NJ ISACA - General Data Protection Regulation (GDPR) Primer and Vendor Risk Management.


This one-day seminar covers General Data Protection Regulation (GDPR) Challenges and Vendor Risk Management. 


Session I - General Data Protection Regulation (GDPR) Primer:

Scott Margolis, Executive Director - EY Advisory Service

Maroo Ghil, Manager – EY Advisory Services

The General Data Protection Regulation (GDPR) (EU Regulation 2016/679), effective May 25, 2018, gives EU citizens control and protection of their personal data. Data controllers, who determine the purpose and means of processing personal data, and processors, who process for controllers, are primarily affected. Penalties for non-compliance could cost an organization up to 4% of annual global revenue or €20 million whichever is greater.

This session will cover:

  • What is GDPR?

  • What

  • Who is impacted?

  • Who does the regulation apply to?

  • What are the requirements of the regulation?


Session II - Vendor Risk Management

Neil Kaufmann, Executive Director – EY Advisory Services

Driven by globalization and strategic imperatives, organizations continue to increase their reliance on third parties for nearly every phase of their businesses. It can be challenging for organizations to effectively monitor and manage these relationships and those risks relating to vendor management.  Even though an enterprise-wide understanding of what constitutes a third party may seem obvious, some companies fail to capture all types of third parties in their risk considerations.

This session will cover:

  • Trends in today’s business

  • Typical Vendor Management Life Cycle

o   Vendor Selection

o   Service Delivery

o   Service Adjustment

o   Contract Review

o   Discussion of performance as regards various metrics

o   Action points from previous review meetings;

o   Areas of improvement;

o   Support needed to drive project improvement,

o   etc.

  • Issues in managing risks associated with acquisitions or divestitures that change a company’s structure and operations

  • Challenges in capturing all types of third parties in their risk considerations

  • Challenges in addressing risks from all the source-regulatory, product quality, data integrity, Foreign Corrupt Practices Act, etc.

  • Gaps between companies and their vendors and other third parties in managing people and systems as well as managing risk.

Who Should Attend

  • Supplier Risk Analysts

  • IT Risk Analysts

  • Third Party Vendor Analysts

  • Internal Auditors

  • IT Audit and Control Analyst

  • Compliance Management analyst

  • Privacy Management Analyst

  • Vendor Supplier Risk Analysts

  • Internal Audit Management

CPEs: 7*(Type: Auditing)

* Continuing Professional Education Credits are estimated and based on the Continuing Professional Education requirements of the New Jersey Board of Accountancy (NJ BoA.) Actual CPEs (1 CPE credit for 50 minutes) are calculated based on actual instruction time and attendance.

Please note that NJ BoA now requires a more stringent monitoring of meeting attendance. Attendees who arrive late, leave early or are absent from the seminar room for extended periods, will have their CPE certificate adjusted accordingly.

  • When

  • Thursday, April 19, 2018
    8:00 AM - 5:00 PM

  • Where

  • Hanover Manor
    26 Eagle Rock Avenue
    East Hanover, New Jersey 07936

  • Capacity

  • 60 (-1 remaining)

Outlook Outlook
iCal iCal
Google Google
Yahoo! Yahoo!