08:00 - 09:00

Breakfast networking and registration 

09:00 - 09:10

Chairman's welcome

09:10 - 09:30

► Case Study: a PCI DSS and GDPR Compliance Journey

Nicholas Howard, Head of Information Security, First Rate Exchange Services

  • An in depth-case study on the implementation of PCI DSS and GDPR at First Rate Exchange Services
  • What went well, what were the biggest challenges we faced and how were these overcome
  • Synergies exploited and cost-effective compliance
09:30 - 09:50

► Real World Encryption Simplified

Manoj Bhati, Pre-Sales Consultant, Gemalto

  • Data Economics
  • Compliance vs Security
  • PCI Data Security Challenges and the Changes that GDPR Brings with it
  • Encryption in the real world – simplified
09:50 - 10:20

► Me and Mrs Jones: Busting the Myths of PCI DSS and GDPR 

Neira Jones, Independent Advisor & International Speaker and Simon Brady, Managing Editor, AKJ Associates

In this honest, high-calibre dialogue, Neira Jones, and Simon Brady, Managing Editor of AKJ Associates, will discuss what businesses really need to be aware of in the new security and compliance environment.

•    Is GDPR destined to be another PCI DSS – unenforced and with less than 50% compliance?
•    How can ‘normal’ companies realistically maintain PCI DSS / GDPR compliance in the Cloud?
•    Is mandatory disclosure the biggest risk (think Ticketmaster)?
•    Does companies’ increased reliance on third-party payment platforms affect PCI DSS and GDPR compliance and security?

10:20 - 11:00

► Education Seminar Session 1

Delegates will be able to select from a range of presentations

  • Threat Actors Don't Care if You're Compliant - Kurt Hagerman, CISO, Armor
  • Creating the Right PCI Environment - Crispin Edwards, VP and Michael Christodoulides, VP Payment Security Product, Barclaycard
  • My Keys are Safe … aren’t They? Mitigating Risks and Achieving Compliance - Rob Stubbs, Director of Sales EMEA, Cryptomathic
  • Leveraging your investment in PCI DSS for GDPR - Graham Thompson, VP Sales & Marketing,  DataDivider
  • Solving iFly’s compliance challenges from the cloud: A Case Study - Tony Smith, Director of Sales EMEA, PCI Pal
  • Using Tokenisation for Data Protection by Design and by Default - John Noltensmeyer, Head of Privacy and Compliance Solutions, TokenEx
11:00 - 11:30

Networking and refreshments break 

11:30 - 11:50

► The Future of Payments: What's in Store for 2019 and Beyond?

William James, Head of Payments Team, Addleshaw Goddard

  • Alternative payments, blockchain, payment data intermediation: the payments landscape is changing quickly.  What is happening and what is around the corner?
  • What should PCI professionals be aware of: insights from a payments industry expert
  • The challenge of PSD2 and Open Banking - more data more of the time?
  • Tokenisation and encryption vs friction free payments - reliance on PCI or technology based solutions?
11:50 - 12:10

► Aligning payments compliance strategy with digital transformation. Approach and key considerations. 

John Greenwood, Consultant, Pay360 by Capita

  • Building on Pay360’s previous presentations on the power of delivering payments in the digital channel and enabling payments innovation in the digital channel
  • How should entities approach PCI DSS compliance across their customer contact points?
  • What are the key considerations in approaching people, process and technology?
  • Where are the big gains in terms of technology selection and cost reduction?
12:10 - 12:30

► Retained Forensic & Incident Response Service: How planning for the worst can add value to your business

Paul Brennecker, Principal QSA, SRM

  • Coping with the challenges of managing third parties to achieve and maintain compliance to data standards, particularly procurement
  • “Plan for the worst but hope for the best” – This has never been so true as with incident response.  Knowing how to react in the unfortunate event of a data breach is the biggest hurdle
  • How to plan ahead to ensure that you get the maximum return for your outlay and also secure the service that is best for your business
12:30 - 12:50

► Executive Panel Discussion 

Preparing for Annual Assessments and Audits

  • Bruna Bonomi, Programme Delivery Director, Metropolis Group
  • Jon Forrow, Chief Information Security Officer, Mapfre Abraxas
  • Geoff Smith, Head of IT, The Works 
12:50 - 13:30

