4th Annual

​

Compliance  -  GDPR  -  Process - Strategy

 10th December 2020

Virtual Event- delivered online

The Conference

The conference will contextualise the changing regulatory landscape, considering the business impact of the GDPR and DPA (2018) and how it is changing policy and process in practice. 

When GDPR came into force in May 2018 it significantly raised the bar of obligation and accountability, ensuring that all organisations who handle personal data adhere to strict regulations around privacy, security and consent. 18 months on from implementation, the conference will consider how data protection procedure has moved on, with insight from frontline practitioners reflecting on how practices within their organisation have changed.
The event will also provide an update from the regulator; exploring regulatory action policy, decision making for fines and penalties, and clarifying some of the most prominent areas of misconception and non-compliance.

Core conference topics include:

•    Key legal issues and obligations
•    Data security and encryption
•    Privacy Impact Assessments
•    Databases, data mapping and classification
•    Privacy by design
•    Practical strategy implementation 

2019 Speakers

Participants

300

Topics

12

Sessions

4

Speakers

12

2019 Agenda 

SESSION 1  

​

GDPR and DPA 2018 were designed to raise the bar of obligation and accountability, ensuring that organisations who handle personal data adhere to strict regulations around privacy, security and consent. 18 months on from implementation, the opening session will contextualise how the Data Protection landscape has changed and reflect on progress, perception and persisting challenges.

08:30 Arrival, Refreshments and Badge Collection

09:20 Introduction from the Conference Chair

Mark Stephen, Journalist & Broadcaster, BBC Scotland

09:30 Data Protection in the GDPR Era

• The ICO’s experience since GDPR was fully implemented

• Lessons to be learned and myths to be busted

• Taking regulatory action

• Helping the data controller

​

Ken Macdonald, Head of ICO Regions, ICO

10:00 Practitioner Observations on the Evolving Data Protection Landscape

• The evolving privacy and data protection  landscape, trends and observations

• How have trust, privacy and customer expectation shifted

• What are the main data issues and compliance challenges facing practitioners 

​

Evie Kyriakides, Chief Data Protection & Privacy Officer, Mars

10:20 ISO27001 & the GDPR: Identifying Overlap and Streamlining Efforts

• Map the most common security operations standard, ISO 27001 to the world’s most influential piece of privacy legislation, the GDPR 

• Identify how much work toward GDPR compliance that security teams have likely already done 

• Develop a framework to reduce the risk of a damaging incident while increasing productivity and customer trust

• Learn about the stakeholders, teams, tools and processes that should come together for a comprehensive privacy and security strategy

​

Charlie Grey, Privacy Consultant, OneTrust

10:40 Question & Answer Panel

​

11:05 Refreshments, Exhibition & Networking

SESSION 2 

​

This session will explore three key topics in a smaller and more interactive breakout setting. The three breakout sessions will be run in parallel and then repeated, providing delegates the opportunity to attend two of the options on offer.

​

11:40   Breakout 1

12:10   Transition

12:15   Breakout 2

​

A: The consumerisation of privacy – legal impact

GDPR and similar regulation across the globe, coupled with the explosion of big data and high profile privacy cases, has led to a previously unparalleled level of privacy awareness. Data is undoubtedly now a consumer commodity, and in some cases privacy has become a weapon.  In this session we look at the legal aspects of this new privacy landscape, and how organisations can handle the risks, focusing on:

•             Breaches and class actions

•             New developments in data subject rights

•             Trends in transparency

•             Cookies and marketing

​

Helena Brown, Partner, Addleshaw Goddard

​

B: Solving Mass Data Fragmentation

Data is an enterprise’s most valuable digital resource.    It should be a competitive asset, but with the introduction of GDPR, data  has become a costly and risky IT management headache.     Secondary data has become so fragmented across infrastructure silos and locations that it is too complex for IT to protect or locate – let alone leverage.     Learn how to identify mass data fragmentation in your organisation and establish best practices across your organisation for safely and cost-effectively defeating it.

​

Alan Gardiner, Marketing Director, iomart

​

C: Delivering effective GDPR training

​

•             Why aren’t businesses delivering effective training?

•             Making it relevant, a priority and ongoing.

