of Dastra, the French SaaS platform dedicated to personal data governance and regulatory compliance, designed for DPOs and compliance teams. He also holds the role of Sales Director within the company, where he draws on his extensive experience in SaaS technologies, data and organizational support. Alongside his co-founders, including Jérôme de Mercey, a former CNIL official, Romain is helping to move RGPD compliance towards a more operational approach, geared towards cross-functional collaboration and strategic steering. His data-centric vision aims to simplify and make compliance accessible for companies, while enhancing the role of the DPO as a central player in data governance.
Céline Gallay is a lawyer specializing in personal data protection and digital ethics. She holds a Master 2 in Law from the University of Lyon II, is certified by the CNIL and the IAPP, and in 2025 obtained a Digital Ethics Officer certification from EDHEC.
After more than ten years' experience as a corporate lawyer, she founded Phenix Privacy, a firm dedicated to RGPD compliance and data governance. As Managing Director, she oversees operations there and ensures the quality of the services offered.
Her expertise lies at the crossroads of law, compliance and digital ethics, with a focus on current data protection issues.
Natacha Bialek-Djeghdali is a partner at implid Avocats, where she heads the IT-IP department, dedicated to digital law. At this DPO Forum she will be representing AFCDP.
Specializing in personal data law, IT law, digital law and intellectual property, she assists organizations with the legal issues linked to technologies and the use of data.
She also acts as Data Protection Officer (DPO), reinforcing her expertise in compliance and data governance.
Valentin Sénéchal is a recognized expert in data protection. For seven years, he worked as Data Protection Officer (DPO) for a public digital services operator, where he designed and deployed an outsourced DPO service. This service supported more than 1,900 public-sector organizations - from small communes to large conurbations, including medico-social establishments and health centers.
Today Privacy Consultant at EQS Group, Valentin puts his expertise at the service of pragmatic, structured compliance. He strives to produce comprehensive documentation, designed to offer his customers agility and responsiveness. His proactive approach aims to equip data controllers with processes adapted to their realities on the ground.
Anisse Chagraoui is a lawyer specialized in digital law and DPO. He is also an academic researcher in data law and AI in healthcare at Université Paris-Dauphine PSL, and is finalizing a thesis entitled «Digital bodies: an essay on a new legal object», whose work was published in the law review Third (Parallel Lawyers, November 2025).
He presented his research in March 2025 at the international scientific workshop InnovaHeart - Digital Twin of the Heart (Future4Care, Paris), alongside Inria, Charité Berlin, Dassault Systèmes and Boehringer-Ingelheim. He is also founder of the consulting firm Health DPOs and NELSE, deeptech a French company accredited by the BPI, specializing in the legal and regulatory security of digital healthcare applications.