► Education Seminar Session 2

Delegates will be able to select from a range of presentations

  • What GDPR Means for the Cyber Underground - Kurt Hagerman, CISO, Armor
  • Creating the Right PCI Environment - Crispin Edwards, VP and Michael Christodoulides, VP Payment Security Product, Barclaycard
  • Solving iFly’s compliance challenges from the cloud: A Case Study - Tony Smith, Director of Sales EMEA, PCI Pal
  • How DTMF Technology is Becoming the New Contact Centre Compliance Standard, for Payment by Phone & Call Recordings - Simon Beeching, Business Development Director, Syntec
  • Using Tokenisation for Data Protection by Design and by Default - John Noltensmeyer, Head of Privacy and Compliance Solutions, TokenEx
13:30 - 14:30

Lunch and networking

14:30 - 14:50

► Ensuring PCI DSS and GDPR are Aligned with Business and Customer Needs

Sandip Zala, Director of Information Technology, Bulgari Hotels 

  • Burgeoning information security compliance requirements can mean creating a balance between complying with regulation and business/ customer needs
  • Making sure IT security works harmoniously with employees who need to access data
  • How a luxury hotel chain is securing guests’ data, whilst also putting customer services and ease of use of IT systems as a priority
14:50 - 15:10

► Solving the "Illusion of Compliance" Problem

Ninva Ponsonby, Former Group Head of Technology Compliance, OCS Group 

  • How to create an organisational culture supportive of PCI DSS and GDPR compliance
  • Creating ‘continuous compliance’, rather than staff taking the view that it is an exam that needs to be passed
  • Can PCI DSS be used as a framework for GDPR? How should they be approached?
  • From PCI to the P&L: compliance is not just about avoiding cost, it is about driving revenues
15:10 - 15:30

► Executive Panel Discussion 

A Realist's Guide to Compliance 

  • Sarah Harvie, Head of Information Security, Merlin Entertainments
  • David Mason, Senior Risk Manager, BGL Group
  • James Turrell, Business Information Security Manager, John Lewis Partnership 
15:30 - 15:50

Networking and refreshments break 

15:50 - 16:10

► Errare machinale est: from intelligence to resonance

David Porter, Head of Innovation, Security and Privacy, Bank of England  

Security leaders are being urged to be innovative and exploit the potential of artificial intelligence technology.  But what is the reality behind the AI hype and where can such innovation take us?

  • Innovation through structured experimentation
  • AI as a securely-harnessed and transparent capability
  • Better understanding non-compliance and artificial error
16:10 - 16:30

► AI to comply: using technology capabilities like AI in regtech and the compliance effort

​​​​​​Anne Godbold, Compliance and Regulatory Change Specialist, Accenture

  • How can new technology capabilities like AI help the compliance effort
  • Case study: Using AI provided by a regtech to test and deploy an innovative financial crime surveillance solution
  • How to utilise these new capabilities to support wider compliance use-cases
16:30 - 16:50

► People, policy, processes. Lessons in data governance, compliance and AI

Dilshad Hussain, CEO, Universal Data Protection 

  • Data Governance & GDPR
  • Improve Business and I.T. collaboration in terms of compliance
  • Transformation programmes including digital, machine learning systems and AI. How can they balance this with compliance and regulations
16:50 - 17:00

Closing Remarks 

17:00 - 18:00

Drinks Reception 


Conference Close

Education seminars

Armor - What GDPR means for the Cyber Underground

Kurt Hagerman, CISO, Armor

Organisations in breach of GDPR can be fined €20 million or greater. That just gave threat actors holding your data – and your secret of having been breached – for ransom the perfect price. In this session:

  • Learn how the cyber underground economics work
  • Understand the implications of cybercrime-as-a-service
  • Take away measures to mitigate your risk

Armor - Threat Actors Don't Care if You're Compliant

Kurt Hagerman, CISO, Armor

Ever since men started crafting laws, there has been a constant conflict on how people carry out the “letter of the law” such that it also achieves the “spirit of the law” – which is to secure the data. Many compliance regulations lack specificity and don’t fully address security. This results in an inherent conflict between security and compliance. Too often organisations prioritize compliance over security opting for a check the box approach, often resulting in bad outcomes. In this session:

  • Understand the fundamental differences between security and compliance
  • Learn why you should put security first, especially with GDPR in effect, and how you can do it

Barclaycard - Creating the Right PCI Environment

Crispin Edwards, VP, Barclaycard 
Michael  Christodoulides, VP Payment Security Product, Barclaycard

Join us for this interactive session, hosted by Michael Christodoulides and Crispin Edwards from Barclaycard.  During the session, attendees will learn about the top security challenges that customers are currently facing, and how they can protect themselves against these issues.  You will also discover:

  • why legacy systems could be your downfall
  • some of the threats you need to be aware of 
  • the real cost of a security breach to your companyhow an industry leading security strategy is easy to achieve

Cryptomathic - My Keys are Safe … aren’t They? Mitigating Risks and Achieving Compliance

