The Dilemma of GDPR, Governance, Risk Management, Compliance and IT-Security Disruption.

  • About the Conference
  • Agenda
  • Speakers
  • Partners
  • Venue
  • Register
  • Call for Papers
  • Contact Us

agenda

Morning Session on GRC Issues

08:30-09:15 Registration and Breakfast
09:15-09:30 Welcome and Introduction to the conference and speakers
Lady Olga Maitland Chairman Copenhagen Compliance UL Ltd. Kersi F. Porbunderwalla, President and CEO, The EUGDPR Institute
09:30-10:00 GRC Oversight - A dilemma
Simon Scales, (former) Head of Investigations (EMEA) - BP, and The Pensions Regulator
10:00-10:30 THE END OF THE BREXIT NIGHTMARE OR LIGHT AT THE END OF THE THREE-YEAR TUNNEL?
  • What Are the Consequences, Challenges And Opportunities?
Stephen Booth, Director of Policy and Research, Open Europe
10:30-11:00 Coffee Break
11:00-11:30 Third-Party Risk Management: Overcoming Today’s Most Common Security & Privacy Challenges
  • Review the drivers and challenges organizations face when managing third-party vendor risk
  • Identify priorities before, during and after vendor procurement
  • Takeaway a six-step approach for automating the third-party vendor risk lifecycle
  • Hear real case studies from privacy experts on how to practically tackle the third-party vendor risk
Dave Horten, Solutions Engineer Manager, One Trust
11:30-12:00 How to Prepare for The Data Breach and The Ethics Breach
  • Break down the difference between a data breach and an ethics breach.
  • Define the key insights from recent data breaches and learn how to avoid these mishaps
  • Gain an incident and breach toolkit to prepare the organisation ahead of a breach
David Doughty, Chartered Director, Chief Executive,Chairman, Non-Executive Director
12:00-12:30 The Risk Gaps and the Impact Of Digitalization To The Organisation, Employees And the Society

Thanks to digital technologies, place and time have become less important than ever before. Employees have become digital nomads, benefiting from this alleged increase in flexibility.

However, little effort has been put forth to understand how they feel about this change. We led semi-directive interviews of people active in the economy of services in Geneva. The results highlight a gap between employees’ fears and feelings and research interests that may lead to increased human-related risks.

Emmanuel Fragničre, Professor, HES-SO Valais-Wallis
12:30-13:00 Panel Discussion
Post-GDPR Effects
  • Post-GDPR landscape in European jurisdictions
  • Enforcement actions against EU companies under the GDPR;
  • Guidance issued by local regulators touching on Data Protection Impact Assessment and Data Protection Officers
Barry J Coatesworth, Chief Security officer | Non-Executive Director | Technology executive
Linda Bazant, Brexit Consultant, GDPR Adviser
13:00-13:30 Lunch

Afternoon Session on GDPR Issues

13:30-14:00 Guidance Issued by Local Regulators and Review Of The Latest GDPR Publications
  • EDBP Guidelines on GDPR certification
  • European Cybersecurity Act incl.
  • European Cybersecurity Certification Framework
Linda Bazant, Advocate, Brexit Consultant, GDPR Adviser
14:00-14:30 Establishing Data Privacy Culture & Risk Assurance
  • How to embed Data- protection, processing and business practices in an organisation’s processes, policies and business practices
  • How to adopt an enterprise approach to data protection, and comply with the data subject rights
  • How can data ethics mitigate business risks
David Clarke FBCS, Chief Technology Officer, The Trust Bridge
14:30-14:45 Coffee Break
14:45-15:15 The role of the GDPR Representative after Brexit Clive Mackintosh, Head of Data Protection, Data Priva
15:15-15:30 Minimising Privacy Risk from A Global Data Processor’s Perspective
  • DPO, Controller or Processor? – (and the risk of mixing roles)
  • Minimising the aggregate privacy risk vs contract sharing
  • Using a Data Processor modular DPIA and data flow
  • Leveraging Binding Corporate Rules as Data Processor
David Gyori, CEO, Banking Reports
15:30-16:00 What are the primary corporate concerns of the Brexit for the UK and the EU
Lady Olga Maitland, Chairman, Copenhagen Compliance UK Ltd, Ex-Member of Parliament and Jr. Defence Minister
16:00-16:30 Demonstration Session One Trust Privacy Software


