
General Data Protection Regulation (GDPR)
All tools, solutions, services, strategies and challenges around the EU's General Data Protection Regulation (GDPR), which is in force from May 2018.
GDPR

Michael La Marca
Associate, Hunton Andrews Kurth
Mike La Marca advises multinational clients on compliance with all federal, state and international privacy and data security laws, and managing privacy and cybersecurity risks and policy issues. He also regularly assists companies with developing and implementing their information security programs and addressing related governance issues. La Marca has managed several large-scale cybersecurity incidents, including advising on data breach response and notification obligations. He also regularly assist clients with negotiating and drafting privacy and data security terms in commercial contracts and M&A transactions. Mike is a certified information privacy professional (CIPP/US) by the International Association of Privacy Professionals (IAPP).

Kristen Mathews
Partner, Morrison & Foerster LLP
Kristen Mathews currently serves as a partner in Morrison & Foerster's Global Privacy + Data Security Group. For more than 20 years, her practice has focused on advising clients on the full spectrum of the most complex privacy and cybersecurity issues, including regulatory and compliance matters. An early leader in the privacy sphere, Mathews has developed comprehensive knowledge and long-term perspective, cultivated a client base across a broad range of industries, and established herself as one of the top lawyers in her field.

Andy Roth
Chief Privacy Officer, Intuit
Andy Roth is a long-time privacy rights advocate, the Founder of venture-backed payments startup Privacy.com and former Chief Privacy Officer of American Express (voted "Most Trusted Company for Privacy" five years in a row under his leadership). He served as a panelist on the SEC Cybersecurity Roundtable and is a trusted advisor to senior management and boards of directors adhering to the highest standards of ethics and integrity. Roth advises clients on a wide range of technology-driven issues including global privacy and security laws, data strategy, crisis management, fintech, blockchain and diligence in M&A, IPSs, private equity and venture deals.

Randy Sabett
Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP
A former NSA crypto-engineer, Sabett brings to Cooley LLP his extensive experience in data security, privacy, licensing and IP. Sabett has managed numerous data breach responses involving major retailers, financial and healthcare organizations, and on-line service providers. He served on the Commission on Cybersecurity for the 44th Presidency and has been recognized as a leader in privacy and data security in the 2007-2014 editions of Chambers USA. Sabett is a member of the board for the Georgetown Cybersecurity Law Institute and the Northern Virginia chapter of ISSA. He also is a frequent lecturer and author, and has appeared on or been quoted by a variety of national media sources.

Jonathan Armstrong
Partner, Cordery
Jonathan is an experienced lawyer with Cordery in London with a concentration on compliance and technology. His practice includes advising multinational companies on matters involving risk, compliance and technology across Europe. He has handled legal matters in more than 60 countries involving bribery and corruption, corporate governance, ethics code implementation, reputation, internal investigations, marketing, branding and global privacy policies. Jonathan has been particularly active in advising multi-national corporations on their response to the UK Bribery Act 2010 and its inter-relationship with the U.S. Foreign Corrupt Practices Act (FCPA).
Jonathan is one of three co-authors of the LexisNexis definitive work on technology risk, "Managing Risk: Technology & Communications". He is a frequent broadcaster for the BBC and other channels.
In April 2017 Thomson Reuters listed Jonathan as the 6th most influential figure in risk, compliance and fintech in the UK. Jonathan was recently ranked as the 14th most influential figure in global data security by Onalytica in their 2016 Data Security Top 100 Influencers and Brands Survey.
In addition to being a lawyer, Jonathan is a Fellow of The Chartered Institute of Marketing. He has spoken at conferences in the U.S., Canada, China, Brazil, Singapore, Vietnam, the Middle East and across Europe. Jonathan qualified as a lawyer in the UK in 1991 and has focused on compliance and technology matters for more than 25 years.