Rob Stubbs, Director of Sales, EMEA, Cryptomathic

Businesses are becoming increasingly dependent on cryptography to protect their digital assets, communications and transactions. Whole new technologies, such as blockchain and IoT, utilise cryptography at their very heart.  Cryptography, in turn, critically depends on the secure management of the underlying cryptographic keys. The compromise of just a single key could lead to a massive data breach with consequential reputational damage, punitive regulatory fines and loss of investor and customer confidence. With the growing reliance on cryptography, the ever-present vulnerabilities in modern computing systems, the escalation of cyber attacks, and the demands of regulations such as PCI-DSS and GDPR, it has never been more important, nor more challenging, to protect these keys.

What attendees will learn:

  • The nature and life cycle of cryptographic keys
  • How keys can be compromised
  • The potential consequences of compromise
  • Mitigating risks and achieving compliance

Datadivider - Leveraging your PCI DSS investment for GDPR

Graham Thompson, VP Sales and Marketing, DataDivider Inc

This presentation addresses how organizations can leverage their PCI DSS investment when effectively and efficiently meeting their GDPR obligations. Most organizations have initially focused their GDPR projects in identifying the privacy data they manage and implementing the necessary opt in policies together with the capabilities of privacy data disclosure to meet the GDPR requirements. Whilst this is definitely necessary unless this is coupled with implementing the security requirements for this privacy data the organization is leaving itself exposed to a GDPR breach. GDPR is not a prescriptive standard like PCI DSS so organizations have to determine themselves the necessary security controls that should be applied to protect privacy data. Organizations should be encouraged to deploy the same security controls they applied in securing sensitive cardholder data to GDPR privacy data. The presentation covers how the techniques to de-value data and de-scope PCI data can be applied to GDPR in order to minimize risk and reduce the implementation costs. Furthermore, the presentation covers how end points that manage the capture and maintenance of privacy data can be secured in a manner that doesn’t expose this privacy data to the local device. The presentation wraps up with some demonstrations on how end point devices can be best secured for GDPR.

Attendees to this presentation will gain from understanding:

  • Why organizations should not be relying on existing security for GDPR privacy data
  • How to de-value privacy data and de-scope infrastructure from GDPR
  • Why applying the prescriptive PCI DSS security controls will aid GDPR success
  • Why securing privacy data at end points simplifies GDPR

Attendees will have the opportunity to receive a 3,000 word detailed white paper on this subject

PCI Pal - Solving iFly’s compliance challenges from the cloud – A Case Study  

Tony Smith, Director of Sales, EMEA, PCI Pal

In this session, we will share how we assisted iFly, the global indoor skydiving company, with their PCI Compliance challenges whilst taking their customer experience to new heights.

What attendees will learn: 

  • The PCI Compliance challenges faced by iFly 
  • How PCI Pal worked with iFly to achieve compliance and enhance CX
  • Descoping for success
  • Achieved results 

Syntec - How DTMF technology is becoming the new contact centre compliance standard, for payment by phone & call recordings

Simon Beeching, Business Development Director, Syntec
De-scoping the contact centre environment from PCI DSS controls, ensuring MOTO card payments are fully secure and also helping with GDPR  
– from a leading QSA and managed services provider.

What attendees will learn:

  • The regulatory and compliance challenge in call centres – a real world QSA view
  • How to reduce the on-going burden of compliance
  • Freeing yourself from PCI audits, monitoring and controls for the contact centre, call recordings, remote workers & outsourcers
  • Improving customer experience and trust
  • With case studies and merchant feedback

TokenEx - Using tokenisation for data protection by design and by default

John Noltensmeyer, Head of Privacy and Compliance Solutions, TokenEx, CIPP/E/US, CIPM, CISSP, ISA
Join TokenEx Head of Privacy and Compliance Solutions, John Noltensmeyer, to learn how you can reduce risk, achieve PCI compliance, and meet your obligations under the GDPR for “data protection by design and by default” by tokenising sensitive data at the point of acceptance, while still supporting day-to-day business processes. Organisations are securing PCI data using tokenisation as well as protecting personal data using pseudonymisation. This session will showcase how you can secure both card payment and personal data across all your data acceptance channels–web sites, web services, batch files, contact centers, and more.  
What attendees will learn:

  • How cloud-based vs. on-premise tokenization affects PCI compliance and reduces data security risk
  • The benefits of tokenisation at the “point of acceptance”
  • How to implement tokenisation across an omni-channel environment
  • Ways tokenisation can be used for pseudonymisation of personal data
  • Where pseudonymisation can be used to help meet GDPR data and privacy requirements