Join us for our Data Privacy Day Speaker Series on January 27th.
Register Today for Privacy Day Presentation Series Events
General Data Protection Regulation (GDPR): Are you a Novice or an Expert?
The NSHE Information Security Office, in cooperation with the NSHE Information Security Officers Council and the NSHE Information Security Advisory Committee, will host two virtual presentations on the European Union General Data Protection Regulation (GDPR) on January 27 and 28, 2021 from 12:00 to 1:15 PST. CPE credit will be offered for attending one or both the presentations. Registration is required. The presentations are for anyone who wants to gain a general knowledge of GDPR, or for those who are familiar with it but are looking for a deeper dive.
Can you correctly answer the questions below?
- What is GDPR, what and who does it cover, and when did it take effect?
- What are the main principles of GDPR?
- What are GDPR’s requirements for protection of data?
- What is the “Right to Be Forgotten?”
- What requirements are required for compliance?
About GDPR
The General Data Protection Regulation (GDPR) is updated data protection legislation for European Union that took effect May 25, 2018. The regulation was developed to provide a set of standardized data protection laws that will make it easier for EU citizens to understand how their personal data is being used, express concerns and complaints and make changes to their information wherever the data may be located. It introduces provisions such as enhanced accountability, new procedures for handling data breaches and Subject Access Requests (SARs). The rules affect Data Controllers (those who determine why and how data is collected and used) and Data Processors (those who act on behalf of the Controller).
GDPR affects any entity who handles the data of a living individual within the EU and affects all domestic and international businesses operating in the EU, regardless of their size.
Check the event schedule for the descriptions of the presentations and be sure to register for one, or both if interested.
Want to learn about GDPR and earn CPE’s at the same time?
Each presentation is worth one hour of CPE. You must attend the presentations and participate in the surveys offered at the end of each presentation. By participating you will receive a certificate validating your CPE.
For more information or questions, please contact the NSHE Chief Information Security Officer: nshe_ciso@nshe.nevada.edu

Event Schedule
GDPR does not apply to me or my department, or does it?
Wednesday, January 27, 12:00-1:15 PMNot sure if you or your department falls under GDPR? Join panelists, Joanna Grama, VP for Vantage Technology Consulting Group; Brent Hobby, Campus Guard; and Pegah Parsi, University of California San Diego Privacy Officer, who will provide varied expertise regarding GDPR and its requirements. You will learn the terminology and principles included in GDPR and the steps you can take to become compliant. This presentation is for those who are unfamiliar with, or need a brush up on GDPR, and is recommended for faculty, students and staff who want to gain a general understanding.
Joanna Grama

Joanna is an associate vice president with Vantage Technology Consulting Company and leads the company’s information security practice. She has more than 20 years of experience with a strong focus in law, higher education, information security, and data privacy. A seasoned attorney, Joanna has a passion for designing effective, standards-based, and end-user focused organizational information security and privacy frameworks to help reduce organizational risk. Joanna is skilled at helping all technology users understand complicated information security and privacy concepts.
A former member of the U.S. Department of Homeland Security’s Data Privacy and Integrity Advisory Committee, Joanna has earned several security and privacy industry certifications. She is also a frequent author and regular speaker on information security and privacy topics. The third edition of Joanna’s textbook, LEGAL ISSUES IN INFORMATION SECURITY, was published in late 2020.
Before joining Vantage, Joanna was Director of Cybersecurity and IT Governance, Risk and Compliance programs at EDUCAUSE. Joanna graduated from the University of Illinois College of Law with honors. Her undergraduate degree is from the University of Minnesota-Twin Cities. In her spare time, Joanna is an enthusiastic cyclist and avid napper.
Brent Hobby

Brent Hobby is a Security Advisor for CampusGuard (www.campusguard.com) with much sought after expertise in information security policy, governance and risk management, security awareness, compliance, incident response coordination, and organizational stewardship. He is responsible for analyzing customer processes and technologies, and helping them assess compliance and security gaps. Brent enjoys long-term relationships with his customers; helping them develop and execute ways to address their challenges while managing scarce resources. In an information technology career spanning more than 30 years, Brent has held leadership positions in Hosting and E-Commerce, Enterprise Network Services, Information Security, Compliance, Risk Management, and Governance.
Before joining CampusGuard, Brent worked for Acxiom Corporation, Trace Security, and most recently as the Chief Information Security Officer for the University of Tennessee System where he was responsible for the oversight of information security strategy and governance for the University System, its campuses, and its institutes. Brent’s various IT roles have included, among other things, IT and security outsourcing, data center administration, systems and network management, and both systems and application programming.
Brent enjoys helping develop solutions that require strategic thinking to leverage recognized standards, best practices, technology, and a broad perspective to integrate, streamline, and assure efficient, effective management and governance.
Pegah Parsi

Pegah is the campus privacy officer at UC San Diego where she spearheads the privacy and data protection efforts for the research, educational, and service enterprise. She manages a complex portfolio of privacy initiatives related to employees, students, applicants, alumni, and research participants and provides guidance on the GDPR, FERPA, HIPAA, California privacy laws, and research privacy/Common Rule. She provides thought leadership on privacy values, ethical frameworks, and philosophy. Her day may involve anything from a consult on license plate readers to research involving smart devices to using predictive analytics to support student success.
She is passionate about data ethics and privacy as a civil rights issue.
Prior to San Diego, Pegah was a privacy manager at Stanford University, focusing on medical studies and international collaborations. She is an attorney and holds an MBA. In her spare time, she advises clients on immigration and asylum matters. She is a Veteran, who, among other things, was the Honor Grad of Army Truck Driver school!

Looking for a deeper dive on GDPR?
Thursday, January 28, 12:00 -1:15 PMRoll up your sleeves and prepare to attend a virtual in-depth presentation and discussion by guest presenter, Jonathan Kimmitt, University of Tulsa Chief Information Security Officer. Jonathan will cover the technical and non-technical aspects of GDPR including what is required to meet compliance including policy, procedures, and technical implementation. This presentation is geared towards information technology, privacy, compliance, legal, business, and academic professionals who need a deeper understanding of the requirements set forth in GDPR.
Jonathan Kimmitt

Jonathan currently serves as Chief Information Security Officer for the University of Tulsa. His primary responsibility is the development and execution of the University's IT Security & Data Privacy Compliance Initiatives. Jonathan has 19 years of experience at TU in Information Services & Security Operations and has been involved with all aspects of information technology at the University. In August 2020, he was awarded the Fellow of Information Privacy from the IAPP for his contributions in privacy and cyber security. He is a board member with the ISSA Oklahoma Chapter, an InfraGard sector chief, and an FBI Citizens Academy Alumni. Speaking & teaching at over 40+ conferences/events/symposiums, Jonathan enjoys providing back to the industry. With the understanding that Privacy and Cyber Security’s goal is to protect people, he actively works with industries, professionals, and leaders in Oklahoma to grow and develop their security and privacy postures for their organizations.
