Developing a GDPR-Ready Incident & Breach 72-Hour Action Plan
Under the GDPR, data controllers are required to notify their supervisory authority when a personal data breach occurs, unless it is unlikely to result in risks to the rights and freedoms of individuals. The notification needs to be done without undue delay, no later than 72 hours after the controller has become aware of the breach (with some exceptions). It is crucial for organizations to understand their obligations and the details of this tight timeline as well as the risk-based triggers, and what they entail. In this session, we'll review the personal data breach rules under the GDPR.
Privacy, Governance & Risk Management
Ian Evans, Managing Director EMEA, Onetrust
Ian Evans serves as Managing Director for EMEA at OneTrust, a global leader in privacy management and marketing compliance software which helps organisations operationalise data privacy compliance and Privacy by Design. Evans is a diversified senior executive with over 20 years of experience in data privacy and CRM technology applications and services. Evans supports thousands of multi-national brands across EMEA, leading the delivery of technology solutions to secure and privatise customer and employee personal information under new privacy regulations. Prior to OneTrust, Evans served as Vice President and Managing Director for EMEA at AirWatch (acq. by VMware in 2014 for $1.54B).