Many Laws, One Product: GDPR, CRA and DORA for Engineering and Product Management

How can a product security program support GDPR, CRA and DORA while delivering real security, clear accountability and minimal disruption?  Integrating GDPR compliance into product security has long been the hallmark of the most successful engineering companies. A “one stop shop” producing both privacy and security for engineering has proven to be effective both in terms of cost and motivation. The EU digital regulation stack keeps growing with DORA (financial entities and their vendors) and CRA (just about everyone). Supply chains will carry the impact of these outside the EU as well.  This session will present solutions on how a product engineering company can fulfill requirements for all three regulations with minimal additional overhead while still producing defensible evidence of it. The panel will also address practical product and engineering management challenges beyond a simple comparison of these regulations. And while in-house development is in focus, most products have vendor dependencies, and we will also take a look at some critical challenges associated with vendor solutions and strategic buy-versus-build decisions.

What you will learn:

• Collaboration ideas for lawyers, privacy professionals and the security function for effective product development touchpoints. 
• Solutions for implementing security related - often overlapping - regulation in an accountable but effective manner. 
• Key takeaways to communicate to product owners and developers, respectively.