Training: 8–9 November 2016
Tutorials & Conference: 9–11 November 2016
Amsterdam, NL

EU privacy and GDPR: From the server room to the boardroom and back

Chiara Rustici (Independent)
11:20–12:00 Friday, 11 November, 2016
Bridging business and security
Location: G106/107 Level: Non-technical
Average rating: ***..
(3.00, 2 ratings)

Prerequisite knowledge

  • A basic understanding of which geographical markets your business operates in and a clear overall view of your shadow IT and app ecosystem

What you'll learn

  • Understand how to achieve a clear board mandate on what personal data pools you can purge and which ones you need to protect as genuine business assets


Tasked with GDPR compliance and no idea where to start? Insufficient budget? Legal and board don’t get the complexity of your data infrastructure?

Chiara Rustici explains why it is impossible for GDPR implementation to go ahead unless the board has given a clear data business model and helps escalate the personal data cost/benefit equation to the C-suite.

Topics include:

  • What boards need to learn about personal data and metadata life-cycles
  • What your CEO needs to decide before you can start GDPR implementation
  • How to allocate personal data accountability to all business functions
  • How to integrate GDPR principles into product development and UX
  • How to respond to a data breach in compliance with GDPR obligations

Chiara Rustici


Chiara Rustici is a London- and Rome-based independent consultant and analyst who helps teams implement the new EU privacy framework (GDPR) requirements and IT leaders escalate the privacy conversation to the boardroom, both in Europe and rest of the world. Chiara’s contributions to this topic have been published on GitHub and Advisen Ltd. and in ComputerWeekly, Help Net Security, PrivacySense, and IQPC/IICE magazine. Previously, Chiara taught international law and jurisprudence, published research on legal reasoning, and, more recently, managed the P&L of several businesses in the city.