Introducing SCS Speaker Nicolas Vernaz

GDPR became officially applicable in May 2018 and it did not play out quite the way we had in mind. First, we received email messages from like every organization that got hold of our email addresses throughout the years – and had not lost it in the meantime. As it turned out, very few ones had forgotten our addresses. Second, people using Swiss IP addresses lost access to many American sites, because they blocked all European IP addresses. This is ironic as GDPR is EU law and Switzerland is not part of the EU, but that does not seem to matter for American system engineers.

Third, as people got their act together, pop-ups started to appear in order to ask us to accept cookie policies on far too many websites. So it’s all very annoying and it makes GDPR look like a big administrative chore with little benefit.

But maybe that’s only the surface. Maybe that’s only what catches the eye. Maybe there are things happening behind the scenes, that actually improve privacy of user data and the security setup of organizations handling user data as a whole.

I talked to a team lead of an international SOC lately and he told me that he’s living like under siege these days with new customers banging on his door constantly. It’s companies that previously did not have any security policy at all and GDPR is now forcing them to deploy at least a minimal level of security to protect the data of their customers.

Successfully implementing GDPR compliance demands a variety of competencies. It takes an understanding of a company’s business and risks and all the special things a company does to really reach (and maintain!) holistic coverage. So at least in theory, GDPR is a driver for security improvements.

Our speaker Nicolas Vernaz from Redstone Consulting in Geneva is specialized in GDPR. A former director of data protection at our sponsor PWC, he created his own company to focus on this growing market. This gives him a very clear view on the development around GDPR. How is the market reacting? How are Swiss companies adopting the legislation? How do they handle the differences between the European GDPR and the corresponding Swiss legislation? And – maybe the thing you are most curious about – what about big cases? What about the EU attacking the big data krakens? Are the investigations turning into big profile cases sending a signal this is going to be enforced?

Nicolas is committed to data protection very much. He is a committee member of Clusis, the Swiss IS Security Association that is very active in the Romandie and he is starting an initiative to bring data protection awareness to schools.

I’m very curious about the talk of Nicolas Vernaz and if there is more to GDPR than what catches the eye. I’m also very pleased to bring a member of Geneva’s “Swiss Cybersecurity” community into Swiss Cyber Storm, since “Swiss Cybersecurity” is one of our community partners.

Join us at Swiss Cyber Storm on October 30 in Bern to hear Nicolas talk about GDPR and its implementation.

More about our speaker Nicolas Vernaz:

• Website: Redstone Consulting
• LinkedIn: Nicolas Vernaz
• Video: Nicolas Vernaz and Gabriela de Godoy about GDPR

  

Christian Folini, Program Chair