Workshop. Parallel session

Fireside Debate and Chat
09:15-09:30 Welcome and Introduction to the Workshop
Lady Olga Maitland Chairman Copenhagen Compliance UL Ltd.
Kersi F. Porbunderwalla, President and CEO, The EUGDPR Institute
09:30-11:00 Machine Learning and Artificial Intelligence in Cybersecurity
  • Why is cybersecurity a significant component of IT Security
  • How to address Cybersecurity issues in Cloud, Mobility, and Network
  • How to protect the Network and Cloud from IT- and Cybersecurity issues and concerns
Shiva Narayana, PhD, CEO - iBANK
11:00-11:30 Coffee Break
11:30-13:00 Effective strategies in investigating the IT and cybersecurity, Data Protection and Data Privacy incidents.
  • How to comply with the new global data protection regulations to protect and regulate the use of an individual’s privacy data
  • The key steps the Data Protection / Security officer in any organisation will need to take when a breach or potential breach is suspected?
  • Has your company taken the right measure to avoid data breaches and mitigate the risk?
  • Is your 3rd party network prepared?
  • Identify the right processes to manage a breach to ensure the right remedial action?
  • We look at a 9 step approach to mitigate risk and manage security incidents.
David Clarke FBCS, Chief Technology Officer, The Trust Bridge
Penny Heyes, Chief Commercial Officer, The Trust Bridge
13:00-13:30 Lunch

Afternoon Workshop Session

Fireside Debate and Chat
13:30-15:00
  • GDPR and GRC Opportunities and Challenges for IT Governance and Compliance
  • Cyber security: Global Cyber threat – The elephant in the boardroom
  • The ‘International Integrated Reporting System’: An integrated global approach for performance monitoring and reporting
  • ISO 27701 for GDPR Controls and Certification
Kersi Porbunderwala, CEO, the EUGDPR Institute, The Information Security Institute
15:00-15:30 Coffee Break


The conference is

SOLD OUT

For inquiries regarding waiting list and cancellation please contact PM Maneck Nielsen at maneck@eugdpr.institute or +45 2292 1338.

Boost your knowledge and address the GDPR challenges at the workshop

Our deep-dive workshops will improve, refine and sharpen your hands-on capabilities on the data you need to address the GDPR challenges. You can participate in the 12th annual GRC and IT Security Summit or register for the GDPR Bootcamp separately.

This workshop will provide the techniques for implementing or updating the compliance program to fit your organisation. The primary components of the workshop are:
  • IT Security and Data Breach
    • How can we prevent abuse or misuse of personal data
    • How do we address violations
    • What are the remedies that we use to correct the faults and errors?
  • Privacy by Design: Understanding the Mandates and The Practical Dimensions
    • What are the legal basis of IT and cyber security compliance in the organisation
    • How to ensure consistent consent from data subjects to secondary processing
    • The review of the audit process for implementing change in processing personal data?
  • Data Privacy Impact Assessments: The Full Picture
    • How should regularly reviews of the data and process (regular data flow mapping, audits, risk assessments and reviews) to ensure the legal basis has not changed
    • How is the personal information is collected and used?
    • Do we use data exactly for the purpose it was collected
  • Top Operational Responses to GDPR: What To Do and When
    • We walk through a couple of step-by-step experiences.
The realities of data breach notification and responses require exceptional in-house communication (with information on what to do before, during, and after an incident occurs) to prepare the organisation for a violation, handle tricky multi jurisdictional legal notices.

Therefore, if you are uncertain that your team is ready for the biggest European data protection reform in 20 years, this workshop will help you prepare. The two experts together with an IT Security manager offer a practical, hands-on view of the essential assessment of the GDPR with knowledge about key concepts, scope of application, individual rights, core principles, compliance in practice, accountability, data protection impact assessments and more.

Key takeaways:
  • The immediate actions to take when presented with a potential data breach
  • How to handle cyber security and lower the risks and exposure to IT and data breaches
  • Regulatory Developments; Info security, Trans-Border Data Flow,
  • Learn practical techniques for implementation of a privacy program fitting your organisation
  • Learn from two industry veterans who will help highlight the differences between the new regulation and earlier directives
Bootcamp moderators; Alan Calder, CEO IT Governance and Kersi Porbunderwalla Secretary general Copenhagen Compliance UK Ltd.

