Developers want 'specs'. The DPO required privacy / data protection by design (PbD) like article 25 GDPR. The project manager only manages the project. The product / process manager has no clue how to translate "article 25 GDPR" to his product or process. Bloody hell, what a mess. And we are not even taking into account that parts of this project are outsourced.
Yes, implementing PbD is not easy. It is hardly defined, so getting there requires work, or more correct collaboration. If everybody says "not my job" you end up with a disaster, a Frankenstein's monster at best. Thinking PbD from the beginning gets you off to a good start. But then there is the matter of making PbD tangible, specific, so the business and/or IT can document it, implement it, and control it. Not an easy feat.
KULeuven's PIERRE DEWITTE has been working on that issue with colleagues. They have come up with the PRiSE meta model which might help bring the people in your organisation together around the notion of PbD.
=> For more info on Pierre Dewitte, check out https://www.law.kuleuven.be/citip/en/staff-members/staff/00117807
Of course this is also an opportunity to discuss how you have implemented or would implement PbD.
The law firm Time.Lex (a niche law firm that a.o. assembles experts on data protection) is so kind to host the event in their offices, which are at walking distance from Brussels' central railway station.
==> For more info on Time.Lex, check out https://www.timelex.eu/en