GDPR. The DPO Day Program |
| 09:00-09:10 |
Welcome & Introduction to TheDPO-Day Session
Opening remarks from the conference chairman |
|
| 09:10-09:45 |
How Can The Organisation Understand The Data For Data Privacy And Data Protection
Based on the results of a recent qualitative survey
- What are the risks when digitisation does not work
- The distinction between AI and digitaliaation.
- Digitalisation is not a software upgrade, it can be enhanced by change management.
- How can the management and employees take care ofthe problems.
Prof. Emmanuel Fragniere, University of Applied Sciences Western Switzerland (HES-SO Valais). University of Bath, School of Management |
|
| 09:45-10:30 |
The GDPR Journey At Danske Spil
- The GDPR implementation ride
- Obstacles/conflicts
- Surprising effects of the regulation
Rasmus Hestbæk Juul Jørgensen, Senior Compliance Manager, Danske Spil A/S |
|
| 10:30-10:45 |
Coffee Break |
|
| 10:45-11:30 |
Part IISO 27701 overview and practical implementation guideline
(This keynote is in Danish)
- Purpose, Structure, Applicability
- Expectations to usage going forward
Henning Mortensen, CISO / CPO, Brdr. A&O Johansen A/S
|
|
| 11:30-12:15 |
Part IIISO 27701 overview and practical implementation guideline
- Purpose, Structure, Applicability
- Expectations to usage going forward
Claus Andersen, Head of Cybersecurity & Data Privacy
|
|
| 12:15-13:00 |
Transitioning GDPR from a Compliance Checklist to ‘Business as Usual’
- Understand how to shift GDPR compliance efforts from a one-off activity into BaU
- Take home a step-by-step approach to ongoing GDPR compliance within your company
- How current GDPR efforts can set up for success with other global privacy laws
Per Jacobsen, Account Executive, OneTrust
|
|
| 13:00-13:30 |
Lunch |
|
| 13:30-13:40 |
Introduction toThe Afternoon Session onGDPR Execution Issues
- Remarks from The Conference Chairman
|
|
| 13:40-14:30 |
The Practical GDPR And Related Issues and Challenges Related To Brexit
- How to navigate the GDPR issues during the transition period
- How tosteer the implications and complications of a Brexit Execution Project?
Gareth Garvey, President,British Chamber of Commerce
|
|
| 14:30-15:00 |
Coffee Break |
|
| 15:00-16:00 |
How Can ISO 27701 Help to Designing, Implementing, Operatingand Improving A Privacy Information Management System
- Applications for the new ISO 27701 for GDPR and DPA compliance
- Key control objectives, requirement based on the ISO 27001 on information security
- How to prepare for an independent certification
Prof. Hernan Huwyler, CPA, MBA, UniversidadInternacional de La Rioja
|
|
| *Conference Program is subject to change. |
|
Agenda
IT Governance Issues
How To Prepare For The Data Breach And The Ethics Breach
- Break down the difference between a data breach and an ethics breach.
- Define the key insights from recent data breaches and learn how to avoid these mishaps
- Gain an incident and breach toolkit to prepare the organisation ahead of a breach
Developing GDPR and Data Privacy, Data Protection Policies
- The structural basis of the GDPR Policies, procedures and Frameworks
- GDPR as a platform for improving IT Concepts
- Developing Privacy as a competitive advantage- leveraging the investment
Post-GDPR Effects
- Post-GDPR landscape in European jurisdictions
- Enforcement actions against EU companies under the GDPR;
- Guidance issued by local regulators touching on Data Protection Impact Assessment and Data Protection Officers
Guidance Issued By Local Regulators And Review Of The Latest GDPR Publications:
- Data Protection Impact Assessment and Data Protection Officers
- EDBP Guidelines on certification
- European Cybersecurity Act incl.
- European Cybersecurity Certification Framework
Establishing Data Privacy Culture & Risk Assurance
- Embedding privacy culture within the company & privacy by design measures;
- Conducting privacy impact assessments;
- Risk management at the corporate group level
GDPR Compliance Issues
Case Study; Overview Of GDPR Project At Company ABC
- The Key Compliance challenges
- The Corporate perspective vs Client point of view
- Important Implementation Lessons Learnt
GDPR 2.0 – Supporting The GRC and IT Security Momentum
- Best practices in data management and Security
- DPO 2.0 The journey continues...
- Disclosures and Notification obligations beyond GDPR
How to Harmonise Data Protection In A Diverse Context?
- Diverse context (multiple businesses, entities, territories, authorities/ DPAs, control approach, etc.)
- Networking and stakeholder’s coordination
- Approach on cross-context DP processes (DPIAs, data breach, DPA request, etc.)
- Generate trust through 3rd party assessment
Moving GDPR From Programme Implementation to Business as Usual
- Two-year GDPR programme transition is needed
- Embedding and integration of Risk Management processes is essential
- Continued focus and management attention for success is critical
GDPR Risk Management Issues
GDPR And Pseudonymization Solutions – Enabling Further Processing And Lowering Risks
- General legal and organisational requirements for pseudonymization examples
- Data protection focus group on pseudonymization
- How to eliminate the risk of Data Breach with Intelligent Pseudonymisation of Personal Data
GDPR; The Solutions and Processes for Lowering Risks
- The need for further processing for analytical and other big data processes
- The need for risk reduction
- Risk Assessments: The Touchpoints
Minimising Privacy Risk From A Global Data Processor’s Perspective
- DPO, Controller or Processor? – (and the risk of mixing roles)
- Minimising the aggregate privacy risk vs contract sharing
- Using a Data Processor modular DPIA and data flow
- Leveraging Binding Corporate Rules as Data Processor
GDPR Cyber-and IT Security Issues
Responding to Data Breaches – The Different (Lawyer, Corporate, Oversight) Perspectives
- Regulatory guidance and evolving practice under the GDPR
- The thresholds for notification requirements under the GDPR
- Legal considerations: Privilege, self-incrimination
- Contractual aspects and insurance
Privacy and Data Protection in The Age of Big Data & Algorithms
- Big data & privacy: main challenges
- Privacy and security by design as the way forward in the age of big data
- Big data and algorithms: challenges and opportunities
Ensuring Privacy and Concealing Biometric Data
- Concealing biometric PII with de-identification
- PII from facial recognition to avoid identity theft
- Privacy challenges in the age of facial recognition
- Lessons from the latest incidents involving facial recognition misuse
- Methods for dealing with AI-driven facial recognition
GDPR; How Can the Assessment of IT And Technical Measures Generate Trust
- High relevance due to the high amount of IoT devices
- Technical measures and State-of-the-Art required by the GDPR
- The need for further processing for analytical and other big data processes
- Data Scrambling Vs. Mapping techniques
Prof. Emmanuel Fragniere will privide the results of a 2019 qualitative survey
- The distinction between AI and digitalization.
- Every digitalization is not a software upgrade that must be accompanied by change management.
- What are the risks when digitization does not work
- How can the remaining employees ”take care of" the problems.