Yoann Le Bihan (far right) with fellow co-chairs of IAPP KnowledgeNet Luxembourg Jose Bello (far left) and Filip Stoitsev (centre).
Photo: Matic Zorman
Ahead of next week’s conference on “Cybersecurity: New War, New Rules? — Tales From the Trenches and More” Delano spoke with Yoann Le Bihan co-chair of organisers IAPP KnowledgeNet Luxembourg.
Duncan Roberts: The conference programme is impressive for a first event by the IAPP Luxembourg Chapter. What were the challenges in setting up the conference and how often do you hope to host such events?
Yoann Le Bihan: There were many challenges to overcome but finding the right venue at relatively short notice was probably the most stressful. Not to mention the busy schedules we all face at the chapter, as we are all volunteers in this adventure. But we were extremely fortunate to have the support of DLA Piper, our sponsor for this event: they helped us a lot both in dealing with the logistics and to attract some of the speakers who will share their experience during the event.
This conference has attracted several high-profile names in the cybersecurity field. But what sort of audience is it aimed at?
It is a multidisciplinary event, mixing speakers with on-the-field experience, some with technical and operational background and others with a more legal and compliance profile --and sometimes both! So, it’s aimed at both compliance staff (e.g., legal counsel, DPO) looking for return on experience from technical speakers and more technical profiles (e.g., CISO, CIO, engineers) looking for guidance on privacy and security incident management best practices.
There is also a panel about venture capital investment in cybersecurity start-ups, which will address the dynamic growth of this relatively new industry. A key moment in the agenda for any business executive in the room.
A focus of the key note speakers is legislation. What is the challenge that legislators face in keeping up with technology advancements?
On the one hand, legislation must give general principles. It cannot give a detailed action plan for companies--it could never keep up with technology and innovation. But on the other hand, companies need clear guidance and best practices they know they can follow to reach and maintain compliance. Creating the right piece of legislation, that would be uniformly interpreted (as much as possible) within the EU, while still adapting to future cybersecurity threats is a huge challenge for legislators.
And, even though we have noticed a significant shift in the level of privacy awareness in corporate environments since GDPR was introduced in May 2018, there is still a lot of progress to do at an individual level: privacy must not only be the topic for a few individuals in the DPO office or at board level. It’s a topic for everyone, as employees but also as individuals.
The “Cyber-incident: Post mortem” sounds intriguing. What does it involve?
We wanted the event to be practical and useful to everyone. This talk goes beyond what can be done to prevent security breaches by considering how damage can be controlled when the inevitable happens: one day or another, any company is the victim of a cyber-incident. What makes the difference is how the incident is handled. So, we asked experts to share their views and experience in a panel to open the discussion among themselves and, hopefully, with our audience too.
Finally, has the development of the IAPP Luxembourg chapter met your expectations since its launch, and what ambitions do you have for 2020?
In 2019 we spent quite a lot of time and energy setting up the chapter and letting IAPP members know about its existence. We also initiated promising relationships with our corporate members and some local key players in privacy.
In 2020, we want to maintain and develop further this momentum, ideally by organising at least one more conference like this one, and having our local membership further represented in IAPP international conferences.