5th Annual

Compliance  -  GDPR  -  Process - Strategy

DP22 LOGO 1200MM.png
Thursday 24th March 
08:00 - 16:30 
Online and In-Person at Dynamic Earth, Edinburgh

2020 Lead Sponsor


Speakers & Supporters

cyber academy.png


When GDPR came into force in 2018 it signalled a seismic shift for data protection. Three years on from implementation and the landscape continues to evolve, with the UK Government now looking to reform data protection legislation after exiting the EU.


The recent consultation, launched in September, sets out 70+ new proposals with an aim to reduce barriers to innovation and data flow while improving public services. But the proposals have faced stiff criticism for deviating from the European consensus and raised concerns of an erosion in UK data protection standards.


​The DP 2022 Summit will contextualise the latest developments within the data protection field, with insight from frontline practitioners reflecting on key trends, challenges and best practice. The event will also provide an update from the ICO, looking at regulatory priorities; the Age Appropriate Design Code and anonymisation.


Core conference topics include:

  • Data Protection reform

  • Information security and breach notification

  • Databases, mapping and classification

  • Global data flows and information sharing post Schrems II

  • Anonymisation, pseudonymisation and encryption

  • Impact of emerging technologies: AI, Cloud, Biometrics



DIGIT has rapidly grown into the largest business technology community in Scotland. We host an extensive series of events focused on emerging technology and practical innovation. We also run Scotland's leading IT & Digital News Platform www.digit.fyi with over 100,000 page views per month.

The events provide a unique platform for knowledge exchange, drawing stakeholders together to explore challenges, best practice, and business impact. Our conferences attract a senior delegate following and have become renowned as an important forum for high-level networking.

​DIGIT will be running this conference as a Hybrid event: you can attend the in-person Summit in Edinburgh or you can log-in remotely and join us from anywhere in the world.










2020 Speakers - 2022 Coming Soon

2020 Sponsors

Cohesity new.png
Protegrity-Logo-Dark (002).png

2020 Exhibitors

Quest Software Logo.png
DataGuard Logo.png
Exterro Logo.png
Galaxkey Logo.png

For enquiries about sponsorship and exhibitor opportunities, contact Ray Bugg on ray@digit.fyi


2020 Agenda (2022 coming soon)

SESSION 1.        

The opening session will consider how the data protection landscape has shifted over the last year; exploring how regulation and enforcement has progressed and how organisations have adapted their data security and privacy measures to adapt to the challenges of 2020. The focus will then turn to effective internal engagement, examining how practitioners can engage with the board and embed privacy within organisational culture.

09:15     Welcome from the Conference Chair

Mark Stephen, Journalist & Broadcaster, BBC Scotland

09:20    Regulating During a Global Pandemic: Lessons Learned

  • Pragmatism vs legalism

  • Co-operation vs hinderance

  • Rapid assessment vs a retrospective

  • The art of the possible

Maureen Falconer, Regional Manager, ICO

09:40     Proactive Information Security Architecture

  • Aligning cyber security, data protection and organisational strategies

  • Security architecture - it’s all about the people

  • Embedding strategic threat intelligence in product development

  • Choosing security standards and moving the bar

  • Managing security change in an impatient world

  • Data security: the human cost of cyber attacks

Scott Barnett, Head of Information and Cyber Security, NHS NSS


10:00     Privacy in the Boardroom: The Metrics, KPIs and Reporting You Need​

  • Stakeholder support for a privacy program is key

  • With so much information at play, how do you know what to present in the boardroom?

  • Key metrics, deliverables, dashboards and reports that demonstrate functionality and success

  • How to take privacy compliance beyond the frameworks and build a strong program and culture of privacy

  • How to present key metrics that the board is interested in​


Joseph Byrne, Privacy Solutions Engineer, OneTrust

10:20     Combined Q&A

10:45     Break

SESSION 2.          

Session 2 will explore a variety of key topics in a smaller and more interactive breakout setting. The breakouts will be run in 30-minute slots across three parallel streams, providing delegates the opportunity to attend three of the options live. The breakouts will then be accessible on-demand post event.

11:00     Breakout Session: Choose one option from A, B or C


Stream 1 - Breakout A. Data Sharing in the Brave New World

  • Debunking the myths of data sharing

  • Building compliance in sharing

  • The elephant in the room!

