Alan Calder, Founder & Executive Chair, IT Governance. Two recently-enacted pieces of EU legislation will affect all organizations outside the EU that provide services into the EU. The General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NIS) both come into force in May 2018, by when all organizations within scope need to be in compliance. Both laws explicitly recognize the role of international standards, such as ISO 27001 and ISO 22301, in enabling organizations to demonstrate their attempts to achieve compliance, and this session will discuss specific aspects of the legislation and emerging compliance strategies.