Print this page

Data Privacy 101: Using Technology to Close the GRC Gap

032422TN

Recorded:    May 19 | 2022      Attend

Data privacy continues to make headlines and be a concern for many organizations. According to a recent study by CNBC, 23.1% of the 39 CFOs see cyber-attacks as the number 1 external risk to their company.

The average total cost of a data breach is $3.62 million, the global average cost per record is $141, the average data breach size is 24,089 records, and the odds of experiencing a data breach are as high as 1 in 4. With global regulations such as the GDPR and CCPA in place and more coming into effect as privacy practices mature,companies must take a very intentional review of the data they collect and how that data is processed across departments to comply with emerging privacy regulations.

How is your organization managing data privacy? Does your board, executive team, and regulators have the confidence that the risk is being adequately addressed across your value chain? Join this webinar as our panel of experts discuss how to use technology to close the GRC gap and acheive data privacy, including:

  • Define and maintain a set of policies and procedures that indicate the expectations necessary to manage data privacy.
  • Evaluate the control environment and provide evidence of sustainable risk management practices.
  • Organize omni-channel data and manage privacy concerns from both a GRC and organizational perspective.
  • Translate legislation to business activities to ensure conformance with applicable laws.
  • Incorporate globally accepted frameworks.

 

Moderator

colin whittakerColin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. Since that election he hasn't moved far from the PCI domain. In 2010 he moved to Visa Europe and became the Vice President Payment System Risk with responsibilities for designing and operating the Visa Europe PCI compliance strategy for European merchants and service providers. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe, and for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. In 2015 he went independent and currently provides cyber security risk consultancy services to a wide range of public and private companies. Colin has presented on Information Security at major events around the world, and has published a number of papers on security.

DHDavid Hawkins, Director, Consulting Engineer, BitSight. David has been in the security industry for just over 20 years. His background includes both IT security as well as physical security. David has served as the Technical Vice Chair of the Open Security Exchange, co-authoring the PHISBITs security protocol which was intended to help integrate physical and IT security. On the Information Security side, David has been part of the engine behind responding to security questionnaires, writing security product and procedural documentation, and speaking on various topics to include identity management, secure file sharing, and advanced threat protection. As a consulting engineer with BitSight, he is focused on helping companies with risk, compliance, technology, and program development. His goal is to promote the continued maturity of the security ratings industry into a discipline that holistically considers information security, data protection, technology, and business risk as a unified concept.

KyleKyle Martin, Associate Vice President, Customer Success – Integrated Risk Management at NAVEX. Kyle has over a decade of leading risk and compliance professionals across multiple industries. With product specific consulting and implementation experience, he works directly with customers and his teams to create the ideal customer experience. Kyle leverages his product management background to coach efficient Integrated Risk Management (IRM) use and adoption, while his project management and customer service background allows him to communicate goals through all levels of the customer organization. At NAVEX, Kyle currently manages all aspects of the IRM Customer Success Organization.

Lecio HeadshotLecio DePaula currently serves as Vice President of Data Protection for KnowBe4, where he focuses on navigating global data protection requirements and ensuring KnowBe4 meets its data protection standards. He began his career at a privacy tech company, where he became an expert in all things U.S. privacy, with a specific focus on HIPAA compliance. He now leads KnowBe4's effort in protecting its information assets on premise and in the cloud. DePaula has extensive expertise in many European and United States privacy laws, such as GDPR, CCPA, and HIPAA. His primary focus is bridging the gap between privacy and security to create a robust data protection program. DePaula holds a CISSP as well as an AWS/Security certification and is currently a Fellow of Information Privacy certified. He is also certified by the IAPP and is a Certified Information Privacy Professional for Canada, Europe, and the United States.

bradmcadams144Brad McAdams, Director, Solutions Engineering at OneTrust has spent his entire career in GRC. Starting off in consulting, before taking a brief stint in industry, Brad has now spent the last 12+ years working with various GRC software providers.