4th Annual
​
Compliance - GDPR - Process - Strategy
Thursday 10th December 2020
8:00am - 4:30pm GMT
Virtual Event
The must-attend online event for the Data Protection and Technology community, featuring live keynote talks, breakouts and an interactive exhibition hall - all hosted live on a virtual platform. Free to attend for end-users working in IT, data protection and information security.
The Virtual Summit
When GDPR came into force it significantly raised the bar of obligation and accountability, ensuring that all organisations that handle personal data adhere to strict regulations around privacy, security and consent.
​
Over 2 years on from implementation and the landscape continues to shift, with the Schrems II ruling, geo-political tensions, and uncertainty around a post-Brexit adequacy decision creating a challenging environment for data protection practitioners.
​The DP 2020 Summit will consider how data protection has progressed, with insight from frontline practitioners reflecting on key trends, challenges and best practice. The event will also provide an update from the ICO; discussing the Age Appropriate Design Code, the Data Sharing Code of Practice, and examining some of the persisting areas of misconception and non-compliance.
Core conference topics for the online event include:
​
• Key legal issues and obligations
• Data protection and information security
• Privacy Impact Assessments
• Databases, data mapping and classification
• Data flows and information sharing
2020 Speakers
Toby Hayes
Global Data Protection Controller, Pladis GlobalVivienne Artz
Chief Privacy Officer, RefinitivAlasdair Anderson
GM EMEA, ProtegrityMaureen Falconer
Regional Manager, ICOCaitlin Fennessy
Research Director, IAPPScott Barnett
Head of Information Security & Cyber, NHS NSSJenny Brotchie
Senior Policy Officer, ICOMark Stephen
Journalist & Broadcaster, BBC ScotlandKami Vaniea
Lecturer in Cyber Security & Privacy, University of EdinburghChris Dyer
Channel SE, CohesityJoe Byrne
Privacy Solutions Engineer, OneTrustSorcha Lorimer
Data Governance & Privacy, Global Open Finance CoE & Founder of TraceParticipants
400
Topics
12
Sessions
4
Speakers
12
About DIGIT
DIGIT has rapidly grown into the largest independent business technology community in Scotland. We run an extensive series of virtual conferences and online events focused on core areas of emerging Technology, Digital and IT. We also run Scotland's leading IT & Digital News Platform with over 100,000 page views per month.
​
The virtual events provide a unique platform for knowledge exchange, drawing stakeholders together to explore best practice, technological innovation and business outcomes. Our conferences attract a senior delegate following and have become renowned as an important forum for high-level networking.
​
​We are delighted to announce that DIGIT will be running our conference programme in a virtual environment. Not only will you be able to enjoy our full events line-up, but you’ll be able to log-in remotely and join us from anywhere in the world.
2020 Agenda
SESSION 1.
The opening session will consider how the data protection landscape has shifted over the last year; exploring how regulation and enforcement has progressed and how organisations have adapted their data security and privacy measures to adapt to the challenges of 2020. The focus will then turn to effective internal engagement, examining how practitioners can engage with the board and embed privacy within organisational culture.
​
09:15 Welcome from the Conference Chair
Mark Stephen, Journalist & Broadcaster, BBC Scotland
09:20 Regulating During a Global Pandemic: Lessons Learned
-
Pragmatism vs legalism
-
Co-operation vs hinderance
-
Rapid assessment vs a retrospective
-
The art of the possible
​
Maureen Falconer, Regional Manager, ICO
09:40 Proactive Information Security Architecture
-
Aligning cyber security, data protection and organisational strategies
-
Security architecture - it’s all about the people
-
Embedding strategic threat intelligence in product development
-
Choosing security standards and moving the bar
-
Managing security change in an impatient world
-
Data security: the human cost of cyber attacks
Scott Barnett, Head of Information and Cyber Security, NHS NSS
10:00 Privacy in the Boardroom: The Metrics, KPIs and Reporting You Need​
-
Stakeholder support for a privacy program is key
-
With so much information at play, how do you know what to present in the boardroom?
-
Key metrics, deliverables, dashboards and reports that demonstrate functionality and success
-
How to take privacy compliance beyond the frameworks and build a strong program and culture of privacy
-
How to present key metrics that the board is interested in​
Joseph Byrne, Privacy Solutions Engineer, OneTrust
10:20 Combined Q&A
10:45 Break
​
SESSION 2.
Session 2 will explore a variety of key topics in a smaller and more interactive breakout setting. The breakouts will be run in 30-minute slots across three parallel streams, providing delegates the opportunity to attend three of the options live. The breakouts will then be accessible on-demand post event.
