SIGS Special Event

GDPR Review and Outlook

Click on the .ics file to save the date

Target Audience Information Security Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security

From Consultancies and Resellers/Integrators are only technical people allowed to take part. Vendors and people with a Sales/Marketing role are not authorized as participants.

CPE Credits Earn 4.25 CPE (Continuing Professional Education) for attending this SIGS Afterwork Event. Please request a confirmation.
Location Microsoft, Richtistrasse 3, Wallisellen
Date of Event 30th of January 2019
Language English
Schedule see agenda below
Participation Costs Fr. 55.— per participant
Organization, presentations, beverages and aperitif included


1:30 – 2:00 Registration & Coffee
2:00 – 2:00 Welcome & Introduction by the Moderator
2:00 – 2:30 András Khan, CIPP\E CIPM Data Privacy, Data Protection, and Security lead for ABB, Nestlé, Novartis and Roche at Microsoft & Sundar Sethupathi, GF-IS Risk & Security, GDPR Program at ABB

GDPR unplugged
What’s working after the GDPR got enforced, and what’s not. Learnings from practical experiences based on large global scale experiences.

How have various major countries reacted to the GDPR – global policy trends and discussion.

2:30 – 3:00 Friedrich Bohl, Group Data Privacy and Compliance Officer at AMEOS Group
Frank Wimmer, Group Data Privacy Officer at Alpiq Group

Friedrich Bohl

  • 16 years Robert Bosch, thereof 10 years data protection officer in Germany and later on regional compliance officer and data protection officer in Switzerland
  • Working at cantonal data protection supervisory authority
  • From March 2017 Group Data Privacy Officer at Alpiq Group
  • Since December 2018 Group Data Privacy Officer and Compliance Officer at AMEOS Group

Frank Wimmer

Frank took over recently the role as Group Data Privacy Officer (DPO) for Alpiq as successor of Friedrich Bohl. Frank is also acting as Business Architect and Internal Control Officer. He leads the Centre of Excellence (Process & ICS Office) and the DPO Office to ensuring group-wide data privacy (EU-GDPR), business process management for continuous process improvements and services, as well as to ensuring internal control system.

An energy company under GDPR power
Until the DSGVO came into force, it was only about one year before Friedrich Bohl took up his activities as Group DPO at energy company. This swiss company (with over 9000 employees) was a company group, which has many subsidiaries in the EU, had hardly any data protection governance and operations implemented before. In short: data protection management system must be brought “from 0 to 100” within 12 months. A thing of impossibility? Is it really feasible?

The experience report gives an insight into how this challenge was successfully managed within the short time available thanks to a well-structured project and good support from top management. In addition: experiences under GDPR regime after May 2018 with quick outlook for the next time.

3:00 – 3:30 Ivan Allemann, Member of the Corporate Affairs Team at Sunrise Communications AG
Trained as a lawyer and attorney-at-law, working as a legal consultant mainly in the financial sector.
Data Protection Officer of the “first generation” of the DSG with the largest Health Insurer in Switzerland in the late 90’s; after almost 20 years as Information Security Consultant, I am no
responsible for legal matters in the field of data protection, information security and telecommunications surveillance.

The new EU Data Protection Regulations from a Swiss telecommunication company point of view
A few introductory moments before the new EU Data Protection Regulations came into force on 25 May 2018.

Based on these findings and the discussion of the topic, I would like to briefly outline our implementation approach. Every project of this kind raises questions about the guidelines / framework to be followed and what to use as a benchmark. It is a proven procedure to give oneself a roadmap and to get into the topic with important quickwins! I have also deliberately dealt with the question of who should be involved and what I can tackle myself.

In my opinion, data protection also belongs in the broad field of “Compliance”, which is why the risk approach must always be taken into account; not least because there are various areas in the companies that do not always have the same ideas or are more or less affected by such an implementation. Once the topic is understood in the company, the discussions and the preferences of various aspects are starting. It is therefore advisable to plan farsightedly and to take placeholders into account not to be late with the implementation.

After more than 200 days since the entry into force of the new EU data protection regulations and still before the implementation of this idea within the Swiss law, various questions arise. However, there are also initial findings that are of help!

3:30 – 4:00 Coffee Break
4:00 – 4:30 Stefan Keller, Co-Chair of the IAPP KnowledgeNet Switzerland

GDPR – today and beyond
What has happened since May 25th, where are Data Protection Authorities and companies today – and what can we look forward to in 2019?

A personal summary of the past year and impressions from the various information feeds as co-chair of the IAPP KnowledgeNet Switzerland. From privacy-by-design to ethics-by-design. Enforcement trends and important developments to watch.

4:30 – 5:00 Vincent Rijken, Information Security Specialist/Data Protection Manager at Nestlé
Vincent is working for Nestlé since 2001 and coordinates Data Privacy and ISO 27001 activities in the IS/IT department. He has led the GDPR program for all IS/IT units in the organization, in collaboration with the Data Protection Office and compliance managers in the regions and markets worldwide. He is also a CISM and coaches multiple units to maintain and further evolve their ISO 27001 certification.

How to ensure GDPR compliance in the IT organisation, using the ISO 27000 framework
The GDPR regulation requires full transparency of all data processing activities, together with adequate protection of the personal data. This can be a big challenge in a large organization, especially when you have offices around the world and a high volume of IT solutions.

This session shows how Nestlé is using the ISO 27001 framework with the risk based approach and the annex A controls, to be in control.

5:00 – 6:00 Podiums Discussion

6:00 – open end Apéro Riche & Networking
The speakers will be onsite for Q&A

The sponsor of this event is:

Host Sponsor


This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it for use with its event partners and event sponsors of this specific platform.