Managing Data Breaches under UKGDPR
November 27, 2019
9:30 am - 1:00 pm
This unique event will engage and challenge the audience about data breach preparations. Using ‘Timeline’ approach, the presenters will walk you through the process of a data breach from the eyes of a business, as the clock literally ticks down against the GDPR 72 hours notification deadline.
Compliance and security experts will lead you through a major data breach incident through the eyes of the hacker, the Board, IT Department, and the DPO – using a realistic scenario based on their own experience from responding and investigating numerous real-life data breaches.
In this “one-of-a-kind” event, you will learn first-hand from experts in the field, what it looks like to have to deal with a major security incident including:
- Discovering the breach (often doesn’t work as planned)
- Managing the 72-hour reporting deadline. When, what and how to report.
- Avoiding disastrous mistakes in the communication process
- Post incident can present significant challenges
- Breach Preparations. Steps you can take now to minimise the risk, impact and pain of a data breach
Igor Yuklyanyuk – Security Researcher
Igor is an experienced Senior Penetration Tester who has also conducted numerous data breach and forensic investigations. He will start the event by showing a practical demonstration of how a hack, similar in nature to the British Airways breach happened, – and how it was possible with all the checkpoints that were missed.
James Chalmers – UKGDPR
James is an ISO27001 Lead Auditor and Lead Implementor and has created and implemented privacy and security programmes at some large UK institutions and regulators. He will be giving the view of the business as information becomes available to, them and illustrate why their role and urgent decisions are often harder than first anticipated.
Nick Baskett – UKGDPR
Nick is an experienced DPO and has project managed dozens of incident responses over the last 17 years. He will present and discuss the impact from a privacy perspective and explain why a DPO might need to challenge the information presented to him, and how and why they should advise the board. He will share some personal experiences from the front-line, including major incidents that needed reporting to the Supervisory Authority.
Ryan Manyika – OneTrust
Ryan is a Certified Information Privacy Professional (CIPP/E) and a Privacy Consultant at OneTrust. He will discuss how using a dedicated compliance platform can help during an incident, including identifying the data categories and privacy risks to support a report/no-report decision. Post the incident, organisations should expect an increase in Data Subject Access Requests (DSAR’s) which can be often overwhelming. OneTrust will show how their system can be used to manage a sudden increase in DSAR activity.
At the conclusion, there will be an interactive Question and Answer session with the panel.
Demo booths will be available after the presentation where you can get hands on with the tools we use. There will also be a light networking lunch.
Each attendee will receive a free copy of UKGDPR’s new “Running successful DPIA’s” handbook. It compiles advice from the European Data Protection Board, along with best practice Risk Assessment methodology based on ISO 31000 in an easy to read format with diagrams and cheat sheet.
Venue: Marriott County Hall Hotel