16th of November 2022 CENTRAL EUROPEAN TIME (CET)



The global GRC regulatory landscape is complex and constantly changing, and good governance, risk management, compliance, and IT security are top priorities at all international levels.

  • Many compliance mandates originate from the USA, with 300+ million pages of regulatory documents and hundreds of daily alerts.
    • With is a potential for huge fines and significant reputation damage.
  • If not structured, GDPR/GRC issues dominate the corporate compliance landscape with duplication of efforts and overreach.
Timing Topics/Speakers. The morning session on Good Governance Issues
– 9:00 Registration
9:20 – 9:30 Welcome Remarks, Lady Olga Maitland, Conference Chairman
9:30 – 10:00
Managing Data Subjects’ rights under a Data Breach?
  • address the pressure on disclosures from stakeholders
Lorenza Villa, Lawyer – GDPR Consultant & Data Protection Officer
10:00 – 10:30
How to create a GDPR governance structure that will withstand disruptive events but can adjust to succeed?
  • To address diversity, workforce equity and inclusion of their workforce.
Prof. Hernan Huwyler, CPA, MBA, Universidad Internacional de La Rioja and Danske Bank
10:30 – 11:00
How to enforce and implement GDPR/GRC processes to manage regulatory changes at a large scale
  • Value of assessing and prioritising Good Governance in the GDPR/GRC Compliance program
David Cauchi, Group Head of Privacy, LeoVegas Group
11:00 – 11:15

Tea Break. Before Lunch sessions on global Risk Management issues

11:15 – 11:45
How can risk management officers identify and leverage benchmark data and report on GDPR KPI’s
  • Set risk appetite and determine if the risk management program is appropriate
Emmanuel Fragnière, Professor, HES-SO Valais-Wallis
11:45 – 12:30

The Compliance Paradox: How Good IT Governance Can Optimise Privacy, Security and Risk Management

  • Do you over-comply? The compliance team’s primary function is to apply already established rules:
  • How to work within ever-expanding mandatory boundaries and processes and the internal compliance initiatives?
Scott Bridgen, Head of GRC, OneTrust GRC
12:30 – 1245
Panel discussion with all speakers
What are the components that make corporate risk management successful and to avoid the GDPR/GRC black holes.
  • Define the goals, the pitfalls and how to document and demonstrate evidence
All speakers
12:45 – 1:15 Lunch Break. Afternoon sessions on global compliance issues
1:15 – 1:45
Post Brexit: Assessing the GDPR/GRC compliance program to Create Operational Resiliency
  • Promoting corporate values and developing compliance skill set for the future

Gareth Garvey, Director, British Chamber of Commerce
1:45 – 2:15
How does GDPR/GRC compliance relate to operational resiliency?
  • How do your Compliance activities contribute to or detract from the resilience of your organisation
Paula Silva Lopes, Portugal Legal Summit, Lawyer, Trainer in global GDPR Issues
2:15 – 2:30
Panel discussion with all speakers
How can the current compliance processes lay the foundation for an integrated GDPR/GRC approach for more excellent operational resiliency?
  • Resources and tools to help manage the new types of threats and events.
2:30 – 2:45 Tea Break. Final sessions on Data Privacy, Data Protection and GDPR issues
2:45 –


Understand the main GDPR-related privacy trends of the past three years
  • How organisations have managed the developments
  • The future and implications of ongoing privacy developments involving the GDPR and other global mandates
Anny Pinto Zeballos, SVP Global Privacy Officer & Legal Head Group IT and Digital, The Adecco Group
3:15 –


How to prepare the business for a variety of GDPR compliance threats
  • Implementing and monitoring the GDPR and Information Security threats through training and awareness in a global organisation
Michael Svendsen, Information Security Manager, Governance, Risk & Data Privacy, Pandora IT
3:45 –


How to develop a strategy that ensures compliance and brings a competitive advantage to the business?
  • What are the business opportunities stemming from GDPR compliance?
  • How to build a vision that can help your company to achieve some of its goals?
Silvestra Valciukaite, Privacy Lead, Vinted / Kleiderkreisel
Tomas Martinkenas, Director of Engineering, Privacy and Security, Vinted/ Kleiderkreisel
4:15 –


Final Q&A with all speakers and Chris Cassell, Onetrust. Closing remarks
*Conference Program is subject to change. The conference language is English
Conduct a workshop to boost your knowledge and address the GDPR/GRC, IT and Cybersecurity challenges in the organisation

Below are a few pointers and components to help develop, structure, improve, refine and sharpen your hands-on capabilities on the data you need to address the GRC/GDPR challenges.

These subjects can be used as a practical checklist or a workshop schedule to provide the techniques for implementing or updating the GRC/GDPR compliance program to fit the current organisation needs. You can also use these areas to get inspiration to ask questions during the seminar:

  • IT Security and Data Breach
    • How can we prevent abuse or misuse of personal data
    • How do we address violations
    • What are the remedies that we use to correct the faults and errors?
  • Privacy by Design: Understanding the Mandates and The Practical Dimensions
    • What is the legal basis of IT and cybersecurity compliance in the organisation?
    • How to ensure consistent consent from data subjects to secondary processing
    • The review of the audit process for implementing change in personal processing data?
  • Data Privacy Impact Assessments: The Full Picture
    • How should regularly reviews the data and process (regular data flow mapping, audits, risk assessments and reviews) ensure the legal basis has not changed
    • How is the personal information is collected and used?
    • Do we use data precisely for the purpose it was collected
  • Top Operational Responses to GDPR: What To Do and When
    • We walk through a couple of step-by-step experiences.