  • Tools for your toolbox

Maureen Falconer, Regional Manager, ICO


Stream 2 - Breakout B. The Last Line of Defence, Preventing or Recovering from Cyberattacks’

  • The current state and root causes of cyber attacks

  • Preparation and preventative measures

  • Data Protection as a platform for recovery in case the worst should occur

Chris Dyer, Channel SE, Cohesity


Stream 3 - Breakout C. Automating Data Compliance: Enabling Analytics While Maintaining Privacy

  • What can you do when the unstoppable force of privacy meets the immovable object of digital transformation?

  • What can be done to enhance data compliance without compromising the ability to use data to its full potential?

  • The challenges of enhancing customer experience, compliance, and the growing demands for privacy

  • Automation of data compliance, making data usage approvals a straight-through process.

  • Real-world success stories

Alasdair Anderson, General Manager EMEA, Protegrity


11:30     Breakout Session: Choose one option from D, E or F


Stream 1 - Breakout D. The Children’s Code: Introduction to the Age Appropriate Design Code

  • An overview of the new statutory code

  • Which services it applies to and how it will be enforced

  • Understanding the 15 Standards

  • How your organisation can conform and incorporate the Code’s standards into your design processes

Jenny Brotchie, Senior Policy Officer, ICO


Stream 2 - Breakout E. The end of International Data Transfers? Can the new regulations work in practice?

  • The lasting impact of Schrems II

  • Are we really ready for Transfer Impact Assessments and Supplementary Measures?

  • The new Standard Contractual Clauses – pros and cons

  • Can data flow to Europe post 1 January 2021?

David Goodbrand, Head of Privacy, Burness Paull LLP


Stream 3 - Breakout F. 6 reasons why to protect Office 365

  • As more workloads move to the cloud, customers need to understand that SaaS applications typically don’t have built-in data protection

  • SaaS usage has uncovered unique internal and external security threats, as well as all-to-common data deletion scenarios and retention policy gaps.

  • We see a rapidly growing opportunity to provide much-needed data protection services for a wide range of infrastructures and applications

Fergal Hennigan, Country Manager & Gary Forsythe, Systems Engineer, Veeam


12:00     Breakout Session: Choose one option from G or H


Stream 1 - Breakout G. The Human Factor: Effective InfoSec Advice for the Remote Working Environment

  • An overview of human factors of security

  • Designing organisational security with people in mind

  • How employer/employee trust dynamics impact organisational level security

  • Thinking about human factors when designing security advice and requirements

Kami Vaniea, Lecturer in Cyber Security & Privacy, University of Edinburgh


Stream 2 - Breakout H. Big data sharing in a post-covid era. Tips, tools & learning

  • Exploring practical governance underpinning data sharing

  • Big data sharing: the good, the bad and the ugly

  • Data Sharing Agreements (DSAs) - unpacking and operationalising protocols into governance

  • Data sharing through the pandemic - a look back and a look forward

Sorcha Lorimer, Data Governance & Privacy, Global Open Finance CoE & Founder, Trace

12:30     Lunch, Networking & Exhibition



The closing session will consider some of the most prominent data protection trends that have emerged over 2020 and examine the associated challenges facing practitioners. From the increasing volume of sensitive personal data and the limitations of consent, to the shift to data localisation and the impact of the Schrems II decision on international data flows.

13:30     When Consent Won’t Cut It

  • Understanding special category personal data

  • Lawful basis for processing

  • Conditions for processing special category personal data

  • Additional safeguards

  • 5 Scenarios

  • Checklist

Toby Hayes, Global Data Protection Controller, Pladis Global


13:50     Data Localisation in a Global World

  • Data Localisation vs Data Sovereignty

  • Drivers for Data Localisation

  • Types of Localisation

  • Existing Data Localisation Laws

  • Emerging Localisation

  • IRGS Data Working Group Report Recommendations

Vivienne Artz, Chief Privacy Officer, Refinitiv


14:10     Schrems II and Global Data: What’s Next?

  • The Schrems II decision

  • Understanding the implications of the ruling

  • There are a growing number of cross-border data transfer regimes

  • How companies around the world are currently responding

  • How U.S. EU and UK policymakers could respond

  • Next steps

Caitlin Fennessy, Research Director, IAPP


14:30     Combined Q&A

14:55     Closing Remarks

15:00     Session Close


15:00     Networking & Exhibition

16:30     End of Day