Annick O’Brien

Privacy and Compliance Counsel, Data Privacy Analytics

Annick is an international compliance lawyer (common law qualified). A business enabler, impact-driven change negotiator and effective communicator (INSEAD certified) who specialises in compliance & privacy program management, framework, governance and reinforcement, training & awareness projects with a special focus on privacy (data protection and information security). Annick is also fluent French speaker, a certified Compliance Officer (ACOI), a certified Cyber Risk Officer (ICTTF) and confirmed change management professional with extensive experience in privacy compliance across smart device and security solutions, shipping & ship management, and investment and asset management.

My Sessions

Are You Taking a Zero Trust Approach to Third Party Risk Management?

Mitigating risk is a continuous task for privacy officers across the globe in the ever-changing data privacy landscape. This panel will explore the challenges of third party risk management, the importance of a zero trust approach and how to effectively manage third parties.

  • Annick O'Brien, Privacy and Compliance Counsel, Data Privacy Analytics
IAM for the Modern Enterprise: Managing High Risk Users and Insider Breaches

Managing insider threats begins with identifying which users present the biggest risk when it comes to a potential incident or breach. Knowing who has access to what is key to managing malicious and unintentional user negligence and compromise which result in insider breaches. This session looks at how organisations can deploy a risk-based strategy to identify privileged and compromised users, gain insights into anomalous activities and behaviours, and implement key strategies to prevent data loss.

  • Annick O'Brien, Privacy and Compliance Counsel, Data Privacy Analytics
  • Manuel Garat, Head of IAM (Identity and Access Management),
  • Ashton D'Cruz, Director CISO & Head - CC&S Governance, NatWest Markets Plc India
  • Tony Unger, Information Security Officer, Institute of Engineering and Technology (IET) - Cloud and Blockchain Expert
  • Martin Sandren, Manager Business Analyst IAM, Ahold Delhaize
Achieving Operational Resilience to Get Ahead of the Next Breach

A resilient business is less prone to incurring lapses in operations and losses from cyber incidents and disruptions. Operational resilience is a set of techniques that gives people (employees, customers, partners), processes and systems to adapt to evolving risks. In this session we look at how you can:

  • Take a holistic view of risk through continuous assessment and monitoring
  • Establish steps to prevent impact
  • Implement controls to ensure optimum security and continuity of operations
  • Map interconnections and interdependencies to get a handle of organisational risk appetite and posture
  • Prepare, respond and recover from realised risks
  • Annick O'Brien, Privacy and Compliance Counsel, Data Privacy Analytics
EU-US Privacy Shield: What’s Next? (Sponsored by 3M)

The European Commission and the US Administration have been discussing how to resolve the troublesome issue of transfer of personal data from the European Economic Area to the US following the invalidation of the EU-US Privacy Shield in 2020. Věra Jourová, Vice President of the European Commission for Values and Transparency, has called for a proactive approach from the US and strong cooperation, with her main concerns lying with the United States national security and surveillance.

While there are positive steps been taken to between the EU and the US, the UK could move away from EU’s GDPR all together. In October, the UK will appoint a new data protection commissioner, with the aim to focus not just on privacy but on economic and social goals according to the UK’s Culture Secretary, further stating that businesses are afraid to use data as they don’t understand the rules or are afraid of inadvertently breaking them.

In this session our panel of experts explore the current situation with the EU-US Privacy Shield, what it means for organisations both in Europe and the United States, and if the UK deviates from GDPR what this will mean for the UK’s data transfers between the privacy shield parties plus much more.