The realities of data breach notification and responses require exceptional in-house communication (with information on what to do before, during, and after an incident occurs) to prepare the organisation for a violation, handle tricky multi-jurisdictional legal notices.

Therefore, if you are uncertain that your team is ready for the biggest digitisation, transformation and data protection reform in 20 years, this workshop will help you prepare. Together with an IT Security manager, the two experts offer a practical, hands-on view of the essential assessment of the GDPR with knowledge about key concepts, scope of application, individual rights, core principles, compliance in practice, accountability, data protection impact assessments and more.

Key takeaways:

  • The immediate actions to take when presented with a potential data breach
  • How to handle cybersecurity and lower the risks and exposure to IT and data breaches
  • Regulatory Developments; Info security, Trans-Border Data Flow,
  • Learn practical techniques for the implementation of a privacy program fitting your organisation
  • Learn from two industry veterans who will help highlight the differences between the new regulation and earlier directives

Bootcamp moderators; Kersi Porbunderwalla Secretary-General Copenhagen Compliance UK Ltd.

Conduct a DPO Day in your organisation. AGENDA

IT Governance Issues

How To Prepare For The Data Breach And The Ethics Breach

  • Break down the difference between a data breach and an ethics breach.
  • Define the key insights from recent data breaches and learn how to avoid these mishaps
  • Gain an incident and breach toolkit to prepare the organisation ahead of a breach

Developing GDPR and Data Privacy, Data Protection Policies

  • The structural basis of the GDPR Policies, procedures and Frameworks
  • GDPR as a platform for improving IT Concepts
  • Developing Privacy as a competitive advantage- leveraging the investment

Post-GDPR Effects

  • Post-GDPR landscape in European jurisdictions
  • Enforcement actions against EU companies under the GDPR;
  • Guidance issued by local regulators touching on Data Protection Impact Assessment and Data Protection Officers

Guidance Issued By Local Regulators And Review Of The Latest GDPR Publications:

  • Data Protection Impact Assessment and Data Protection Officers
  • EDBP Guidelines on certification
  • European Cybersecurity Act incl.
  • European Cybersecurity Certification Framework

Establishing Data Privacy Culture & Risk Assurance

  • Embedding privacy culture within the company & Privacy by design measures;
  • Conducting privacy impact assessments;
  • Risk management at the corporate group level

GDPR Compliance Issues

Case Study; Overview Of GDPR Project At Company ABC

  • The Key Compliance challenges
  • The Corporate perspective vs Client point of view
  • Important Implementation Lessons Learnt

GDPR 3.0 – Supporting The GRC and IT Security Momentum

  • Best practices in data management and security
  • DPO 2.0 The journey continues…
  • Disclosures and Notification obligations beyond GDPR

How to Harmonise Data Protection In A Diverse Context?

  • Diverse context (multiple businesses, entities, territories, authorities/ DPAs, control approach, etc.)
  • Networking and stakeholder’s coordination
  • Approach cross-context DP processes (DPIAs, data breach, DPA request, etc.)
  • Generate trust through 3rd party assessment

Moving GDPR From Programme Implementation to Business as Usual

  • A three-year GDPR programme transition is needed.
  • Embedding and integration of Risk Management processes is essential
  • Continued focus and management attention for success is critical

GDPR Risk Management Issues

GDPR And Pseudonymization Solutions – Enabling Further Processing And Lowering Risks

  • General legal and organisational requirements for pseudonymisation examples
  • Data protection focus group on pseudonymisation
  • How to eliminate the risk of Data Breach with Intelligent Pseudonymisation of Personal Data

GDPR; The Solutions and Processes for Lowering Risks

  • The need for further processing for analytical and other significant data processes
  • The need for risk reduction
  • Risk Assessments: The Touchpoints

Minimising Privacy Risk From A Global Data Processor’s Perspective

  • DPO, Controller or Processor? – (and the risk of mixing roles)
  • Minimising the aggregate privacy risk vs contract sharing
  • Using a Data Processor modular DPIA and data flow
  • Leveraging Binding Corporate Rules as Data Processor

GDPR Cyber-and IT Security Issues

Responding to Data Breaches – The Different (Lawyer, Corporate, Oversight) Perspectives

  • Regulatory guidance and evolving practice under the GDPR
  • The thresholds for notification requirements under the GDPR
  • Legal considerations: Privilege, self-incrimination
  • Contractual aspects and insurance

Privacy and Data Protection in The Age of Big Data & Algorithms

  • Big data & Privacy: main challenges
  • Privacy and security by design as the way forward in the age of big data
  • Big data and algorithms: challenges and opportunities

Ensuring Privacy and Concealing Biometric Data

  • Concealing biometric PII with de-identification
  • PII from facial recognition to avoid identity theft
  • Privacy challenges in the age of facial recognition
  • Lessons from the latest incidents involving facial recognition misuse
  • Methods for dealing with AI-driven facial recognition

GDPR; How Can the Assessment of IT And Technical Measures Generate Trust

  • High relevance due to the high amount of IoT devices
  • Technical measures and State-of-the-Art required by the GDPR
  • The need for further processing for analytical and other significant data processes
  • Data Scrambling Vs. Mapping techniques