Governance, Regulation & Compliance


Education Level: Intermediate

4217 - 'Fitting' EU GDPR Controls into Your Enterprise and Security Architecture

Monday, September 25
11:00 AM - 12:00 PM

The European Union General Data Protection Regulation is a huge culture change for those U.S. companies doing business within the EU or with EU citizens, and those who store these users' data in the United States. Companies must implement, enforce and measure compliance with controls that will change their workforces' behavior and allow EU citizen access to data to an extent not required by most other nations. Failures in compliance carry stiff penalties up to 4 percent of a company's annual worldwide gross sales.

This session is part of a two-part presentation. It includes an overview of EU GDPR requirements, highlighting the differences in analogous U.S. requirements, and a case study showing the security architectural elements required to implement some aspects of GDPR requirements.

Learning Objectives:

Harvey Nusz

Business Information Security Officer
Insurance Industry

Harvey Nusz, CISSP, CIPM, CISA, CRISC, CGEIT, is the BISO for JLT Holdings, an insurance broker based in London. Harvey is in their Houston office, and heads up the effort to comply with GDPR and the NYS DFS Cybersecurity Regulation, as well as other regulations and industry standards.

Harvey spoke on GDPR at the 2016 Security Congress and wrote a series on the legislation for the (ISC)² membership magazine. Additionally, he's participated in two webinar panel discussions and presented at this year's Kuppinger Cole’s European Identity and Cloud Conference in Munichand at Ping’s Cloud Identity Summit in Chicago.


Send Email for Harvey Nusz

Kevin Stoffell

Cybersecurity Architect
Battelle Memorial Institute

Kevin Stoffell is currently a cybersecurity architect with the Cyber Architecture and Advisory Services Division of the Cyber Innovation Unit at the Battelle Memorial Institute. He has more than 20 years of experience in information systems operations and information systems security in academia, military and commercial environments. Kevin assists both federal and commercial clients with the evaluation, design and implementation of effective cybersecurity architectures and the characterization of cyber-related risk based on both specific and general threat scenarios. He also performs architecture analysis and security auditing functions for a diverse set of clients.

Kevin has been an authorized (ISC)² Instructor since 2009 and incorporates his experience as an active security practitioner into his instructional delivery.


Send Email for Kevin Stoffell


4217 - 'Fitting' EU GDPR Controls into Your Enterprise and Security Architecture

MP3 Audio Slides Video

Attendees who have favorited this

Please enter your access key

The asset you are trying to access is locked. Please enter your access key to unlock.

Send Email for 'Fitting' EU GDPR Controls into Your Enterprise and Security Architecture