Date: 21 Feb 2017, 8:30 - 12:00
Host: AIG, Osvald Helmuths Vej 4, 2000 Frederiksberg
Have you taken the right steps to protect the privacy of your customer data in both US and Denmark, considering new rules and regulations? Are you properly protecting your company’s computers, networks, programs, and data from unintended or unauthorized access, change, or loss?
Among the many interesting points, we heard about the importance of compliance not just to avoid fines, but also because the level of compliance has an impact on the value of your company if you are considering selling in the future. In Denmark, IT security is often rather high, but the organizational culture is not prepared, because Denmark is a “trust” culture, so companies should consider preparing on the soft side as well.
Implementation of GDPR has so far been mostly by the largest companies, but small and medium are increasingly paying attention, as the rules effective May 25, 2018 will cover these companies too, though there are still many issues to be clarified regarding what the requirements will be on the various industry sectors.
Members were encouraged to set up a strong data foundation, and work in cross functional groups (not just IT or Legal, but also HR, Compliance, Marketing, Sales) to document what data they have, where their data is going, and who has access to it. It was suggested that in addition to proper documentation, companies should set up dashboards to be able to clearly control the various aspects of compliance such as allowing consumers to opt in to various levels of permission regarding their data, stopping or suppressing individuals, erasing individual’s data, setting user rights for the company data of various types, and more. The requirements do vary between US and Europe (for example in Europe you MUST delete a job applicant’s data within 6 months whereas in US you should have it for perpetuity!), so it’s good to get legal advice from global advisors or advisors in each of your local markets.
All in all, compliance with the upcoming European data privacy rules should not be feared, even if the risks of fines will be much greater after May 2018. Instead companies should see this as as way to build consumer trust that your company is capable of managing their data properly.
Members received the presentations. We’ll soon list a set of links where you can get up-to-date information on how even small and medium companies can prepare for and tackle implementation.
Einar Dyrhauge, Executive Director, Danish-American Business Forum
Data protection – future risks and sanctions
Thomas Munk Rasmussen, Partner, Bech-Bruun
Learn more about the current risks and sanctions when processing customer data, also when data is crossing EU’s borders. Thomas will focus on some of the cardinal points in especially the coming EU-regulation and give some good advice on how to tackle the challenges
Making the most of the GDPR opportunity
Lindsay McEwan, EMEA GM, Tealium
There are a lot of concerns in the marketplace given the changes to data compliance laws through the incoming GDPR, but Tealium believes this creates a compelling event to drive improvements in customer engagement. Lindsay McEwan will give insight into how global businesses are overcoming challenges to take advantage of the opportunity GDPR presents
Coffee and Networking Break
Thomas Wong, Principal Security Consultant, Ezenta
Ezenta, a highly-ranked Danish IT security company, has seen many cases where Danish companies have lost valuable data. They will address how companies lose data, why it happens and what precautions can be taken to prevent it from happening in the future
Last line of defense – when cyber-insurance becomes critical
Chris Valentin, Cyber Practice Leader, AIG
A Cyber-attack is considered one of the major threats to businesses today, hence the increased focus on how to secure the operation. AIG will walk you through how a cyber-insurance policy practically interacts with the business and its operational line of defense. Real life claims examples will be provided, which will help to better understand the economic impact of such attacks. Finally AIG will suggest how businesses can adapt their cyber coverage to the insurance needs of the not so distant future
Wrapup and Q&A
Light networking lunch