​
11:00 Breakout Session: Choose one option from A, B or C
Stream 1 - Breakout A. Data Sharing in the Brave New World
-
Debunking the myths of data sharing
-
Building compliance in sharing
-
The elephant in the room!
-
Tools for your toolbox
​
Maureen Falconer, Regional Manager, ICO
Stream 2 - Breakout B. The Last Line of Defence, Preventing or Recovering from Cyberattacks’
-
The current state and root causes of cyber attacks
-
Preparation and preventative measures
-
Data Protection as a platform for recovery in case the worst should occur
Chris Dyer, Channel SE, Cohesity
Stream 3 - Breakout C. Automating Data Compliance: Enabling Analytics While Maintaining Privacy
-
What can you do when the unstoppable force of privacy meets the immovable object of digital transformation?
-
What can be done to enhance data compliance without compromising the ability to use data to its full potential?
-
The challenges of enhancing customer experience, compliance, and the growing demands for privacy
-
Automation of data compliance, making data usage approvals a straight-through process.
-
Real-world success stories
​
Alasdair Anderson, General Manager EMEA, Protegrity
11:30 Breakout Session: Choose one option from D, E or F
Stream 1 - Breakout D. The Children’s Code: Introduction to the Age Appropriate Design Code
-
An overview of the new statutory code
-
Which services it applies to and how it will be enforced
-
Understanding the 15 Standards
-
How your organisation can conform and incorporate the Code’s standards into your design processes
Jenny Brotchie, Senior Policy Officer, ICO
Stream 2 - Breakout E. The end of International Data Transfers? Can the new regulations work in practice?
-
The lasting impact of Schrems II
-
Are we really ready for Transfer Impact Assessments and Supplementary Measures?
-
The new Standard Contractual Clauses – pros and cons
-
Can data flow to Europe post 1 January 2021?
​
David Goodbrand, Head of Privacy, Burness Paull LLP
Stream 3 - Breakout F. 6 reasons why to protect Office 365
-
As more workloads move to the cloud, customers need to understand that SaaS applications typically don’t have built-in data protection
-
SaaS usage has uncovered unique internal and external security threats, as well as all-to-common data deletion scenarios and retention policy gaps.
-
We see a rapidly growing opportunity to provide much-needed data protection services for a wide range of infrastructures and applications
​
Fergal Hennigan, Country Manager & Gary Forsythe, Systems Engineer, Veeam
12:00 Breakout Session: Choose one option from G or H
Stream 1 - Breakout G. The Human Factor: Effective InfoSec Advice for the Remote Working Environment
-
An overview of human factors of security
-
Designing organisational security with people in mind
-
How employer/employee trust dynamics impact organisational level security
-
Thinking about human factors when designing security advice and requirements
​
Kami Vaniea, Lecturer in Cyber Security & Privacy, University of Edinburgh
Stream 2 - Breakout H. Big data sharing in a post-covid era. Tips, tools & learning
-
Exploring practical governance underpinning data sharing
-
Big data sharing: the good, the bad and the ugly
-
Data Sharing Agreements (DSAs) - unpacking and operationalising protocols into governance
-
Data sharing through the pandemic - a look back and a look forward
​
Sorcha Lorimer, Data Governance & Privacy, Global Open Finance CoE & Founder, Trace
12:30 Lunch, Networking & Exhibition
SESSION 3.
The closing session will consider some of the most prominent data protection trends that have emerged over 2020 and examine the associated challenges facing practitioners. From the increasing volume of sensitive personal data and the limitations of consent, to the shift to data localisation and the impact of the Schrems II decision on international data flows.
​
13:30 When Consent Won’t Cut It
-
Understanding special category personal data
-
Lawful basis for processing
-
Conditions for processing special category personal data
-
Additional safeguards
-
5 Scenarios
-
Checklist
Toby Hayes, Global Data Protection Controller, Pladis Global
13:50 Data Localisation in a Global World
-
Data Localisation vs Data Sovereignty
-
Drivers for Data Localisation
-
Types of Localisation
-
Existing Data Localisation Laws
-
Emerging Localisation
-
IRGS Data Working Group Report Recommendations
​
Vivienne Artz, Chief Privacy Officer, Refinitiv
14:10 Schrems II and Global Data: What’s Next?
-
The Schrems II decision
-
Understanding the implications of the ruling
-
There are a growing number of cross-border data transfer regimes
-
How companies around the world are currently responding
-
How U.S. EU and UK policymakers could respond
-
Next steps
​
Caitlin Fennessy, Research Director, IAPP
14:30 Combined Q&A
14:55 Closing Remarks
15:00 Session Close
15:00 Networking & Exhibition
16:30 End of Day
​
​