Welcome and scene-setting

Keynote Address: POPIA as an enabler of business in the data driven digital era and not an impediment to new innovations and profitability.

Many organisations are not seeing the business opportunities that come with being fully compliant to POPIA. Our speaker will unravel all the business benefits that are unlocked by embracing POPIA

Keynote Address: How to realise ROI from your GRC initiatives?

Just like any other business functions, Governance, Risk and Compliance initiatives are expected to realise returns for them to successfully serve the business. Thus; this presentation will explore the various ways of showing and even calculating the value that a GRC program will add to your organization. The speaker will tackle, among other issues, the following:

Keynote Address: Are you forgetting about unstructured data and email in your journey to POPIA Compliance?

Most of the focus on POPIA compliance has centred around the collection and processing of structured data. This is data found in marketing systems, customer relationship managements systems, financial systems, enterprise resource planning systems or human resource systems, which are all linked to relational databases. But POPIA requires organisations to protect personal information in all its forms. In this keynote we’ll explain how to ensure POPIA compliance for semi-structured data such as email as well as other forms of unstructured data such as information on shared drives or social media platforms.

POPIA sets out 8 conditions for lawful processing of personal information. Condition 7 - security safeguards - is arguably one of the most important. Email security is a key consideration for these security safeguards. That’s because email is more than a communication mechanism or an archive of semi-structured data, it’s the most targeted vector for most organisations, with 9 out of 10 cyber-attacks starting with email. And having the right measures in place to secure data is a key part of achieving compliance.

The importance of thorough due diligence in the protection of customer data

In order to protect clients personal information, financial service providers and other organisations need to conduct thorough due diligence when dealing with third parties. Not only does this protect their customers but also the organisation from any reputational damage caused by possible leakage of data. 

Five Steps to Overcome Data Overload: Using Data Discovery & Risk Formulas to Standardize Risk at Scale

Every organization is working to reduce the delay between issuing a risk assessment, receiving a response, gaining risk insight, and making a risk-based decision. Risk insights quickly lose value as time elapses from the initial assessment request. Businesses should leverage the digital workstreams to collect information as updates occur using data discovery tools to find, document, and classify in real-time.

Exploring your data universe can be an overwhelming exercise, giving you more information than you know what to do with in certain circumstances. Using careful data classification methods and flexible risk formulas, organizations can map information to harness real-time updates through a data discovery engine to fuel and standardize risk at scale with the latest information. This session will review that you can quickly connect enterprise data through automated data discovery and translate the data into meaningful risk insights.

• Identify data across business applications for the latest risk insight
• Automatically categorize information to deliver meaningful insights across risk, compliance, and your executive teams
• Explore a new way to aggregate and standardize risk using real-time data points
• Understand the concentration of risk across risk domains to quantify risk using risk formulas

Panel Discussion: Strengthening your compliance, audit and risk mitigation protocols and systems after experiencing a cyber-attack

Cyber-attacks are most likely to happen to any company in any shape or form. This is especially relevant with the global pandemic as there is too much reliance on staff protecting information security from the comfort of their own homes. Due to the fact that a cyber-attack is likely to strike anytime, organisation place reliance on their compliance, audit and risk mitigation protocols. The pandemic has also challenged ways in which the Audit, Risk and Compliance function in other organisations. It is therefore imperative for the panel discussion to discuss key issues affecting the Audit, Risk and Compliance during the pandemic, the following key points will be considered:

• How to manage a cyber-attack using the combined assurance perspective?
• Do you proactively manage cyber risks as a combined assurance forum? How do you manage these risks?
• Is the CISO in your organisation a role player in the combined assurance forum?
• What are your views regarding the best ways to prevent future cyber-attacks?

Chairman’s welcome

Dealing with a data breach – steps and protocols to follow in containing the breach

COVID-19 and social distancing has created an unprecedented shift in consumer behavior towards digitally-enabled merchants and service providers. And while global fraud rates are at an all-time low, there has been an increasing trend in both the variety and quantity of breach incidents. This session will explore the proactive steps Visa is taking to maintain trust in the payments ecosystem – with a specific focus on the technologies to detect and mitigate risk, and the support provided to members once a breach is identified.

• The Payments Threat Landscape
• Visa’s Payment System Risk Detection and Breach Management Capabilities
• Best Practices for Mitigating Against Breaches
• Security Predictions for the Near and Medium Term

The rise of POPIA as a value driver - five aspects to cover

As the COVID-19 pandemic has taken grip of the world, causing economic downturns, it has arguably become the single most defined driver for digital transformation.

South African organisations are on the road to compliance, but have a significant journey ahead of them. This is due in part to the fact that the area of data privacy has been largely unregulated, save for disparate pieces of legislation that are industry specific, as well as certain voluntary obligations that were not adopted on a substantial scale.

In order to ensure that an organisation is sufficiently enabled to comply with the provisions of POPIA and derive value, a cross-functional, multidisciplinary, fully integrated privacy team is required. The team should have regulatory, cyber security, data management and analytics, representation to ensure alignment with the key aspects of POPIA.

POPIA creates an opportunity to revolutionise the way in which business is conducted in South Africa, and truly usher in the Fourth Industrial Revolution.

A company journey towards GDPR compliance

Chairman's welcome

How to implement continuous compliance and audit processes in order to effectively mitigate risks in a fast paced digital era?

The importance of integrating GRC into the mainstream business activities

How AI, cloud and other new technologies are affecting GRC?