Events Calendar

GDPR- Plan to be Ready, Prepare to Set, Change to Go - Session 2: Personal Data
Thursday 23 February 2017, 08:30am - 07:00pm
Hits : 1169
by This email address is being protected from spambots. You need JavaScript enabled to view it.


gdpr bannerweb

Data protection and data breach notification are no longer a media relations issue or opportunistic PR choice: It is law, with fines amounting up to 4% of the organization’s worldwide turnover. Not complying to the EU General Data Protection Regulation (GDPR) can lead to a financial drain equal to breaking EU Competition Law; a devastating amount for any business! The GDPR will affect almost every business that collects or handles the personal data of any European citizen. The legislation is welcome news for consumers who will get more say over how their data is handled, rights to be forgotten and transparency of data breaches. For organizations, the far-reaching nature of the GDPR means every aspect of a business will feel its impact and, in places, entire processes will need to be replaced or set up from scratch. GDPR covers a wide range of issues relating to personal data, such as privacy, monitoring and security. It compels businesses to apply privacy by design, disclose personal data breaches within 72 hours and encrypt the data they hold.

 

Session Materials:

Materials are now available for download. Attending to the event was free, but we charge a minor fee for the materials in order to ensure some income for the organization. As a non-profit organization, due to tax reasons, a small charge is asked to cater for the incurred costs. You will be transferred to Payloadz.com and be asked to pay for 121 € (100 € excl, 21% VAT). You will be able to receive an invoice if you leave your company details and PO number. Once paid, you will receive a downloadlink to download the .zip with all materials. 

LSEC continues to support creating awareness on information security, will try to lower the barrier for ict security professionals. With this mechanism, all attendees have evaluated the value of the presented materials and can easily contribute to the future activities. 

 


LSEC GDPR Activities 2016-2018

The EU General Data Protection Regulation is the most important change in data privacy regulation in 20 years…and we're here to make sure you're prepared ! Our aim is to provide at least 5 sessions where different aspects of the GDPR implementation will be investigated in depth, on the basis of the legal principles, experiences on implementation and indication which tools might be supportive of these implementations. The seminars are oriented towards DPO’s & other privacy officers, CISO’s, CIO’s, legal counsel, compliance officers, tax & audit, Company Directors, Business and Technology Managers, business people who should be involved in the data protection of their customers and partners. It is a unique combination of regulatory requirements, business impact and challenges for practice that we are focusing on, a difference from either the pure legal or technology perspectives. In a first session, on December 19Th, the aim is to present the basics and the general overview, already with some current challenges and ideas, followed by the detailed sessions in 2017.

Session 2: Personal Data Discovery & Data Protection Officer (DPO)

Topics

• personal data localization
• which personal data
• is it in compliance
• did you get consent for current (and future) actions and activities
• ensuring protection against data leakage
• ensuring governance and data access management restrictions
• assigning DPO
• best practices and experiences

Agenda

• 08.30: Breakfast, Registration & Networking

• 09.45: Introduction & agenda setting by Ulrich Seldeslachts, LSEC, chairman of the day
During this introduction, Ulrich will outline the LSEC activities in relation to data protection and the interest for the association of ICT security companies and practitioners in being involved. Ulrich will be chair of the day, and as the moderator throughout the day, aiming to learn from the panels in order to provide guidance to both practitioners and advisory throughout 2017.

About Ulrich:
Ulrich Seldeslachts is the executive director of LSEC, a not for profit industry association focused on Information Security in Europe, based out of Belgium. Since 2012, LSEC has been leading industrial developments in transactional security and cyber security. Based upon its prior expertise in IT Systems Security and cyber security, LSEC is playing an active role in the development of security policies and practices in the domain. Prior to LSEC, Ulrich was responsible for the corporate development of a US-European Broadband wireless operator, a broadband internet operator, a security engineering company, and many other innovative projects. He is a corporate advisor to various VC’s in security, telecoms, ICT and media. He works as an independent columnist for various professional publications. Ulrich holds a BA in Communication Sciences, postgraduates in Computer Sciences and Economics and an MBA from LBS

