AGENDA. TIMINGS: 09:00 TO 16:30
CENTRAL EUROPEAN TIME (CET)
LINK FOR TIME CONVERSION: HTTPS://WWW.THETIMEZONECONVERTER.COM/
ALL DAY SESSION ON CURRENT, TOPICAL AND TIMELY GRC, GDPR,
DATA- PRIVACY, PROTECTION, IT-, CYBERSECURITY AND DPO ISSUES
Approximate timings due to the online nature and the Q/A sessions at the event
|
| 08:30-09:00 |
Registration and Initiation |
| 09:00-09:15 |
Welcome & Introduction to the GRC, GDPR And DPO Sessions
Opening Remarks from the Conference Chairman Lady Olga Maitland |
|
| 09:15-10:00 |
How to Prepare for The Data Breach and The Ethics Breach
- Break Down the Difference Between A Data Breach and An Ethics Breach.
- How to Define Key Insights to Avoid Data Breaches, and Lessons Learnt
Adv. Lorenza Villa, Lawyer - GDPR, DPO, RSPP E Sicurezza Sul Lavoro |
|
| 10:00-10:40 |
Guidance Issued by Global Regulators and Review Of The Latest GDPR Publications
- Data Protection Impact Assessment and Data Protection Officers
- EDBP Guidelines on Certification and Frameworks
- Cookie Directive, Cybersecurity Act, Digital Services Act, Digital Markets Act
Darine Fayed. General Counsel & DPO @ Mailjet |
|
| 10:40-11:40 |
A review and Elaboration on the key recommendation from EDPB
- Decisions in the 101 cases brought by NOYB (European Center for Digital Rights) during the various data inspections
Henning Mortensen, CISO/CPO/IT-Security Lead, Brødrene A & O Johansen A/S
This Presentation is in Danish |
|
| 11:40-12:20 |
The Schrems II Decision: What it Means for Privacy Programs
- Understand how transfer mechanisms play a part in privacy programs
- Gain insight into what the Schrems II decision means
- Understand what the future might look like for EU-US personal data transfers
Jacob Eborn, Privacy Consulting Manager, CIPP/E, Onetrust |
|
| 12:20-12:50 |
The Risk Gaps and The Impact of Digitalization To The Organisation, Employees And The Society
- Digital Technologies Make Employees Digital Nomads, With an Alleged Increase In Flexibility.
- How Do They Feel About This Change?
- What Are the Gaps, Fears and Feelings and Increased Human-Related Risks?
Prof. Emmanuel Fragnière, HES-SO Valais-Wallis University, Bath School Of Management |
|
| 12:50-13:10 |
BREXIT .... it hasn't changed a thing really ......... has it ?"
It is about time that we looked at what Brexit really has meant for the UK in respect of DP, and whether anything, actually, has changed
Simon Scales, FCMI - Special Advisor |
|
| 13:10-14:20 |
The Post-Brexit Landscape For Data Transfers, EU representation, Risk and Compliance
The Primary Corporate Concerns Of The Brexit For The UK And The EU
Panellists: David Doughty Cdir Fiod FCIM; Claus Andersen, Partner, Corporate & International, Royds Withy King; Gareth Garvey, Director, British Chamber Of Commerce, Simon Scales, FCMI - Special Advisor, Jacob Eborn, Privacy Consulting Manager, CIPP/E, Onetrust
Moderator: Lady Olga Maitland, Chairman, Copenhagen Compliance UK Ltd, Ex-MP
|
|
| 14:20-14:40 |
Minimising Privacy Risk from A Global DPO Perspective
- DPO, CISO, Controller or Processor? – (And the Risk Of Mixing Roles)
- Minimising the Aggregate Privacy Risk Vs Contract Sharing
- Using A Data Processor Modular DPIA And Data Flow
- Leveraging Binding Corporate Rules as Data Processor
Prof. Hernan Huwyler, CPA, MBA, Head Of Compliance Strategy, Danske Bank |
|
| 14:40-15:00 |
Optimising Data- Privacy, Protection, and IT security Mandates
- The advantages of implementing and streamlining GDPR and related mandates
- How to improve, integrate and create value from IT, and data compliance.
Kersi F. Porbunderwala, CEO, E-compliance Academy |
|
| 15:00-15:40 |
D-seal for responsible IT security and the use of data
- Doing the right things to keep an acceptable level of compliance
- How to support the specialists within the field to ensure that it-security
- Data protection continues to be a priority of the company
Kimie Ryager, Lead auditor, D-Seal |
|
| 15:40-16:10 |
How to Harmonise Data Protection In A Diverse EU and Global Corporate Context?
- Multiple Businesses, Entities, Territories, Authorities/ DPAs, Controls
- Networking and Stakeholder’s Coordination
- Approach on Cross-Context DP Processes (DPIAs, Data Breach, DPA Request, Etc.)