Richard Henderson
Head of Global Threat Intelligence, Lastline
Richard Henderson is Head of Global Threat Intelligence, where he is responsible for trend-spotting, industry-watching, and evangelizing the unique capabilities of Lastline's technologies. He has nearly two decades of experience and involvement in the global hacker community and discovers new trends and activities in the cyber-underground. He is a researcher and regular presenter at conferences and events and was lauded by a former US DHS undersecretary for cybersecurity as having an "insightful view" on the current state of cybersecurity. Henderson was one of the first researchers in the world to defeat Apple's TouchID fingerprint sensor on the iPhone 5S. He has taught courses on radio interception techniques multiple times at the DEFCON hacker conference. Henderson is a regular writer and contributor to many publications including BankInfoSecurity, Forbes, Dark Reading, and CSO.

Gustavo Neves
Senior Information Security analyst and Data Privacy Consultant, Dognaedis, a PROSEGUR company
Gustavo Neves has an academic background in Mathematics and Computer Sciences. In 1999, he went to work for the Foundation for National Scientific Computing, and in 2002 initiated his participation in the first formally established cyber-security incident response service in Portugal - CERT.PT. He obtained certifications in the area of incident response from the European TRANSITS program and from the Software Engineering Institute of Carnegie Mellon University in the USA. In 2013, he became Manager of Security Services at FCT-FCCN, which included services such as CERT.PT and the national cyber-tipline for reporting child abuse content on the Internet ("Linha Alerta"), and was member of the executive board of Portugal's National CSIRT Network. In 2015, he joined Dognaedis as senior cyber-security consultant and security incident coordinator. He is also member of the executive board of the National Association of Data Protection Officers and Other Privacy Professionals (ANDPO).

Jaymin Desai
Offering Manager, OneTrust
Desai serves as the Offering Manager at OneTrust VendorpediaTM - part of the largest and most widely used technology platform to operationalize third-party risk, security, and privacy management. In his role, Desai is responsible for driving the development and delivery OneTrust's third party risk management product as well as driving the refinement of the toolset and offerings. He works with clients to centralize their vendor information across business units, assess risks based on use cases and relevant standards like CSA, CAIQ, SIG, GDPR and CCPA while also monitoring threats to seamlessly mitigate vendor risks throughout the engagement lifecycle. Desai takes a customer-based approach to product development and derives the majority of his backlog from customer feedback and direction.

Thom Langford
former CISO, founder, (TL)2
As Chief Information Security Officer of Publicis Groupe, Thom Langford was responsible for all aspects of information security risk and compliance as well as managing the Groupe Information Security Programme. Additionally he was responsible for business continuity capabilities across the Groupe's global operations. Having successfully built security and IT programmes from the ground up Langford is an international public speaker and award winning security blogger. He is also the sole founder of Host Unknown, a loose collective of three infosec luminaries combined to make security education and infotainment films.

Jay Kramer
Partner, Data Privacy and Cyber Security Practice Group, Lewis Brisbois Bisgaard & Smith; former Supervisory Special Agent, FBI - NY Cyber Division
Jay Kramer is a partner with the firm Lewis Brisbois Bisgaard & Smith, specializing in Data Privacy and Cyber Security. Prior to moving to the private sector, Kramer served as supervisory special agent, FBI, New York division. After working for several years in the FBI's racketeering and organized crime section, Kramer joined the FBI's legal bureau in New York. As an FBI attorney, Kramer helped analyze and resolve complex issues of law and policy in criminal and national security investigations. In 2010, Kramer accepted an assignment in the FBI's Office of Congressional Affairs in Washington, D.C. There he worked closely with several congressional committees on issues related to proposed changes in federal law. In 2013, to insure the FBI's readiness to address a growing portfolio of cyber investigations, Kramer was called upon to help stand up the FBI's Cyber Law Unit in Chantilly, VA. In 2014, Kramer returned to the New York office, where he remained until he left the bureau in 2016.


Rudra Murthy
CISO, Digital India, Ministry of Home Affairs
Murthy is an IT and security evangelist with diversified leadership experience in strategizing, architecting and executing IT and information security services. Currently he is CISO for Ministry of Home Affairs under Digital India program. Formerly, he has held positions like CISO for India's prestigious program UIDAI, senior principal consultant, program manager and advisor for very large scale programs across the globe. He has proven leadership skills in management of large teams, complex programs, and customer portfolio across government, telecom, IT and BSFI industry segments.