Data Discovery & Consent:

10.20: Data Discovery & DLP from the Architecture Perspective, by Peter Vandeputte, (replacing Koen Maris, CTO) Cyber Security at Atos:
Koen started his professional career as Software Engineer. In 1999, he swapped software development for IT Security. He joined Ubizen, where he was respomsible for implementing and managing security across Europe for a prestigious bank in Luxembourg. In 2003 he moved to Credit Suisse in Luxembourg; and to the management side of information security Ever since, Koen has been active in consulting for information security management and governance; advising architects and engineers on how to translate the information security strategy into operational processes, security architecture and implementation

• 10.45: Consent Management: Legal & Organizational Considerations by Hans Graux, lawyer and founding partner at Time.lex
Among the many legal innovations of the GDPR, one of the more significant changes is its approach to consent. Consent will become harder to get, more complicated to prove, and easier to revoke. Is it still worthwhile to aim for consent, and if so, how should you organise yourself? Will other justifications for the legitimate processing become more prevalent in practice? And how will the specific provisions protecting minors impact your business? This legal section will provide you with a full background on the changes in consent rules for the future. 
About Hands Graux: Hans is a founding partner at time.lex, a member of the ICT Committee of the Council of Bars and Law Societies of Europe (CCBE), a Member of the ICT Committee of the Order of Flemish Bars, and an independent legal expert in the Flemish Supervisory Committee (Vlaamse Toezichtscommissie). Having graduated in Law in 2002, he obtained a complementary degree in IT in 2003. This combination makes him the ideal specialist for complex legal files that also require a solid technical grounding. Since 2005, he has primarily been active as a lawyer at the bar of Brussels.Hans frequently acts as a legal advisor to the European Commission in several policy areas, including electronic signatures, identity management, privacy protection and e-procurement. In 2007 he co-founded time.lex. His recent assignments center mainly around data protection (privacy protection), cloud computing, open source software development and geographic information systems.


• 11.45: Coffee Break

• 12.15 : Gain visibility and control on your digital footprint, by Stijn Vande Casteele of Sweepatic

Based on studies, research and field experience, we know that companies lack visibility and control on how they are perceived from the outside. By not having this dynamic view at hand, security, risk & privacy stakeholders are struggling to put answers against simple questions like: "What data do I have exposed and accessible from the internet?" “What personal data is my company leaking?” “How is this data misused by actors with bad intent?” Do I have more data leaks then the industry average?” During this presentation Stijn will talk about some of the challenges companies face today with regards to their digital footprint. He will also explain the solution fit to complement your organisation GDPR program with a "outside-in" solution that will support your GDPR readiness and compliance now and in the future. 
About Stijn Vande Casteele: Stijn is co-founder and CEO of Sweepatic.com He’s a seasoned cyber security expert with 15 years of experience and has gained industry recognition based on his business insights and technical hands-on delivery in large cyber security engagements. Stijn holds an MSc in Information Security from University of London, Royal Holloway and has several active industry certifications

• 12.50: Awareness & Training...only for the DPO? By Erik Luysterborgh, Partner Privacy & Data Protection at Deloitte
As Senior Manager at Deloitte, Maarten provides pragmatic and business-focused advice on privacy and data protection-related matters. He is a proactive and results-oriented legal professional with a strong expertise in international privacy and data protection law gained as a qualified Belgian and Spanish lawyer at high-profile international law firms in both Brussels and Barcelona. He further obtained in-house experience as Head of European Privacy and Compliance at a major international health services company. Maarten is the Faculty Leader of the European Privacy Academy and a former member of the European Advisory Board of the International Association of Privacy Professionals (IAPP). He is also a frequent speaker and chair at privacy events.


