TISA - Tax Incentivised Savings Association - Training Event

GDPR and PSD2 Data Security for Business Managers, Risk & Compliance

Tisa -

GDPR and PSD2 Data Security for Business Managers, Risk & Compliance

From May 2018 the new EU Regulation makes changes to the way that organisations handle personal data, along with other regulations affecting financial firms including the 4th Money Laundering Directive and second Payment Services Directive. Are you ready to guide your firm through implementation and ongoing compliance?

The UK has been at the forefront of consumer data protection for over twenty years and has had a great influence on the direction of the EU General Data Protection Regulation. But even though UK firms have started with an arguable advantage and a dynamic regulator, many may not have completed their entire compliance projects by the deadline. The UK Government is further taking GDPR legislation into its own Data Protection Bill (2018) which also incorporates other EU legislation such as the Network and Information Systems Security Directive. The size of fines potentially levied under GDPR rules alone up to 4% of global turnover for large businesses has brought this to the attention of board members.

Understanding and interpreting GDPR and related legislation is complex, and very time consuming. These fundamental changes will affect many areas of your business.

This workshop covers all the information needed to get firms prepared for the new directive/ you will:
Understand the rationale behind GDPR
Realise how GDPR fits into the broader legislative landscape
Identify the key changes from UK Data Protection Act 1998 and the associated challenges and opportunities
Discuss the main misconceptions around GDPR
Gain a practical approach to implementation and compliance and prioritise the areas requiring most urgency
Identify changes to business processes from end to end
Understand enforcement issues, implementation problems and implications for crisis management
The data security aspects of PSD2 and how GDPR overlaps with these components of PSD2

The landscape of data protection, e-Privacy and e-Security:
The background to GDPR, key misconceptions, differences from Data Protection Act 1998, the role of the Information Commissioners Office and other regulators, understanding the regulatory landscape (including the European Commission, PSD2, 4MLD, NIS Directive, MiFID II and the Competent Authorities in other member states)

The regulation in detail:
Six principles, core concepts, scope (geographical, participants, types of data), Importance of legitimacy of processing, reporting, fines, remediation. organisational requirements, data protection officers, international considerations, overlap with PSD2

Creating an implementation project:
the importance of governance and board oversight, preparation, data subject request handling, data breach preparation, supply chain assessment.

Minimising disruption and building a remediation:
Adopting an outcomes-based approach to regulation, managing risk: knowledge, awareness and training, addressing key challenges and managing a number of new rules, how to manage concerns before the directive is finalised.

This session will be delivered by Jonathan Williams. As a strategist in a financial services firm for ten years, currently with MIDAS Alliance, he has spent a lot of time looking at regulatory compliance and specifically the issues of overlapping and contradictory regulations. MIDAS Alliance is sponsor of the BSI Digital Identification and Authentication Code of Conduct of which Jonathan is co-author. Jonathan has extensive experience in identity, payments and fraud in working with UK corporates and banks in the UK and across Europe.

This session will run from 09:30 - 17:00 with registration at 09:15.

Members: 410
Non-members: 810
(VAT exempt)

This training course is endorsed by the CISI for CPD requirements. CISI members pay a discounted rate and can book via the link below. To receive your discount as a CISI member, please enter the discount code provided by the CISI.