Srinivas Poosarla
Head - Global Privacy & Data Protection, Infosys Technologies
Srinivas Poosarla currently serves as Head - Global Privacy & Data Protection for Infosys Technologies, where he has been for nearly 20 years. In addition to his vast experience at InfoSys, he is also an active member of committees, boards and advisory groups working toward common privacy and cybersecurity goals.

Latha Reddy
Distinguished Fellow, East West Institute, New York & Former Dy. National Security and Cybersecurity Adviser of India
Latha Reddy is the former Deputy National Security Adviser of India. In addition to assisting National Security Adviser Shiv Shankar Menon, she was responsible for cybersecurity and other critical internal and external security issues. Reddy served in the Indian Foreign Service from 1975-2011. During her diplomatic career she served in Lisbon, Washington D.C., Kathmandu, Brasilia, Durban, Vienna and Bangkok. Reddy served as Ambassador of India to Portugal (2004-2006) and to Thailand (2007-2009). She was Secretary (East) in the Ministry of External Affairs in Delhi (2010-2011) with overall charge of India's bilateral and regional relations with Asia. She was then appointed as India's Deputy National Security Advisor in the Prime Minister's Office from 2011-2013.

Sanjay Sahay
Additional Director General of Police - Cyber, Karnataka Police
Sanjay Sahay belongs to the 1989 batch of the IPS, borne on Karnataka cadre and is an accomplished officer with a high degree of professionalism in wide and varied assignments. He has achieved 360 degrees of experience in all policing tasks while simultaneously maintaining keen interest in all staff functions and a passion for usage of appropriate technology in policing at all levels and in all fields. His important assignments provided significant value addition to his professional persona. He is credited to have created an Enterprise Resource Planning (ERP) software, the Police IT, Broadband networking and Data Center for the Karnataka State Police. He has immense expertise in a broad band of technologies like TETRA, Geospatial Technology, ERP, Cyber Security, Cloud Computing and Big Data.

Richard Curran
Security Officer EMEA, Intel Corporation
Curran is the Security Officer EMEA for Intel and is responsible for business development and coordination of security solutions and strategies across market segments from enterprise and Government to Cloud and IoT. For the past 18 months, Curran has been supporting customers with GDPR consulting and also is a member of security strategies forums for governments. He has been working for Intel for 17 years and had held various leadership roles. He has 35 years of industry experience and a strong personal brand in the EMEA IT industry. He previous led business organizations in Solutions Marketing EMEA, covering markets in Enterprise Computing, Cloud/Big Data, HPC, SMB, Telco, Business Development Sales Director EMEA and Consulting Services Director EMEA. During his career he was worked in a number of multinational companies including Compaq Computer EMEA & Concurrent Computer Corporation.

Bill Hackenberger
VP Data Security, HyTrust
Hackenberger has more than 25 years of executive experience building and leading engineering and business teams in security companies of many sizes. A serial entrepreneur, he has founded four startups and has focused on enterprise security and data protection for the past 15 years. Most recently, Hackenberger was the CEO and the co-founder of HighCloud Security (acquired by HyTrust in 2013) He is now focused on using HyTrust's model of secure governance and data protection for high-security, compliance-driven environments. Bill has developed HyTrust's model for helping companies meet their regulatory compliance obligations, including the new demands of GDPR.

Thomas Fischer
Global Security Advocate, Digital Guardian
With more than 20 years of experience, Thomas has a unique view on enterprise security with experience across multiple domains from policy and risk management, secure development and enterprise incident response and forensics. Thomas has held roles varying from a security architect for a large fortune 500 company to consultant for both industry vendors and consulting organizations. Thomas currently plays a lead role as the principal researcher for threat analysis and malicious activity at Digital Guardian (when he is not organizing and preparing the next Security B-Sides London event).

