企業(yè)數(shù)據(jù)合規(guī)、安全體系搭建與應對策略

企業(yè)數(shù)據(jù)合規(guī)、安全體系搭建與應對策略(陳熾)課程介紹：

課程背景 Course Background:
    2018年5月25日，GDPR（歐盟通用數(shù)據(jù)保護條例，General Data Protection Regulation）正式生效，開啟了一個新的數(shù)據(jù)合規(guī)時代。1000萬到2000萬歐元，或企業(yè)全球年營業(yè)額2%到4%的罰款讓所有受其管轄的企業(yè)都必須將數(shù)據(jù)保護合規(guī)提升到生存高度予以應對。面對新法，企業(yè)的應對仍然顯得十分不足。2017年，英國政府在“四大”協(xié)助下發(fā)布了富時350指數(shù)網(wǎng)絡治理健康檢查報告，報告顯示近六成的受訪者表示對GDPR不太或并不了解，同時僅有8%的受訪者表示已經(jīng)做了充分的準備，接近75%的人表示僅做了部分準備。那么從國內(nèi)外來看，未來數(shù)據(jù)安全法規(guī)趨勢如何？網(wǎng)絡安全問題的本質(zhì)是什么？企業(yè)如何規(guī)避不合規(guī)數(shù)據(jù)的風險？怎樣提供可切實實施的風險整改計劃？
    CCP法商精英薈特邀EY安永法證及誠信合規(guī)服務部門資深合伙人陳熾先生來為我們解讀法規(guī)、分析案例、指點趨勢。
    On May 25, 2018, the General Data Protection Regulation (“GDPR”) formally came into force, opening a new era of data compliance. A fine of Euro 10-20 million or 2-4% of annual global turnover forces the companies bound by GDPR to pay high attention to data protection compliance. However, enterprises’ response to GDPR seems to be quite inadequate. In 2017, the British government issued FTSE 350 Network Governance Report under the assistance of Big 4 Accounting Firms. The Report shows that nearly 60% of the respondents did not know much about GDPR, only 8% of them said they had made adequate preparations, and nearly 75% of them said they had made some preparations only. What is the future trend of the data security regulations at home and abroad? What is the nature of cybersecurity issues? How to avoid the risks of non-compliant data? How to develop a practical and feasible risk control plan?
    Mr. Chen Chi, a senior partner of EY Forensic & Integrity Services was invited to interpret GDPR, analyze cases and explain the trends.

課程收益 Course Benefits:
1. 了解GDPR、中國網(wǎng)絡安全法及其他相關法律法規(guī)要點
Understand the main points of GDPR, the Cybersecurity Law of the People’s Republic of China and other relevant laws and regulations
2. 了解GDPR及其他相關法律對于企業(yè)所處行業(yè)的影響程度
Understand the impact of GDPR and other relevant laws and regulations on the industry
3. 了解企業(yè)各個層級部門應如何應對外界監(jiān)管規(guī)定
Understand how the departments of enterprises at each level should cope with the regulations
4. 掌握提升企業(yè)數(shù)據(jù)合規(guī)、網(wǎng)絡安全的方式方法
Learn the ways and means to improve enterprise data compliance and cybersecurity
5. 了解危機發(fā)生時應如何進行處理和應對的方法
Understand how to deal with crises
6. 學習先進風險評估框架，并能運用到實際工作中
Learn advanced risk assessment frameworks and apply them to practical work

誰該來參加 Who Should Attend:
企業(yè)合規(guī)、法務、信息安全部門負責人，擁有合規(guī)、法務、信息安全職能的紀檢監(jiān)察部門負責人，從事合規(guī)、法務、信息安全實務操作的部門主管及一般員工，其他對數(shù)據(jù)合規(guī)、網(wǎng)絡安全感興趣的有識之士，以及想提高企業(yè)綜合管理能力的優(yōu)秀積極人士。
Persons in charge of corporate compliance, legal affairs and information security departments; persons in charge of discipline inspection and supervision departments with the functions related to compliance, legal affairs and information security; department heads and general employees engaged in compliance, legal affairs and information security practices; far-sighted persons interested in data compliance and cybersecurity; and activists who want to improve the comprehensive management capabilities of their enterprises.

