Booking Form

GDPR Surgery 2: Data Risk Mitigation for data assurance & insurance

Date: October 18, 2017
Start Time: 8:00 am
End Time: 9:30 am
CPD Time: 1.5 hours
Cost: £50.00


We are sorry but registration for this event is now closed.

Please contact us if you would like to know if spaces are still available.


Comsure GDPR Workshop No2 - An ineffective response to a cyber attack or data loss is going to cost you in more ways than one!!!

Host Data2Vault

Date/Time 19th October 2017,Registration - 7.45

Start - 8.00-9.30am

Location The Royal Yacht


1. Joining Mathew Beale as the chairman Comsure GDPR Workshop No2 will be

a. Matthew Berry, Senior Legal Adviser - LAW OFFICERS’ DEPARTMENT will offer

i. An update on Jerseys GDPR law drafting.
ii. This update will form part of Matthew fuller presentation at the December number four workshop on the 12th December.

b. Mark Saville from Data2Vault and John Macknight from CRArisk will as the keynote speakers talk about

i. How businesses in Jersey and elsewhere should deal with data breaches and data loss (cyber breaches).  Mark and John will also provide guidance on how to build a programme of controls and actions that will enable firms to demonstrate they have an effective response to such incidents.

The risk of cyber breaches

1. Businesses are becoming increasingly aware that data breaches and data loss, whether caused by cyber incidents or by accident, can happen in a variety of ways to both small and large companies, often through human error, and without malice.

2. As well as investing in prevention tools, businesses need to have a plan about how to keep their business up-and-running, while safeguarding their unique digital assets should something go wrong.

3. In many instances, most regulators understand that even the best run companies can suffer from a cyber-attack, loss or breach, but rarely forgive an Ineffective Response – which could, in turn, lead to a regulatory investigation, leading to further disruption to your business and costs that could include a fine.

Cost triggers

1. Typically when businesses suffer a cyber-attack or data breach, there are three possible COST STAGES, these being

a) The First costs incurred are investigating, remediating and then reporting

b) The Second costs are where Legal suits are filed, or complaints made

c) The Third costs is the possibility of a GDPR regulatory fine

Cost summary

1. The first stage is an opportunity to limit the adverse consequences of the second stage, a stage that could be expensive and disruptive to a company.

2. Looking at stage 3 under the EU GDPR regulation due to be in force in May 2018, it states that notice of a data breach must be provided ‘without undue delay and, where feasible, not later than 72 hours after having become aware of it.

3. If no notification is made within 72 hours, the data controller must provide a ‘reasoned justification’ for the delay.  If you fail this, the third test, you may be liable to a fine.

Effective response guidelines to save you money

1.Speakers Mark Saville from Data2Vault and John Macknight from CRArisk will look at the above matters and in doing so, they will discuss the following effective response to allow delegates to consider

a. Their policies, procedures and working practices, and

b. What appropriate risk measures should be implemented to minimise the impact of a cyber attack, breach and or data loss, that includes:-

i. Assessing the risk

ii. Reviewing data availability processes post-breach

iii. Safeguarding data confidentiality, privacy by design

iv. Proving the safeguards were in place

v. Maximising recoverability

vi. Best practices in data availability

vii. Transferring risk