GDPR (The European Union General Data Protection Regulation) Introduction seminar

5th February, 2019, Jamaica



Kersi F. Porbunderwalla

President and CEO

Is the President and CEO of The EUGDPR Institute and Secretary-General of Copenhagen Compliance®. He functions as an advisor, teacher, instructor, researcher, commentator and practitioner on Data Protection and Data Privacy, Governance, Risk Management, Compliance and IT security (GRC), Bribery, Fraud and Corruption (BFC) and Corporate Social/Stakeholder Responsibility (CSR) issues.


Secretary General and CEO, Nordic Federation of Public Accountants (NRF)

Secretary General and CEO, Nordic Federation of Public Accountants (NRF) from 2010, involved in the development of the accounting profession in the Nordic region (Denmark, Finland, Iceland, Norway and Sweden), where NRF functions as the Nordic resource for the purpose of optimizing the Nordic accounting profession’s contribution to and influence on European and global affairs affecting the accounting profession, with particular emphasis on regulatory affairs and the European and global accounting organizations (Accountancy Europe & IFAC); as well as initiating and coordinating joint Nordic projects to develop the accounting profession in the Nordic region.

Jamaica Stock Exchange e-Campus & EUGDPR Institute
Data Protection and You
Draft Agenda
At the Jamaica Pegasus Kingston Jamaica

5th February 2019
08:30 – 9:30 Opening Session: Why is data protection important and the ways not having a mechanism to protect data can negatively impact an organization
Proposed Speakers
9:30 – 10:30 Session 1: The risk and reward relationship of a prudent data control policy within an organization
10:30 – 10:45 *** BREAK ***
10:45 – 12:30 Current trends in the data protection industry
12:30 – 1:30 *** LUNCH ***
1:30 – 3:30 Impact of global data protection legislations on a company’s operations
3:30 – 3:45 *** BREAK ***
1:30 – 3:30 Territorial scope: GDPR applies to organisations:
  • Processing personal data as a controller or processor in your respective jurisdiction (regardless of whether the processing takes place in the respective jurisdiction).
  • Processing personal data as a processor on behalf of a client controller subject to GDPR even if based outside the Jurisdiction,
  • that are not established in the jurisdiction, but process personal data about data subjects who are in the respective jurisdiction in relation to:
    • offering goods or services to them, irrespective of payment by them, or
    • monitoring their behaviour taking place within the jurisdiction

6th February 2019
8:30 – 9:30 Direct processor obligations: Data processors have direct obligations under the GDPR when processing on behalf of client controllers in relation to matters including data security, international data transfers, appointment of sub-processors and security breach notification
9:30 – 10:30 International transfers: The GDPR codifies new adequate safeguards for data transfers outside the respective jurisdiction, including:
  • binding corporate rules
  • standard contractual clauses approved by a local supervisory authority
  • approved codes of conduct
  • approved certification mechanisms.
10:30 – 10:45 *** BREAK ***
10:45 – 12:00
  • Preparing for data protection regulations
  • The need for Data Protection Officers (DPO)
  • Changing the cultural mindset
  • Embracing the change in cultural mindsets
12:30 – 1:30 *** LUNCH ***
1:00 – 3:30
  • Identify the potential breaches in your current Organisation.
  • Roles & Responsibilities of the Data Protection Officer &Conducting a Personal Data Inventory Audit.
  • Conduct a Risk Assessment Audit at your own Organisation to determine gaps and risks.
  • Information Security: Policy, Templates & Tools
3:30 – 3:45 *** BREAK ***
1:30 – 3:30
  • Deploy & document implementation of tools such as Notices to address information security gaps in your own organisation.
  • Creating & Implementing Data Protection Policies / Initiatives
  • effective Privacy /Data Protection programme management