We are delighted to confirm that Senior Information Security Project Manager Alexandra Khammud will speak at PrivSec & GRC Connect London.

 Taking place March 12 and 13 at Park Plaza, Riverbank, London, PrivSec & GRC Connect London provides a platform for organisations to address the cumulative nature of risk.

PrivSec & GRC Connect London’s comprehensive agenda is led by subject matter experts, business chiefs and industry leaders, giving attendees a deep-dive into challenges and solutions on the rapidly evolving GRC landscape.

Event speaker, Alexandra Khammud is a Senior Information Security Project Manager (Data Protection and Privacy Engineering) specialising in IT SOX Audit and Operational Audits (e.g. CyberSecurity, Privacy, Cloud).

Alexandra will be at PrivSec & GRC Connect London to discuss the UK’s new version of the Data Protection and Digital Information Bill, and what the revision means for British businesses and their trading partners.

Below, she answers questions on her professional journey and introduces the key issues of her PrivSec & GRC Connect London session.

 

UK Data Protection Bill No.2 – What has changed?

  •  Tuesday, 12th March 2024 (Day 1), 10:00 – 10:40am GMT
  • Theatre: Privacy & Security (P&S)

Click here to register for free to PrivSec & GRC Connect London


 

 

Could you briefly outline your career pathway so far?

I embarked on my professional journey at Delivery Hero, where I started as a Legal Associate in August 2019. During my three months there, I gained valuable insights into the legal intricacies of the business world, setting the foundation for what would become a dynamic career in data protection and cybersecurity.

Eager to expand my horizons, I joined RSM International in October 2019 as an IT Audit and Data Protection Consultant. Over the course of a year and two months, I delved into the realm of data protection consulting and audit activities, performing cybersecurity and privacy audits. Engaging in international audit engagements across Europe, I managed to blend my legal background with the technical intricacies of IT controls, governance, and risk management.

Building on this enriching experience, I transitioned to Activision Blizzard in November 2020 as an IT and Cybersecurity Auditor. In this role, I focused on cybersecurity audits, SOX compliance, and privacy assessments, advising on the implementation of robust security measures and contributing to effective cyber risk management.

My journey at Activision Blizzard evolved further as I assumed the role of Senior Project Manager for Data Protection, Privacy, and Information Security in November 2022. Over the past year and a month, I’ve been at the forefront of managing privacy projects, ensuring alignment between legal and tech teams, and providing guidance on compliance activities.

Collaborating with internal and external stakeholders, I’ve played a pivotal role in the development and delivery of strategic cross-functional projects, with a keen focus on compliance requirements.

Each step in my career has been a building block, contributing to a holistic skill set that seamlessly blends legal acumen, IT expertise, and project management skills. The challenges and successes along the way have shaped me into a professional ready to navigate the complex and ever-evolving landscape of data protection and cybersecurity.

How does the UK government’s new version of the UK Data Protection and Digital Information Bill differ from the first?

The new version of the UK Data Protection and Digital Information Bill likely incorporates feedback from stakeholders and experts, addressing concerns raised during consultations and parliamentary debates.

It may include additional provisions for data breach notifications, stronger penalties for non-compliance, and clearer guidelines on cross-border data transfers. Furthermore, advancements in technology and changes in societal expectations regarding privacy may also influence the updated bill’s provisions.

What changes will organisations need to make in order to accommodate the new Bill?

Organizations will need to undertake several steps to accommodate the new Bill. Firstly, they may need to review and update their data handling policies and procedures to ensure alignment with the new regulatory requirements. 

This could involve conducting thorough data audits, implementing robust data protection measures, and providing regular training to employees on data privacy practices. Additionally, organizations may need to invest in new technologies or security systems to enhance data security and encryption.

Obtaining explicit consent from individuals for data processing activities and establishing procedures for handling data subject requests, such as access and deletion requests, will also be crucial for compliance. Finally, organizations may need to designate or appoint a data protection officer to oversee compliance efforts and serve as a point of contact for regulatory authorities.

Alexandra Khammud explores these issues in depth at PrivSec & GRC Connect London

when she moderates the session: UK Data Protection Bill No.2 – What has changed?

On 8 March 2023, the UK government presented a new version of the UK Data Protection and Digital Information Bill. As with the previous bill, the new bill aims to alleviate the burden of compliance with the UK GDPR and its implementing UK Data Protection Act (2018) for organisations based in the UK, or trading with the UK.

So, what are the main proposed changes, and how will organisations be affected? Tune into this exclusive session to find out.

Also on the panel…

Details

UK Data Protection Bill No.2 – What has changed?

Theatre: Privacy & Security (P&S)

Time: 10:00 – 10:40am GMT

Date: Tuesday 12 March 2024 (Day 1)

The session sits within a packed agenda of insight and guidance at PrivSec & GRC Connect London taking place March 12 and 13, 2024.

Discover more at PrivSec & GRC Connect London

GRC, Data Protection, Security and Privacy professionals face ongoing challenges to help mitigate risk, comply with regulations, and help achieve their business objectives - they must… 

  • Continually adopt new technologies to improve efficiency and effectiveness.
  • Build a culture of compliance and risk awareness throughout the organisation.
  • Communicate effectively with stakeholders and keep them informed of GRC activities.

PrivSec & GRC Connect London takes you to the heart of the key issues, bringing together the most influential GRC, Data Protection, Privacy and Security professionals, to present, debate, learn and exchange ideas.

 

Click here to register for free to PrivSec & GRC Connect London