PROGRAM





Conference Program - Morning Session on GRC Issues

09:00-09:10 Welcome and Introduction to the conference and speakers
Kersi F. Porbunderwalla, President and CEO, The EUGDPR Institute
09:10-09:25 What Are the Current Corporate Concerns and Challenges of The Brexit
Lady Olga Maitland, Chairman, Copenhagen Compliance UK Ltd, Ex-Member, Parliament and Jr. Defence Minister
09:25-09:30 The British mentality concerning BREXIT. What now?
Mariano A. Davies, CEO, Boss Certificate
09:30-10:00 The Motivation for A Successful GRC Implementation
  • What Are the Primary Cultural Issues?
  • An Integrated Framework of Board and Management Activities
  • The Critical Challenges Involved in Achieving Exact Cultural Change
Pui Fong Yau, Manager Internal Controls, GN Stornord
10:00-10:30 The GAP between advisor and customer - can technology help?
Steen Rath, CCO, RISMA Systems
10:30-10:45 Coffee Break, and three GDPR related items
10:45-11:15 The Perfect Storm: When Cyber-Attacks Meet GRC Processes
  • How to Navigate A Data Breach Under the New Regulations?
  • Contents: Recommendation of Steps for Different Scenarios, Selecting Data Recovery Tools
  • Tips for Controls and Policies on Personal Data Security, And Ideas For Compliance Preparation
Aarti Bangera Acevedo, Group Risk and Operations Manager at ISS A/S
11:15-11:45 Incident and Breach Management: Building a Harmonized Response Plan for Privacy & Security Teams
  • How to build an incident and breach response plan that fits the needs of privacy and security teams
  • Breakdown what stakeholders, teams, tools and processes should come together in the event of an incident or breach
  • Understand how to maintain a consistent approach to incident response while complying with privacy regulations across the globe
Ryan Edge, Senior Privacy Engineer OneTrust
11:45-12:15 How and why India became successful as the world's largest democracy?
HE Ambassador of India to Denmark, Mr Ajit Gupte
12:45-13:30 Lunch and GRC Compliance items
13:30-14:00 Integrated Risk Management, as a critical factor, to avoid a corporate catastrophe
  • The importance of having IT Risk integrated into the risk registry, reporting and disclosures of all business risks.
  • What it means for management's ability to respond- as they will do to other threats.
  • How to implement, monitor and manage-without bias.
Kim Aarenstrup, Executive Advisor NCC Group, Ex. Head of National Cybercrime Center
14:00-14:30 GRC conditions for better disclosures and data quality: Is XBRL a solution?
  • Issues on global data quality since the collapse of Lehman Brothers and the financial crisis
  • Is XBRL a tool and a solution to improve the data quality and the foundation for GRC?
  • The current status and the future regarding data quality and disclosures?
Poul Kjær, Policy Advisor at the Danish Shareholders Association, Chairman XBRL Denmark
14:30-14:45 Coffee Break the three items on Financial Services GRC issues and wrap-up
14:45-15:15 How do the none Executive board monitor compliance and AML in a bank
  • Framework – legislation and the Role of the Danish Financial Supervisory Authority
  • The AML responsibility of the Board of Directors
  • The Controls, Assessments and Advice/Guidance, Internal Reporting
Torben Nielsen, Chairman, SydBank and Vice Chair, Tryg Gruppen
15:15-15:30 When siloed organisations respond to enterprise-wide compliance and risk mandates, a lot can go wrong
  • The example at Danske Bank, Swedbank, Nordea and Københavns Andelskassse
  • How to identify, document and govern AML compliance across structured and unstructured databases
Kersi F. Porbunderwalla, President and CEO, The EUGDPR Institute
15:30-15:45 Panel: How to ensure that Compliance brings true value to financial undertakings and groups
Helle Meinche, Head of Regulatory Risks, Realkredit Danmark, Torben Nielsen, Chairman Syd Bank
15:45-16:15 Establishing a state-of-the-art Corporate Risk Culture at Nets A/S
  • A Governance Review of The Latest Global Scandals
  • Lessons Learned and the Path Forward
Stephanie Bouju, Risk Incident Manager at Nets Group
16:15-16:45 Good governance and combined assurance between Security Risk Management & the DPO Office
  • How to strengthen the link, improve cooperation and set the right frame for ways of working
Michael Kayser Vestergaard, Head of Security Risk Management, The TDC Group
*Conference Program is subject to change. The Conference Language is English


