This is based on a session presented at the Privacy+Security Forum in Washington, DC, chaired by Professors Daniel Solove and Paul Schwartz.  Join us for one or all of our replays of this outstanding event! 

Together, security and privacy teams share a common goal: Protect the organization from reputational damage, lawsuits, and regulatory trouble. On one hand, ISO 27001 focuses on the assessment of risks and protection of the organization. On the other, the GDPR aims to assess and protect the rights and freedoms of individuals.

With a joint goal in mind, it is crucial that security and privacy teams work together to develop a common language that produces greater productivity and takes advantage of collective efforts.

During this webinar OneTrust will present findings from research conducted in cooperation with the International Association of Privacy Professionals (IAPP), sharing how ISO 27001 and the GDPR overlap, as well as how security and privacy teams can work together to become more effective. 

What we will cover:  

• ISO 27001: The International Information Security Standards designed to protect organizations.

GDPR: The General Data Privacy Regulations designed to protect individuals.

Where ISO 27001 and GDPR overlap.

Lessons from the joint IAPP / OneTrust Research.

Best Practices for security and privacy teams to collaborate for greater efficacy.

Plus, get answers to your questions via email at

Speaker Bios

Alex Bermudez serves as Privacy Consulting Manager of the Americas at OneTrust -  the global leader in privacy management and marketing compliance software.  In his role, Bermudez leads OneTrust’s team of Solution Consultants across the Americas, working with emerging and enterprise companies on data protection regulation solution implementations, focused on building and scaling global privacy programs. Bermudez has presented on a variety of privacy and security topics, providing deep insight into regulatory issues and practical approaches to compliance. Additionally, he helps facilitate OneTrust’s PrivacyConnect workshops across North America. Prior to OneTrust, Bermudez spent several years at a leading Healthcare Information Technology services organization where he gained valuable experience working with national healthcare providers to implement HIPAA-compliant workflow solutions. Education: University of South Carolina, B.S.  Certification:  Certified Information Privacy Professional (CIPP/E, CIPM).

Jennifer Oliver joined MoginRubin LLP in 2017 after nearly ten years practicing as a complex business litigator in the New York office of Weil, Gotshal & Manges LLP. Jennifer’s practice is focused on privacy and antitrust, as well as complex business and investment litigation. Her previous clients include General Electric, Lehman Brothers, Bridgestone, Washington Mutual, The Walt Disney Company, ESPN, The Dow Chemical Company, General Motors, The Port Authority of New York and New Jersey, Forbes, and American Airlines. Education: Jennifer earned her B.S. (Business Administration), M.B.A., and J.D. degrees from the University at Buffalo, each with honors, where she also served as the Vice President of the undergraduate student body and was an editor of the Buffalo Law Review and Buffalo Intellectual Property Law Journal. Jennifer is admitted to practice law in the Southern District of New York, Eastern District of New York, Northern District of California, Central District of California, and Southern District of California, and is an IAPP Certified Information Privacy Professional. Jennifer was recently awarded with the 2018 International Advisory Experts Award for Complex Business Litigation in California. Jennifer is also a frequent commentator on the MoginRubin Blog.

Leon Ravenna is Chief Information Officer at KAR Auction Services Inc., a FORTUNE® 600 company with $3.7B in revenue and 18,000 employees. KAR operates worldwide vehicle auction services and provides related services including whole car auctions, salvage and a complete range of financial and logistical support. Leon’s primary responsibility is to drive global security and privacy culture and execution throughout the organization to protect customers and employees. He is an expert on privacy law in the U.S. (including the California Consumer Privacy Act), U.S. Government, Canada and the EU, and risk and compliance frameworks including ISO27001, PCI, FISMA, SOC, SOX, HIPAA and GDPR. He leads vendor management and participates in mergers and acquisitions due diligence and integration. Education: Taylor University, B.S. Computer Science & Business. Certifications: Certified Information Privacy Professional (several types), Project Management Professional, and more.

Mark Thomas is an internationally known Governance Risk and Compliance expert specializing in information assurance, IT risk, IT strategy, service management and digital transformation.  As a former Army officer with over 28 years of professional experience, Mark has a wide array of industry experience including government, finance/banking, manufacturing, and technology services. He has held roles spanning from CIO to IT consulting and is considered a thought leader in frameworks such as COBIT, NIST, ITIL and multiple ISO standards.