Programme Toulouse 2025

Program Wednesday November 26

8:30 a.m. - 6:30 p.m.: Networking in our DPO pavilion

10h00 - 10h30: DPO Conference - Asklépian (Workshop 1)

10am-10.30pm: Asklépian

»Intrusion tests performed at 360° thanks to AI, to help all businesses combat security breaches»

Technical audit / penetration test: assess system security and suggest improvements.
Cybersecurity suitcase: makes comprehensive protection of systems against threats accessible.

11:30am - 12:15pm: AFCDP and CNIL Coffee-Debate on the AI Act (Workshop 1)

Feedback and debate on the uptake of AI ACT within organizations.

The entry into force of the IA ACT marks a key milestone for the regulation of artificial intelligence in Europe. This café-débate offers an opportunity to exchange views on the initial feedback from organizations faced with its implementation. What are the concrete obligations for public and private players? What are the operational and legal challenges involved in integrating these new requirements? This discussion will provide an opportunity to compare points of view and identify courses of action to support organizations in this regulatory transition.

With the participation of :

Jean-François Mangin, Data Protection Officer at La Région Occitanie, Elkind Damien, Doctor of Law - Public and digital rights lawyer, CNIL, Bertrand BOTREL, GDPR Groupe officer Quality, Compliance & Risk Department, Pierre Fabre.

Workshop area 1 - sponsored by ManageEngine

Program Thursday, November 27

9:00 am: Opening

9:30 - 10:00: Keynote by Brice Lepagnot - EY

«Employee data processing: between lawfulness of processing and prohibition of surveillance».»

Geolocation, video surveillance, access control... Workplace surveillance systems raise complex issues at the crossroads of labor law and data protection.

Where does the line lie between legitimate processing and disproportionate surveillance?
What should be done when an employee exercises his access rights in a dispute with his employer?

Brice Lepagnot- Segnor manager Lawyer EY Société d'avocats

10h00 - 10h30: DASTRA conference

Romain Bidault CSO & Founder dastra

«What data protection has taught us about AI governance».»

What data protection has NOT taught us
What data protection has taught us
Case in point: a DPIA-like LLM

10:30 am - 11:00 am: Cyblex-Consulting conference

Mathias JULIEN, Audit and Consulting Director at Cyblex Consulting

Title: «Generative AI and RGPD».»

The integration of generative AI meets strong challenges and suggests interesting opportunities for companies, but it comes with constraints and risks. European legislators are already looking into the interactions between AI and RGPD, and are preparing the associated regulatory adaptations. This conference takes stock of the situation on these subjects, recalls the current context and associated prospects, but also highlights the induced risks and identifies avenues for prevention and protection measures.

11h00 - 11h30: Asklépian conference

Fabien Fernandez: Chairman, DPO

«One man show: Ne subissez plus! : This RGPD that saves you time, money and gives meaning back to your employees» work."

How the RGPD optimizes organizations and adds value to the outsourced DPO.
With a clear, human approach, Fabien Fernadez simplifies complex concepts and builds trust within teams.

11:30am - 12:00pm: Digital Dress Conference

Oriana Labruyère, Lawyer and founder DPO certified ISO 27001 Lead Implementer

Title: «Artificial Intelligence: RIA contribution and data protection issues».»

The Artificial Intelligence Regulation (AIR) marks a key milestone in European AI regulation. This conference will present its classification of risk levels, the obligations imposed on suppliers and post-deployment monitoring requirements. It will provide DPOs with essential benchmarks for contractually framing the use of AI systems.

12:30 - 2:00 pm: Lunch

2:00 pm - 2:45 pm: DPO Forum Round Table (Meeting Room 1)

Moderator: Alexandrine Pantz (Légapôle Avocat Cabinet Pantz)

Panellists: Dastra; Asklépian; Cyblex-Consulting

«From RGPD to cybersecurity: how the DPO is becoming a key player in digital resilience».»

In a context where ransomware is exploding and the IA Act is imposing new requirements, the line between compliance and security is blurring, because cybersecurity is not just about tech, but also about the legal standards to be implemented. This conference will bring you:

A clear vision of the shared role between DPO and CISO, essential for protecting your data and your reputation.
Practical tools to turn compliance into a competitive advantage, thanks to automation and traceability.
Best practices immediately applicable to your organization, from prevention to crisis management.

3:00 pm - 3:45 pm: AFCDP Round Table (Conference area)

How do you ensure maximum protection for sensitive data in a centralized digital environment?

Speakers :

Véronique Bardet, Head of IT Security, Pierre Fabre
Oriana Labruyère, ISO 27001 Lead Implementer certified DPO - Founder of La Robe Numérique Avocat
Paul Hébert, Director of Legal Affairs, CNIL

Moderator : Bertrand Botrel,Director, AFCDP

At a time when organizations are increasingly concentrating their critical data in centralized environments, the issue of data protection is becoming strategic. How can we prevent the risk of data leakage or compromise? What solutions can be put in place to reconcile security, performance and regulatory compliance? This round-table discussion will provide concrete answers to these questions, as well as suggestions for action to strengthen the resilience of systems in the face of threats.