On February 18, the XIII Privacy Forum held by ISMS Forum -International Information Security Community- and its working group, the Data Privacy Institute (DPI), was held online.
Our CEO, Iago Fortes, attended the event telematically along with more than 500 professionals from the privacy and data protection sector who gathered at this event, which covered topics such as:
- Privacy governance models
- Data breach management according to the latest EDPB Guidelines
- Security and privacy risks associated with third parties
- International data transfers and tools to ensure a higher level of compliance.
The event’s tracks were opened with presentations by Bruno Gencarelli, Deputy to the Director & Head of Unit for International Data Flows and Protection – DG Justice and Consumers (European Commission); and Ventsislav Karadjov, President of the Bulgarian Data Protection Board (European Data Protection Board).
The round table of Track 1, “The state of the art in enterprise privacy“, revolved around the GDPR Maturity Study conducted by the Data Privacy Institute’s Observatory on the level of GDPR maturity in Spain. The experts compared statistics and assessed the level of compliance adopted by companies, as well as the evolution of the figure of the DPO and its challenges in the coming years.
In the Track 2 round table “Data Governance: privacy and security risks”, a debate was organized in relation to the organization of data protection in the companies of the invited experts, addressing the figure of the DPO and the role of the CISO, as well as their interaction and the confrontation of problems related to the management of third party risks or the correct implementation of the RGPD and the NIS Directive.
Participants in this round table were Francisco Lázaro Anguis, CISO and DPO (RENFE); Josep Bardallo, CIO, CISO and DPO (Recoletas Group); Susana Rey Baldomir, DPO (Euskaltel); Alfonso Menchén, DPO (Iberdrola); Raúl Gordillo, Regional Sales Manager Iberia (Pcysys – Automated Pentesting) and Vicente de la Morena Baena, Territory Manager (RiskRecon, A Mastercard Company).
From this table we can highlight that the most mature companies have both a Security Committee and a Privacy Committee, which although they are different groups, they do share all the necessary information and work on many of the projects together, having very aligned interests and no conflicts, especially when the primary objective of the two groups is legal compliance. In addition, it was emphasized that both always work with proactive risk management.
Capping off the 13th ISMS Forum and DPI Privacy Forum was Peter Winn, Acting Chief, Office of Privacy and Civil Liberties, U.S. Department of Justice, speaking on privacy governance by design:
“The U.S. Department of Justice believes that governance from privacy is based on three fundamentals: compliance, law, and trust (…) data protection authorities must always make hard choices about where to direct their limited resources. The United States has learned a lot from the General Data Protection Regulation and I have great respect for the work that has been done to implement it…”