課程大綱 Course Outline:

一、GDPR及相關法律法規(guī)
GDPR and relevant laws and regulations
1. GDPR概述
GDPR overview
2. 中國網(wǎng)絡安全法概述
Overview of the Cybersecurity Law of the People’s Republic of China
數(shù)據(jù)隱私保護Data privacy protection
網(wǎng)絡安全等級保護Classified protection of cybersecurity
信息跨境傳輸Cross-border information transmission
網(wǎng)絡安全監(jiān)控與應急響應Cybersecurity monitoring and emergency response
3. 全球數(shù)據(jù)保護法律法規(guī)環(huán)境
Global data protection laws and regulations

二、數(shù)據(jù)合規(guī)、網(wǎng)絡安全的趨勢
Data compliance and cybersecurity trends
1. 數(shù)據(jù)安全事件及處罰案件
Data security incidents and punishment cases
2. 企業(yè)應對現(xiàn)狀
Enterprises’ response
3. 從國內(nèi)外大背景看趨勢
Trends from the perspective of domestic and international background

三、企業(yè)應對策略
Enterprises’ countermeasures
1. 管理層應對策略
Countermeasures at the management level
2. 業(yè)務層應對策略
Countermeasures at the business level
3. 技術層應對策略
Countermeasures at the technology level

四、識別敏感信息
Identification of sensitive information
1. 數(shù)據(jù)生命周期管理
Data lifecycle management
數(shù)據(jù)信息的收集與使用
Collection and use of data information
數(shù)據(jù)信息的加工、傳輸與共享
Processing, transmission and sharing of data information
數(shù)據(jù)信息的保存與銷毀
Preservation and destruction of data information
2. 識別個人數(shù)據(jù)、重要數(shù)據(jù)、商業(yè)秘密數(shù)據(jù)
Identification of personal data, important data and trade secrets

五、建立風險評估矩陣
Establishment of risk assessment matrix
1. 怎樣確定數(shù)據(jù)安全評估標準
How to establish data security assessment standards
2. 定量化衡量風險等級及對企業(yè)的影響
Quantitatively measure risk levels and risk impact on enterprises
3. 怎樣提供可切實實施的風險整改計劃
How to develop a practical and feasible risk control plan

六、建立數(shù)據(jù)治理框架
Establishment of data governance framework
1. 數(shù)據(jù)治理的全過程
Whole process of data governance
2. 應對型數(shù)據(jù)治理及主動型數(shù)據(jù)治理
Passive and active data governance
3. 數(shù)據(jù)管理能力成熟度模型
Data management capability maturity model

七、搭建數(shù)據(jù)合規(guī)體系
Establishment of data compliance system
1. 進行GDPR及網(wǎng)絡安全法適用性評估
Evaluate the applicability of GDPR and cybersecurity laws
2. 劃分數(shù)據(jù)類型及區(qū)別制定合規(guī)策略
Classify data and develop different compliance strategies based on the classification
3. 更新與完善隱私政策
Update and improve privacy policies
4. 建立風險評估、記錄與響應機制
Establish risk assessment, recording and response mechanisms

八、搭建網(wǎng)絡安全體系
Establishment of cybersecurity system
1. 網(wǎng)絡安全威脅類型
Types of cybersecurity threats
2. 常見的安全服務機制
Common security service mechanisms
3. 構建網(wǎng)絡安全防護體系政策建議
Policies and suggestions for building a cybersecurity protection system

關于講師 About the Speaker:
    陳熾先生
    陳先生任職于安永法證及誠信合規(guī)服務部門，擔任法證技術合伙人。他專注于持續(xù)合規(guī)監(jiān)控和管理體系、貿(mào)易合規(guī)、數(shù)據(jù)合規(guī)、信息和隱私保護、反壟斷、風險預測分析、以及電子取證。以上領域均需要對結構化或非結構化格式的財務、運營和交易數(shù)據(jù)進行大量的深入分析。陳熾帶領的團隊利用數(shù)據(jù)可視化、統(tǒng)計建模和文本挖掘等先進的分析技術，幫助客戶及時、高效地識別高風險交易或者行為，并積極提供應對辦法。陳熾先后在美國、澳大利亞以及中國就職，擁有超過16年的綜合咨詢和審計工作經(jīng)驗，為眾多財富500強企業(yè)和跨國公司提供服務，涉及生命科學、制造業(yè)、消費品、工業(yè)產(chǎn)品、建筑、科技、金融服務、能源和電訊等多個不同行業(yè)。
    Chen, a forensic technology partner of EY Forensic & Integrity Services, specializes in proactive compliance monitoring and management systems, trade compliance, data compliance, information and privacy protection, antitrust analytics, predictive risk analytics and eDiscovery, all of which require in-depth analysis of large and disparate sets of structured and non-structured financial, operational and transactional data. He leads his team to help clients identify high-risk transactions or behaviors in a timely, efficient and effective manner by leveraging advanced data analytics techniques including but not limited to data visualization, statistical modeling and text mining. He has more than 16 years of combined advisory and audit experience in the US, Australia and China. Besides, he has served many Fortune 500 and multinational companies in a variety of industry sectors including life sciences, manufacturing, consumer goods, industrial products, construction, technology, financial services, energy and telecommunications.

更多企業(yè)數(shù)據(jù)合規(guī)、安全體系搭建與應對策略相關課程：