13.30: Networking Lunch

Governance & DPO

 14.15 : Unified data protection controls to smooth the path to compliance, 
by Matt Logan, Director of Field Engineering for EMEA, LATAM and India at Digital Guardian (London)
GDPR brings far reaching new requirements for companies processing EU citizen data. Many organizations are struggling to understand where they stand and which combination of people, process and technology they will need to become compliant. This presentation will outline the role Data Loss Prevention (DLP) technology can play in a GDPR program, including an explanation of key functions of DLP such as data discovery, data classification and data egress controls. We will outline how these functions can be used for initial planning and assessment of the GDPR compliance gap, as well as for a fuller program which supports the Data Protection Officer, breach notification processes and general protection of sensitive personal data against insider threats and advanced attackers.
About Matt Logan: Matt specialized in the Data Protection space in 2007 and he is currently the Director of Field Engineering for EMEA, LATAM and India at Digital Guardian. Matt worked at Symantec, McAfee and CSC building, managing and selling Enterprise scale Data Protection programs and technologies. For his 4 years at Digital Guardian, Matt has been instrumental in leading growth and maturity in Technical Sales within EMEA.

 15.00: UMA, an Open Standard for Consent-Driven Personal Data Sharing, by Chris Adriaensen, Senior Customer Engineer at ForgeRock
One of the key elements of the GDPR is the requirement to obtain explicit user consent with respect to personal data processing and sharing; basically putting the user back in the centre of the processing of his own personal data. But what if these consents could be translated into technology as more than just virtual flags, actually tying into a core standards-based technology, that not only gives users centralised control but also provides organisations with standardised tools, speeding up their developments and easing integration with one another in a modern API-driven world? UMA, short for User-Managed Access, is an extension on top of the widespread OAuth 2.0 standard which exactly focuses on providing such standardised tools.
About Chris Adriaensen: Chris has been passionate with digital identity, privacy and security for about 10 years now. Upon receiving his Master’s degree in Computer Science Engineering at the University of Leuven (KUL) he was presented the opportunity to lead an interesting new start-up in Eindhoven focused on mobile technology. Later on he became part of a global team of identity and privacy architects at Verizon, former Cybertrust // Ubizen, and as such got involved with various strategic private and/or public identity initiatives. Currently aboard identity and privacy platform provider ForgeRock, revived out of Sun Microsystems, he enjoys enabling organisations through effective use of identity and privacy technologies.

• 15.45: Data Protection Officer, quite a job! By Thomas Van Gremberghe, lawyer at Erkelens Law

Thomas advises on a wide range of Data Protection issues including e-marketing and employee monitoring, with a particular focus on International Transfers of Data. Thomas regularly assists clients with Privacy Impact Assessments and Compliance Programmes relating to data-rich products and services embedding smart technologies. He is also active in IT law matters, including IT contracts and e-commerce

16.30: Discussion: Governance & DPO
with Thomas Van Gremberghe, lawyer at Erkelens Law

• 17.00 Closing Notes by Ulrich Seldeslachts

• 17.15 Reception

• 19.00 End of Event


Session Materials:

Materials are now available for download. Attending to the event was free, but we charge a minor fee for the materials in order to ensure some income for the organization. As a non-profit organization, due to tax reasons, a small charge is asked to cater for the incurred costs. You will be transferred to Payloadz.com and be asked to pay for 121 € (100 € excl, 21% VAT). You will be able to receive an invoice if you leave your company details and PO number. Once paid, you will receive a downloadlink to download the .zip with all materials. 

LSEC continues to support creating awareness on information security, will try to lower the barrier for ict security professionals. With this mechanism, all attendees have evaluated the value of the presented materials and can easily contribute to the future activities. 

 

Practical Details & Registration

GDPR Session 2: Personal Data
Atos -
Caprese building of The Corporate Village in Zaventem

 

 

LSEC for Security Professionals

lsec-prof

LSEC for Security Companies

lsec-com

 

LSEC for enterprise & government

lsec-gov

 

LSEC for academia & research institutes

lsec-research

Request information about LSEC Membership

Click here

Sign up for our newsletter

Click here

Learn more about current projects & industry collaborations

Click here

Contact us

Click here

logo-acdcec

Privacy | Disclaimer | Responsible Disclosure Copyright LSEC - Leaders In Security 2002 - 2017 - Kasteelpark 10, 3001 Heverlee - Leuven | tel. +32.16.32.85.41