DPO Day

IT Governance Issues

How To Prepare For The Data Breach And The Ethics Breach

  • Break down the difference between a data breach and an ethics breach.
  • Define the key insights from recent data breaches and learn how to avoid these mishaps
  • Gain an incident and breach toolkit to prepare the organisation ahead of a breach

Developing GDPR and Data Privacy, Data Protection Policies

  • The structural basis of the GDPR Policies, procedures and Frameworks
  • GDPR as a platform for improving IT Concepts
  • Developing Privacy as a competitive advantage- leveraging the investment

Post-GDPR Effects

  • Post-GDPR landscape in European jurisdictions
  • Enforcement actions against EU companies under the GDPR;
  • Guidance issued by local regulators touching on Data Protection Impact Assessment and Data Protection Officers

Guidance Issued By Local Regulators And Review Of The Latest GDPR Publications:

  • Data Protection Impact Assessment and Data Protection Officers
  • EDBP Guidelines on certification
  • European Cybersecurity Act incl.
  • European Cybersecurity Certification Framework

Establishing Data Privacy Culture & Risk Assurance

  • Embedding privacy culture within the company & privacy by design measures;
  • Conducting privacy impact assessments;
  • Risk management at the corporate group level

GDPR Compliance Issues

Case Study; Overview Of GDPR Project At Company ABC

  • The Key Compliance challenges
  • The Corporate perspective vs Client point of view
  • Important Implementation Lessons Learnt

GDPR 2.0 – Supporting The GRC and IT Security Momentum

  • Best practices in data management and Security
  • DPO 2.0 The journey continues...
  • Disclosures and Notification obligations beyond GDPR

How to Harmonise Data Protection In A Diverse Context?

  • Diverse context (multiple businesses, entities, territories, authorities/ DPAs, control approach, etc.)
  • Networking and stakeholder’s coordination
  • Approach on cross-context DP processes (DPIAs, data breach, DPA request, etc.)
  • Generate trust through 3rd party assessment

Moving GDPR From Programme Implementation to Business as Usual

  • Two-year GDPR programme transition is needed
  • Embedding and integration of Risk Management processes is essential
  • Continued focus and management attention for success is critical

GDPR Risk Management Issues

GDPR And Pseudonymization Solutions – Enabling Further Processing And Lowering Risks

  • General legal and organisational requirements for pseudonymization examples
  • Data protection focus group on pseudonymization
  • How to eliminate the risk of Data Breach with Intelligent Pseudonymisation of Personal Data

GDPR; The Solutions and Processes for Lowering Risks

  • The need for further processing for analytical and other big data processes
  • The need for risk reduction
  • Risk Assessments: The Touchpoints

Minimising Privacy Risk From A Global Data Processor’s Perspective

  • DPO, Controller or Processor? – (and the risk of mixing roles)
  • Minimising the aggregate privacy risk vs contract sharing
  • Using a Data Processor modular DPIA and data flow
  • Leveraging Binding Corporate Rules as Data Processor

GDPR Cyber-and IT Security Issues

Responding to Data Breaches – The Different (Lawyer, Corporate, Oversight) Perspectives

  • Regulatory guidance and evolving practice under the GDPR
  • The thresholds for notification requirements under the GDPR
  • Legal considerations: Privilege, self-incrimination
  • Contractual aspects and insurance

Privacy and Data Protection in The Age of Big Data & Algorithms

  • Big data & privacy: main challenges
  • Privacy and security by design as the way forward in the age of big data
  • Big data and algorithms: challenges and opportunities

Ensuring Privacy and Concealing Biometric Data

  • Concealing biometric PII with de-identification
  • PII from facial recognition to avoid identity theft
  • Privacy challenges in the age of facial recognition
  • Lessons from the latest incidents involving facial recognition misuse
  • Methods for dealing with AI-driven facial recognition

GDPR; How Can the Assessment of IT And Technical Measures Generate Trust

  • High relevance due to the high amount of IoT devices
  • Technical measures and State-of-the-Art required by the GDPR
  • The need for further processing for analytical and other big data processes
  • Data Scrambling Vs. Mapping techniques