DPO Program - 9TH May 2019

09:00-09:10 Welcome & Introduction to The DPO-Day Session.
Opening Remarks from The Chairman & Co-Chair
09:10-09:45 GDPR Controls with internal and external stakeholder
  • The Most Common Security & Privacy Challenges
  • How to Address Outsourcing Operations That Alleviate Business Challenges?
[speech will be in Danish]
Henning Mortensen, CISO / CPO, Brdr. A&O Johansen A/S
09:45-10:30 How to Streamline Post-Implementation GDPR Processes and Procedures
  • Put in Place to Third-Party Vendor Risk Management, Audit and Incident Management
Ole Brams, VP Danske Bank
10:30-10:45 Coffee Break
10:45-11:15 Data Processing Agreements
  • Prerequisites for determining appropriate technical and organisational measures
  • Method for determining appropriate technical and organisational measures
  • Guidelines for supervision of data processor and sub-processor based on ISO 27000
David Ulrik Kristiansen, DPO, Statsforvaltningen (The State Administration)
11:15-11:45 A privacy-focused workforce - an essential element of a GDPR privacy program
  • Why did organisations fail with sub-standard implementation?
  • The foundations to be able to successfully address the GDPR topics
Tim Clements, CIPP-E, CIPM, CIPT, FIP
11:45-12:15 Risky Business: A DPO’s Guide to Risk Scoring
  • Understand various approaches to conducting risk assessments
  • Learn how to define a risk criteria and how to calculate risk level
  • Learn how to tailor your privacy and security programs using a risk-based approach
Ryan Edge, Senior Privacy Engineer OneTrust
12:15-13:00 Integrated Risk Management, as a critical factor, to avoid a corporate catastrophe
  • The importance of having IT Risk integrated into the risk registry, reporting and disclosures of all business risks.
  • What does it mean; management's ability to respond- as they will do to other threats.
  • How to implement, monitor and manage GDPR -without bias
Kim Aarenstrup, Executive Advisor NCC Group, Ex. Head of National Cybercrime Center
13:00-13:30 Lunch
13:30-13:40 Introduction to The Afternoon Session on GDPR Execution Issues
  • Remarks from The Conference Chairman and Co-Chai
13:40-14:30 Almost one year with GDPR
  • The projects are finished but is GDPR still the top priority?
  • Maintain strong focus and do not make compliance just another checklist.
  • Inputs on how to plan controls and ensure follow-up.
Thor Ahrends, Danmarks Nationalbank, Legal Compliance Officer & DPO
14:30-15:15 Coffee Break
15:15-15:40 Panel Discussion; The Unintended Consequences GDPR Mandate
  • Issues for The Sales and Marketing Team, Reporting Breaches and Data Subject Access
15:40-16:30 The Importance of Conducting Risk Assessments Under GDPR As A Global Privacy Law
  • A scenario-based approach to risk assessment with examples on how to tailor your approach based on risk level
Aarti Bangera Acevedo, Group Risk and Operations Manager at ISS A/S


The 12th annual Nordic GRC and IT Security conference will bring together compliance, risk, and audit executives from corporations from the Nordics and around the EU. The conference agenda will feature keynote panels and presentations, breakout sessions – including multiple networking opportunities.

This is an overall general preview of the 2019 GRC and IT Security conference agenda, curriculum and program, with inspiring Governance, Risk Management, Compliance and IT-Security (GRC) topics and issues during the plenum, parallel, workshop and breakout -sessions, at the 12th Annual Nordic GRC summit on the 9th May 2019 in Copenhagen.

The annual GRC conferences are known for attendee participation, live, and productive debate and knowledge sharing. During the sessions, we will conduct a series of surveys with interactive voting for table discussions on the results.

The 12th Annual Nordic GRC summit on the 9th May 2019 is known for an abundance of expert speakers, attendee dialogue and participation, productive debate and knowledge sharing. During the sessions, we will conduct a series of surveys with interactive voting on some GRC issues for table discussions on the spontaneous results.

The conference attracts the participation of governance, compliance, risk, audit, IT and legal executives from corporations around Europe Besides plenum and keynote speakers; we have concurrent panel discussions, workshops, parallel sessions and presentations that deliver high-quality GRC content to suit all trades.

At the conference 15+ speakers and panelists will place their GRC and IT Security expertise on display and offer analysis, views and predictions on what might lie ahead for the enforcement and regulatory climate related to governance, risk management, compliance and IT security officers and their teams.

GENERAL GRC, GDPR DATA AND IT SECURITY TOPICS
  • GRC, GDPR and IT Strategy
  • Compliance in Cybersecurity
  • Business Continuity
  • Policies, objectives Governance, Risk Management, Compliance and GDPR
  • Ensure Effective Management and Adequate levels of GRC, GDPR Resources and Compliance
  • GRC, GDPR and IT Legal Issues
  • Assess the performance of HR, Marketing, and GRC departments
  • Data, Information and Cyber Security Compliance

