This is based on a session presented at the Privacy+Security Forum in Washington, DC, chaired by Professors Daniel Solove and Paul Schwartz. This is a live, updated version of the original session.

Together, security and privacy teams share a common goal: Protect the organization from reputational damage, lawsuits, and regulatory trouble. On one hand, ISO 27001 focuses on the assessment of risks and protection of the organization. On the other, the GDPR aims to assess and protect the rights and freedoms of individuals.

With a joint goal in mind, it is crucial that security and privacy teams work together to develop a common language that produces greater productivity and takes advantage of collective efforts.

During this webinar OneTrust will present findings from research conducted in cooperation with the International Association of Privacy Professionals (IAPP), sharing how ISO 27001 and the GDPR overlap, as well as how security and privacy teams can work together to become more effective. 

What we will cover:  

• ISO 27001: The International Information Security Standards designed to protect organizations.

GDPR: The General Data Privacy Regulations designed to protect individuals.

Where ISO 27001 and GDPR overlap.

Lessons from the joint IAPP / OneTrust Research.

Best Practices for security and privacy teams to collaborate for greater efficacy.

Plus, get answers to your questions via real-time chat.

Speaker Bios


Alex Bermudez serves as Privacy Consulting Manager of the Americas at OneTrust -  the global leader in privacy management and marketing compliance software.  In his role, Bermudez leads OneTrust’s team of Solution Consultants across the Americas, working with emerging and enterprise companies on data protection regulation solution implementations, focused on building and scaling global privacy programs. Bermudez has presented on a variety of privacy and security topics, providing deep insight into regulatory issues and practical approaches to compliance. Additionally, he helps facilitate OneTrust’s PrivacyConnect workshops across North America. Prior to OneTrust, Bermudez spent several years at a leading Healthcare Information Technology services organization where he gained valuable experience working with national healthcare providers to implement HIPAA-compliant workflow solutions. Education: University of South Carolina, B.S.  Certification:  Certified Information Privacy Professional (CIPP/E, CIPM).

 

Leon Ravenna is Chief Information Officer at KAR Auction Services Inc., a FORTUNE® 600 company with $3.7B in revenue and 18,000 employees. KAR operates worldwide vehicle auction services and provides related services including whole car auctions, salvage and a complete range of financial and logistical support. Leon’s primary responsibility is to drive global security and privacy culture and execution throughout the organization to protect customers and employees. He is an expert on privacy law in the U.S. (including the California Consumer Privacy Act), U.S. Government, Canada and the EU, and risk and compliance frameworks including ISO27001, PCI, FISMA, SOC, SOX, HIPAA and GDPR. He leads vendor management and participates in mergers and acquisitions due diligence and integration. Education: Taylor University, B.S. Computer Science & Business. Certifications: Certified Information Privacy Professional (several types), Project Management Professional, and more.

Mark Thomas is an internationally known Governance Risk and Compliance expert specializing in information assurance, IT risk, IT strategy, service management and digital transformation.  As a former Army officer with over 28 years of professional experience, Mark has a wide array of industry experience including government, finance/banking, manufacturing, and technology services. He has held roles spanning from CIO to IT consulting and is considered a thought leader in frameworks such as COBIT, NIST, ITIL and multiple ISO standards.