NJ ISACA - General Data Protection Regulation (GDPR) Challenges and Vendor Risk Management.


This one-day seminar covers General Data Protection Regulation (GDPR) Challenges and Vendor Risk Management. 


Session I - General Data Protection Regulation (GDPR) Challenges


Stefanie Ash, Senior Manager – Data Privacy EY

Hardik Mehta, Senior Manager – Risk Advisory EY

GDPR is the new legal framework in EU and will be effective on May 25, 2018 for all the countries in EU.. GDPR will change data protection requirements globally and not just in Europe. Individuals, organizations and companies that are either 'controllers' or 'processors' of personal data will be covered by the GDPR. With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organizations, and to individuals. If you’re in a U.S. based multinational enterprise doing business in the EU, you should be  awared that the European (GDPR) deadline is May 25, 2018. Non-compliant companies will face hefty fines of up to €20 million or 4 percent of global annual revenue, whichever is

greater. Non-EU companies will be a particular target of these higher fines.

This session will cover:

  • What is GDPR?
  • How is the impact of GDPR in Europe?
  • How is the impact of GDPR in US?
  • The use the sector based risk approach in assessing GDPR impact in businesses
  • Enabling GDPR leveraging GRC technologies


Session II - Vendor Risk Management


Presenter:          Neil Kaufmann, Executive Director – TPRM EY

Driven by globalization and strategic imperatives, organizations continue to increase their reliance on third parties for nearly every phase of their businesses. It can be challenging for organizations to effectively monitor and manage these relationships and those risks relating to vendor management.  Even though an enterprise-wide understanding of what constitutes a third party may seem obvious, some companies fail to capture all types of third parties in their risk considerations.

This session will cover:

·         Trend in today’s business

·         Typical Vendor Management Life Cycle

o   Vendor Selection

o   Service Delivery

o   Service Adjustment

o   Contract Review

o   Discussion of performance as regards various metrics

o   Action points from previous review meetings;

o   Areas of improvement;

o   Support needed to drive project improvement,

o   etc.

·         Issues in managing risks associated with acquisitions or divestitures that change a company’s structure and operations

·         Challenges in capturing all types of third parties in their risk considerations

·         Challenges in addressing risks from all the source-regulatory, product quality, data integrity, Foreign Corrupt Practices Act, etc.

Gaps between companies and their vendors and other third parties in managing people and systems as well as managing risk.

Who Should Attend

  • Supplier Risk Analysts

  • IT Risk Analysts

  • Third Party Vendor Analysts

  • Internal Auditors

  • IT Audit and Control Analyst

  • Compliance Management analyst

  • Privacy Management Analyst

  • Vendor Supplier Risk Analysts

  • Internal Audit Management

CPEs: 7*(Type: Auditing)

* Continuing Professional Education Credits are estimated and based on the Continuing Professional Education requirements of the New Jersey Board of Accountancy (NJ BoA.) Actual CPEs (1 CPE credit for 50 minutes) are calculated based on actual instruction time and attendance.

Please note that NJ BoA now requires a more stringent monitoring of meeting attendance. Attendees who arrive late, leave early or are absent from the seminar room for extended periods, will have their CPE certificate adjusted accordingly.

  • When

  • Thursday, April 19, 2018
    8:00 AM - 5:00 PM

  • Where

  • Hanover Manor
    26 Eagle Rock Avenue
    East Hanover, New Jersey 07936

  • Capacity

  • 30 (30 remaining)

Outlook Outlook
iCal iCal
Google Google
Yahoo! Yahoo!