Introduction to Global, GDPR, Data Privacy, Cyber Security and Data Protection Issues
  • GDPR: the story so far…Where are we now
  • The new data protection Landscape
  • Data protection: a consumer perspective
  • Addressing the subjectivity of GDPR
  • Shifting GDPR from project to production
  • Creating a data privacy culture in your organisation
  • Using GDPR to propel business forward
  • An international approach to data protection
  • The new black: how data is the unique competitive advantage
GDPR Components and Issues
  • Practical implications of privacy and GDPR delivery
  • The disaster recovery: get back up and running as fast as possible
  • Protecting data privacy and consumer rights
  • Managing cross-border compliance
  • Managing SARs and individual rights
  • Data breach prevention and response
  • Managing consent: increasing revenue, trust and transparency
  • Subject access rights: GDPR implementation guide Continuing the GDPR compliance journey
  • Challenges to data profiling under GDPR
  • The Key components of third-party data Compliance
Global Compliance Issues
  • NIS (network and information systems) directive: compliance and guidance
  • The ISF Standard of Good Practice for Information Security and its role in developing data protection frameworks
  • Face recognition technology in the context of GDPR
  • What's ahead for ePrivacy regulation
  • ePrivacy: how to align with GDPR, PECR, NIS and other compliance mandates
  • The future of marketing and data protection and ePrivacy
Global GRC and GDPR Marketing
  • Creating a compliant brand’s data strategy
  • How data can be used and its impact on brand behaviour
  • Marketing and advertising in a regulated GDPR landscape
  • Marketing, legitimate interests and concerns around consent
  • PR in breach responses: how companies can deal with them effectively
  • GDPR and direct marketing: what you need to know
  • Opportunities and challenges for marketers
  • The future of advertising post-2018
  • Marketing technology: the role in GDPR compliance
  • The rise of contextual advertising at the expense of personalised advertising
Cybersecurity
  • Achieving a robust cybersecurity policy:
  • The emerging security threat landscape
  • The future of cybersecurity
  • The state of cybercrime and the elusive cybercriminals: targets and tactics
  • What are the latest developments in cybersecurity?
  • Hacking and cybercrime: what you need to know
  • Cybersecurity breaches: how to deal with them effectively
  • Cybersecurity and BYODs: managing the internal threat
  • Emerging tech trends transforming cyber and privacy
Global GRC and GDPR in Financial Services
  • GDPR for financial services – compliance burden or chance to build customer Trust?
  • GDPR and anti-money laundering compliance
  • The changing landscape of financial services related to GDPR
  • Data privacy and Data Protection Challenges and strategies for MiFID II
  • The outlook for regulation in financial services
  • What are the implications of PSD2 and open banking for organisations? Cryptocurrency and GDPR regulations developments
  • RegTech and the Nexus with Data Protection
  • How PSD2 can assist with third party regulatory obligations Fighting against financial crime
  • Increased security requirements for KYC data PSD2 vs GDPR: the other side of the argument
Global GRC and GDPR, Cloud, Data, IT, Bigdata and Technology
  • Is all data the same? assessing the content of big data for security purposes
  • Data Loss Prevention: Protecting the data that matters
  • Aligning emerging technology in the context of Compliance data protection
  • Technology: reshaping the data protection landscape
  • The latest developments in cloud technologies
  • Technology, GDPR and cross-border data transfers
  • Cloud Security and incident reporting under the NIS directive
  • Aligning technology for data protection
  • Emerging tech trends transforming data protection
  • Securing your network with cloud containers
  • Managing your data through IoT and data protection
Global GRC and GDPR IT and Data Governance Issues
  • The impact of GDPR on the Stakeholders
  • Crisis management: leadership, PR and social media
  • Regaining trust with all stakeholders: change in attitudes towards data Governance, privacy, and ethics
  • The new realities of data governance in a regulated world
  • Protection of intellectual property and trade secrets from insiders
  • GDPR's effect on global data protection policies
  • GDPR and the updated components of accountability, trust and transparency
Global GRC and GDPR Risk Management Issues
  • Qualitative and Quantitative approaches to information risk assessments
  • Integrate Risk Management as the Single Source
  • Risk Management Across Borders
  • The importance of BYOD policies in managing data protection risks and compliance
  • Role of the data protection officer, and the shift towards evidence-based compliance
  • Assessing your GRC, Cyber and GDPR vulnerabilities: a risk management perspective
Case Study
  • Key learnings from infamous data breaches
  • GDPR journey post implementation: a case study
  • A case study in IT, Data and Cyber Security Assurance – the business value proposition
  • Response and recovery planning: a case study
Future, Cyber Security, Blockchain, AI
  • Privacy challenges and solutions for blockchain
  • GDPR and the future for RegTech, risk management and cybersecurity
  • The future of personal privacy and data protection over the next three years
  • What is the future of cloud technologies and data protection
  • Artificial intelligence: privacy concerns and solutions
  • The Future of GDPR and Data Privacy using Blockchain technology
  • Decentralising privacy: using blockchain to protect personal data