Karen Melchior, MEP at European Parliament |
|
| 16:10-16:30 |
Panel Discussion And Q/A Session: Each Speaker Will Address One of The Following Issues
- Identifying the Data Protection And Privacy Threats To An Organization
- How To Prepare For The Data Breach And The Ethics Breach
- Developing GDPR And Data Privacy, Data Protection Policies
- The Structural Basis Of The GDPR Policies, Procedures And Frameworks
- GDPR As A Platform For Improving IT Concepts
All Speakers and Anish Hindocha, Onetrust
|
|
| *Conference Program is subject to change. Conference language is English |
|
Subjects/items for inspiration and questions during the event
IT Governance Issues
How To Prepare For The Data Breach And The Ethics Breach
- Break down the difference between a data breach and an ethics breach.
- Define the key insights from recent data breaches and learn how to avoid these mishaps
- Gain an incident and breach toolkit to prepare the organisation ahead of a breach
Developing GDPR and Data Privacy, Data Protection Policies
- The structural basis of the GDPR Policies, procedures and Frameworks
- GDPR as a platform for improving IT Concepts
- Developing Privacy as a competitive advantage- leveraging the investment
Post-GDPR Effects
- Post-GDPR landscape in European jurisdictions
- Enforcement actions against EU companies under the GDPR;
- Guidance issued by local regulators touching on Data Protection Impact Assessment and Data Protection Officers
Guidance Issued By Local Regulators And Review Of The Latest GDPR Publications:
- Data Protection Impact Assessment and Data Protection Officers
- EDBP Guidelines on certification
- European Cybersecurity Act incl.
- European Cybersecurity Certification Framework
Establishing Data Privacy Culture & Risk Assurance
- Embedding privacy culture within the company & privacy by design measures;
- Conducting privacy impact assessments;
- Risk management at the corporate group level
GDPR Compliance Issues
Case Study; Overview Of GDPR Project At Company ABC
- The Key Compliance challenges
- The Corporate perspective vs Client point of view
- Important Implementation Lessons Learnt
GDPR 2.0 – Supporting The GRC and IT Security Momentum
- Best practices in data management and Security
- DPO 2.0 The journey continues...
- Disclosures and Notification obligations beyond GDPR
How to Harmonise Data Protection In A Diverse Context?
- Diverse context (multiple businesses, entities, territories, authorities/ DPAs, control approach, etc.)
- Networking and stakeholder’s coordination
- Approach on cross-context DP processes (DPIAs, data breach, DPA request, etc.)
- Generate trust through 3rd party assessment
Moving GDPR From Programme Implementation to Business as Usual
- Two-year GDPR programme transition is needed
- Embedding and integration of Risk Management processes is essential
- Continued focus and management attention for success is critical
GDPR Risk Management Issues
GDPR And Pseudonymization Solutions – Enabling Further Processing And Lowering Risks
- General legal and organisational requirements for pseudonymization examples
- Data protection focus group on pseudonymization
- How to eliminate the risk of Data Breach with Intelligent Pseudonymisation of Personal Data
GDPR; The Solutions and Processes for Lowering Risks
- The need for further processing for analytical and other big data processes
- The need for risk reduction
- Risk Assessments: The Touchpoints
Minimising Privacy Risk From A Global Data Processor’s Perspective
- DPO, Controller or Processor? – (and the risk of mixing roles)
- Minimising the aggregate privacy risk vs contract sharing
- Using a Data Processor modular DPIA and data flow
- Leveraging Binding Corporate Rules as Data Processor
GDPR Cyber-and IT Security Issues
Responding to Data Breaches – The Different (Lawyer, Corporate, Oversight) Perspectives
- Regulatory guidance and evolving practice under the GDPR
- The thresholds for notification requirements under the GDPR
- Legal considerations: Privilege, self-incrimination
- Contractual aspects and insurance
Privacy and Data Protection in The Age of Big Data & Algorithms
- Big data & privacy: main challenges
- Privacy and security by design as the way forward in the age of big data
- Big data and algorithms: challenges and opportunities
Ensuring Privacy and Concealing Biometric Data
- Concealing biometric PII with de-identification
- PII from facial recognition to avoid identity theft
- Privacy challenges in the age of facial recognition
- Lessons from the latest incidents involving facial recognition misuse
- Methods for dealing with AI-driven facial recognition
GDPR; How Can the Assessment of IT And Technical Measures Generate Trust
- High relevance due to the high amount of IoT devices
- Technical measures and State-of-the-Art required by the GDPR
- The need for further processing for analytical and other big data processes
- Data Scrambling Vs. Mapping techniques
Prof. Emmanuel Fragniere will privide the results of a 2019 qualitative survey
- The distinction between AI and digitalization.
- Every digitalization is not a software upgrade that must be accompanied by change management.
- What are the risks when digitization does not work
- How can the remaining employees ”take care of" the problems.