Imran Ahmad
Partner - Blake, Cassels & Graydon LLP
Imran Ahmad is a Partner at Blake, Cassels & Graydon LLP with a specialization in technology, cybersecurity and privacy law. As part of his cybersecurity practice, he works closely with clients to develop and implement practical strategies related to cyber threats and data breaches. He advises on legal risk assessments, compliance, due diligence and risk allocation advice, security, and data breach incident preparedness and response. In addition, Ahmad acts as "breach counsel" in the event of a cybersecurity incident, such as a data or privacy breach. He also provides representation in the event of an investigation, an enforcement action or a litigation. He is the author of Canada's first legal incident preparation and response handbook titled Cybersecurity in Canada: A Guide to Best Practices, Planning, and Management (LexisNexis, August 2017). He advises on licensing, outsourcing and service-provider arrangements, as well as on other commercial matters with respect to carrying on business over the internet, the cloud and the digital environment. In his privacy law practice, he advises clients on compliance with all Canadian federal and provincial privacy and data management laws. He has a particular focus on cross-border data transfer issues and enterprise-wide governance programs related to privacy and information governance

Sunil Chand
Canada Security Leader, CGI
Sunil Chand is a security management professional with more than 20 years of experience. Prior to joining Grant Thornton LLP, he held the role of Director, Information Security Consulting Services for TELUS Security and Chief Information Security Officer for a number of other organizations. Furthermore, he has developed and executed go-to market strategies for Governance, Risk and Compliance and Threat and Vulnerability Assessment services, corporate information security strategies aligned to organizations' business goals, among other recognized accomplishments.

Tom Field
Senior Vice President, Editorial, ISMG
Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Randy Sabett
Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP
A former NSA crypto-engineer, Sabett brings to Cooley LLP his extensive experience in data security, privacy, licensing and IP. Sabett has managed numerous data breach responses involving major retailers, financial and healthcare organizations, and on-line service providers. He served on the Commission on Cybersecurity for the 44th Presidency and has been recognized as a leader in privacy and data security in the 2007-2014 editions of Chambers USA. Sabett is a member of the board for the Georgetown Cybersecurity Law Institute and the Northern Virginia chapter of ISSA. He also is a frequent lecturer and author, and has appeared on or been quoted by a variety of national media sources.

Jeremy King
International Director, PCI Security Standards Council
Mr. King leads the Council's efforts in increasing adoption and awareness of the PCI Standards globally. In this role, Mr. King works closely with the Council's General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC-managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors (ASVs), Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), PCI Forensic Investigators (PFIs), and related staff in supporting regional training, certification, and testing programs.

Thom Langford
former CISO, founder, (TL)2
As Chief Information Security Officer of Publicis Groupe, Thom Langford was responsible for all aspects of information security risk and compliance as well as managing the Groupe Information Security Programme. Additionally he was responsible for business continuity capabilities across the Groupe's global operations. Having successfully built security and IT programmes from the ground up Langford is an international public speaker and award winning security blogger. He is also the sole founder of Host Unknown, a loose collective of three infosec luminaries combined to make security education and infotainment films.

Polly Ralph
Barrister and Solicitor, UK Data Protection Strategy, Legal and Compliance Services, PwC
Polly Ralph currently serves as a Director and member of the leadership team in PwC's Data Protection Strategy, Law and Compliance Services practice. She started her career in data protection/privacy in 2004, as an Investigations Lead at the New Zealand Privacy Commission. Since then, she has worked as a Privacy lawyer at the New Zealand Police National Headquarters, Senior Privacy Counsel at the BBC, and Group DPO at Domestic & General (a UK-headquartered insurance company). Since joining PwC UK in January 2016, Ralph has led large-scale GDPR projects and advised on ePrivacy, marketing, outsourcing, technology and international transfer issues. She has deep experience leading GDPR training sessions, including for PwC's international network of firms.

Mathew J. Schwartz
Executive Editor, DataBreachToday & Europe
Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.
Session Contributors
Senior Information Security analyst and Data Privacy Consultant, Dognaedis, a PROSEGUR company
Read BioPartner, Data Privacy and Cyber Security Practice Group, Lewis Brisbois Bisgaard & Smith; former Supervisory Special Agent, FBI - NY Cyber Division
Read BioDistinguished Fellow, East West Institute, New York & Former Dy. National Security and Cybersecurity Adviser of India
Read BioBarrister and Solicitor, UK Data Protection Strategy, Legal and Compliance Services, PwC
Read Bio