The chances are that many organisations will not be fully compliant by May 2018, particularly if they were late getting their strategy off the ground. This is not, necessarily, the disaster that some have implied it will be. The GDPR is often presented in a manner which suggests that if victims of data breaches are not informed within 72 hours for example, companies will be in breach of European law and immediately levied with enormous fines. The reality is altogether less certain.
The GDPR contains a number of phrases such as “reasonable steps,” ”undue delay,” and “disproportionate effort.” The actual day-to-day definition of these terms is likely to be decided in courts over the next few years. Whilst no company would wish to be a test case, a wise strategy for those who are not confident that they will be fully compliant with GDPR mandates would be to not panic, and demonstrate that to customers, auditors and stakeholders that they are progressing strongly towards the ultimate goal of compliance.
This webinar will make a case for viewing the GDPR from a positive viewpoint. Whilst it increases the burden on organisations it is also creating opportunities. The new organisational structure that the GDPR requires (and the increasingly frequent role of the Data Protection Officer) (DPO) means that the subject of data privacy and security are likely to combine, and that changes are more likely to be driven from the top of organisations. This is a welcome change for security professionals who often feel as if they are up against a prevailing culture where non-technical employees continually underestimate the importance of strong data security practice. Arguably the GDPR is simply good data house-keeping.
Editor, ComputingView presenter info
Stuart Sumner is editorial director of Computing, V3 and the Inquirer.
During his time at Incisve Media he has overseen the transition of Computing from a print-first publication, to a truly multi-channel media brand encompassing events, website and apps, whilst ensuring it retains the same depth and authority of content on which its reptuation is founded.
He is also responsible for Computing's sister titles V3 and the Inquirer.
Previously he spent 10 years in the IT industry as a programme manager, where he was responsible for the delivery of corporate WAN rollouts for global blue-chip companies.
Stuart has also written for Time Out and IPC Media, and in his spare time writes scripted comedy for TV and radio.
Security Risk and Compliance Officer, Carbon BlackView presenter info
Christopher Strand leads Carbon Black’s security risk, audit, and compliance sales and marketing strategy. With more than 20 years of information technology and compliance experience, Christopher oversees the development of enterprise network and application security solutions that help organizations deploy proactive security to maintain, measure, and improve their compliance and risk posture.
Previously, Strand held security/compliance positions at Trustwave, Tripwire, EMC/RSA, and Compuware. Strand is a PCI Professional (PCIP) and trained QSA and has been certified on and is proficient with other regulatory disciplines including HIPAA, NERC CIP, SOX/GLBA, and multiple IT Security baseline practices and frameworks such as ISO 27001 and NIST.
Strand’s security risk model presentation topic is featured regularly and he speaks about security and compliance issues and best practices in keynotes, on webinars, and at many industry conferences. He has authored several white papers, published many articles in security industry journals and books, has been an expert witness on cyber security events, and is frequently quoted as a thought leader by many leading media outlets.
Dr W Kuan Hon
Director, Privacy and SecurityView presenter info
Dr W Kuan Hon, a Director with Fieldfisher's Privacy & Security team, specialises in data protection/security law, cloud computing and other technology issues. A solicitor and (non-practising) New York attorney, with degrees in law and computing science including a joint law/computer science doctorate, Kuan has also benefited from technical security training (e.g. UK Cyber Security Challenge's 2015 pen testing camp).
Kuan is an Editor of the Encyclopedia of Data Protection and Privacy, a Fellow of the Open Data Institute, and previously sat on the British Computer Society's Information Privacy Expert Panel. Kuan regularly speaks at events, having presented for ENISA, the Cloud Security Alliance and CERN. Her book Data Localization Laws and Policy argues for a focus on security over geographic data location. She was lead author of eight chapters of Cloud Computing Law. Kuan's articles, many with collaborators, have been published e.g. by the IEEE, Journal of International Data Privacy Law, Society for Computers and Law and Stanford Technology Law Review.
Kuan was a finance/insolvency lawyer before completing a Computing Science MSc and moving into technology law. She was also formerly senior researcher, cloud law, with Queen Mary University of London.
Kuan's personal website: http://www.kuan0.com