•             Getting the message across.

•             Long-term consequences of insufficient training.

​

Megan Kane, GDPR Practitioner, iCaaS

​

12:45 Lunch, Exhibition & Networking

​

SESSION 3 

​

This session will split into streams to provide a closer insight of specific aspects of data protection from frontline data protection practitioners. The three streams will cover: data protection myths, privacy by design, and organisational engagement. Delegates will select one stream to attend.

13:35 Stream 1: Debunking Data Protection and Data Sharing Myths

• Exploring common myths and misconceptions

• Data protection says no

• Clarity on data sharing

• Raising awareness and changing perceptions

​

Alice Wilson, DPO, HEFESTIS & Lisa Powell, DPO, HEFESTIS

​

13:35 Steam 2: Engagement and Alignment 

• The evergreen nature of data

• Recognising what different roles & functions need to get out of data

• Organisational buy-in: we all need to buy into it together and be on the same page

• Are we still engaged post GDPR?

• Activity must align with addressing risks

• Balancing priorities

Paul Sherrard, Sr Proposition and DP Manager, Standard Life Assurance: part of the Phoenix Group

​

13:35 Stream 3: Privacy by Design

• What does privacy by design look like in practice

• How can you create a product that contains adequate built in safeguards

• What does the roadmap look like, what are the key principles

• What are the primary challenges

• How can data protection work hand in hand with innovation

• Internal collaboration, conflict resolution and troubleshooting

​

Elizabeth Fairley, COO, Talking Medicines 

​

14:10 Transition to Session 4​

​

SESSION 4  

​

The recent explosion of data has driven huge strides forward in automation, personalisation, Machine Learning and Artificial Intelligence, accompanied by a raft of new products and services. But this explosion of data and new technologies has also created a wave of new challenges across privacy, security and DP. 

The final session will examine two prominent areas of discussion, data portability and AI regulation, and explore the balance between innovation and advancement with data protection, privacy and control. The conference will then conclude with a panel discussion considering some of the key DP challenges posed by emerging technologies.

​

14:15 Data Portability and the Rise of Data Intermediaries

• The role of data portability as a vehicle of access, personal ownership and innovation

• Features and benefits: diversity, control, choice

• Data protection and privacy considerations

• Progress and ongoing collaborations and open source tools

• What it means to build portability in a privacy-protective way

• Ensuring the internet remains a space characterized by growth and innovation

​

Calum Liddle, EEA Data Protection Manager, Facebook

14:35 Regulating the Use of AI

• How do we as a regulator think about the use of AI and ML

• What are the main challenges and liabilities facing organisations deploying AI

• How can these be mitigated in practice

• Exploring and understanding contentions in the law

• Tangible advice and guidance 

• Steps towards formalised guidance and operating frameworks

​

Ali Shah, Head of Technology Policy, ICO

​

14:55 Question & Answer Panel

• Calum Liddle, EEA Data Protection Manager, Facebook

• Ali Shah, Head of Technology Policy, ICO

• Elizabeth Fairley, COO, Talking Medicines 

• Alice Wilson, DPO, HEFESTIS & Lisa Powell, DPO, HEFESTIS

• Paul Sherrard, Sr Proposition and DP Manager, Standard Life Assurance: part of the Phoenix Group

• Mark Stephen, Journalist & Broadcaster, BBC Scotland

​

​

15:35 Closing Remarks

​

15:40 Networking Drinks Reception

​

16:30 Close of Conference

*The conference programme is provisional and subject to change and revision

Registration

THE 2019 CONFERENCE HAS NOW FINISHED. THE 2020 EVENT WILL BE ON 10TH DECEMBER 2020, REGISTRATIONS OPEN SEPTEMBER 2020. 2019 CONTENT WILL BE SHOWN HERE UNTIL 2020 CONTENT IS RELEASED. FOLLOW US ON SOCIAL MEDIA FOR UPDATES AND REGISTER EARLY INTEREST BELOW. 

IF YOU HAVE ANY QUESTIONS OR WOULD LIKE TO SPEAK, EXHIBIT OR SPONSOR IN 2020 PLEASE CONTACT RAY BUGG ON RAY@DIGIT.FYI OR 0131 553 9381. 

​