Compliance - GDPR - Process - Strategy
Thursday 10th December 2020
8:00am - 4:30pm GMT
The must-attend online event for the Data Protection and Technology community, featuring live keynote talks, breakouts and an interactive exhibition hall - all hosted live on a virtual platform. Free to attend for end-users working in IT, data protection and information security.
The Virtual Summit
When GDPR came into force it significantly raised the bar of obligation and accountability, ensuring that all organisations that handle personal data adhere to strict regulations around privacy, security and consent.
Over 2 years on from implementation and the landscape continues to shift, with the Schrems II ruling, geo-political tensions, and uncertainty around a post-Brexit adequacy decision creating a challenging environment for data protection practitioners.
The DP 2020 Summit will consider how data protection has progressed, with insight from frontline practitioners reflecting on key trends, challenges and best practice. The event will also provide an update from the ICO; discussing the Age Appropriate Design Code, the Data Sharing Code of Practice, and examining some of the persisting areas of misconception and non-compliance.
Core conference topics for the online event include:
• Key legal issues and obligations
• Data protection and information security
• Privacy Impact Assessments
• Databases, data mapping and classification
• Data flows and information sharing
Global Data Protection Controller, Pladis Global
Chief Privacy Officer, Refinitiv
GM EMEA, Protegrity
Regional Manager, ICO
Research Director, IAPP
Head of Information Security & Cyber, NHS NSS
Senior Policy Officer, ICO
Journalist & Broadcaster, BBC Scotland
Lecturer in Cyber Security & Privacy, University of Edinburgh
Channel SE, Cohesity
Privacy Solutions Engineer, OneTrust
Data Governance & Privacy, Global Open Finance CoE & Founder of Trace
DIGIT has rapidly grown into the largest independent business technology community in Scotland. We run an extensive series of virtual conferences and online events focused on core areas of emerging Technology, Digital and IT. We also run Scotland's leading IT & Digital News Platform with over 100,000 page views per month.
The virtual events provide a unique platform for knowledge exchange, drawing stakeholders together to explore best practice, technological innovation and business outcomes. Our conferences attract a senior delegate following and have become renowned as an important forum for high-level networking.
We are delighted to announce that DIGIT will be running our conference programme in a virtual environment. Not only will you be able to enjoy our full events line-up, but you’ll be able to log-in remotely and join us from anywhere in the world.
The opening session will consider how the data protection landscape has shifted over the last year; exploring how regulation and enforcement has progressed and how organisations have adapted their data security and privacy measures to adapt to the challenges of 2020. The focus will then turn to effective internal engagement, examining how practitioners can engage with the board and embed privacy within organisational culture.
09:15 Welcome from the Conference Chair
Mark Stephen, Journalist & Broadcaster, BBC Scotland
09:20 Regulating During a Global Pandemic: Lessons Learned
Pragmatism vs legalism
Co-operation vs hinderance
Rapid assessment vs a retrospective
The art of the possible
Maureen Falconer, Regional Manager, ICO
09:40 Proactive Information Security Architecture
Aligning cyber security, data protection and organisational strategies
Security architecture - it’s all about the people
Embedding strategic threat intelligence in product development
Choosing security standards and moving the bar
Managing security change in an impatient world
Data security: the human cost of cyber attacks
Scott Barnett, Head of Information and Cyber Security, NHS NSS
10:00 Privacy in the Boardroom: The Metrics, KPIs and Reporting You Need
Stakeholder support for a privacy program is key
With so much information at play, how do you know what to present in the boardroom?
Key metrics, deliverables, dashboards and reports that demonstrate functionality and success
How to take privacy compliance beyond the frameworks and build a strong program and culture of privacy
How to present key metrics that the board is interested in
Joseph Byrne, Privacy Solutions Engineer, OneTrust
10:20 Combined Q&A
Session 2 will explore a variety of key topics in a smaller and more interactive breakout setting. The breakouts will be run in 30-minute slots across three parallel streams, providing delegates the opportunity to attend three of the options live. The breakouts will then be accessible on-demand post event.
11:00 Breakout Session: Choose one option from A, B or C
Stream 1 - Breakout A. Data Sharing in the Brave New World
Debunking the myths of data sharing
Building compliance in sharing
The elephant in the room!
Tools for your toolbox
Maureen Falconer, Regional Manager, ICO
Stream 2 - Breakout B. The Last Line of Defence, Preventing or Recovering from Cyberattacks’
The current state and root causes of cyber attacks
Preparation and preventative measures
Data Protection as a platform for recovery in case the worst should occur
Chris Dyer, Channel SE, Cohesity
Stream 3 - Breakout C. Automating Data Compliance: Enabling Analytics While Maintaining Privacy
What can you do when the unstoppable force of privacy meets the immovable object of digital transformation?
What can be done to enhance data compliance without compromising the ability to use data to its full potential?
The challenges of enhancing customer experience, compliance, and the growing demands for privacy
Automation of data compliance, making data usage approvals a straight-through process.
Real-world success stories
Alasdair Anderson, General Manager EMEA, Protegrity
11:30 Breakout Session: Choose one option from D, E or F
Stream 1 - Breakout D. The Children’s Code: Introduction to the Age Appropriate Design Code
An overview of the new statutory code
Which services it applies to and how it will be enforced
Understanding the 15 Standards
How your organisation can conform and incorporate the Code’s standards into your design processes
Jenny Brotchie, Senior Policy Officer, ICO
Stream 2 - Breakout E. The end of International Data Transfers? Can the new regulations work in practice?
The lasting impact of Schrems II
Are we really ready for Transfer Impact Assessments and Supplementary Measures?
The new Standard Contractual Clauses – pros and cons
Can data flow to Europe post 1 January 2021?
David Goodbrand, Head of Privacy, Burness Paull LLP
Stream 3 - Breakout F. 6 reasons why to protect Office 365
As more workloads move to the cloud, customers need to understand that SaaS applications typically don’t have built-in data protection
SaaS usage has uncovered unique internal and external security threats, as well as all-to-common data deletion scenarios and retention policy gaps.
We see a rapidly growing opportunity to provide much-needed data protection services for a wide range of infrastructures and applications
Fergal Hennigan, Country Manager & Gary Forsythe, Systems Engineer, Veeam
12:00 Breakout Session: Choose one option from G or H
Stream 1 - Breakout G. The Human Factor: Effective InfoSec Advice for the Remote Working Environment
An overview of human factors of security
Designing organisational security with people in mind
How employer/employee trust dynamics impact organisational level security
Thinking about human factors when designing security advice and requirements
Kami Vaniea, Lecturer in Cyber Security & Privacy, University of Edinburgh
Stream 2 - Breakout H. Big data sharing in a post-covid era. Tips, tools & learning
Exploring practical governance underpinning data sharing
Big data sharing: the good, the bad and the ugly
Data Sharing Agreements (DSAs) - unpacking and operationalising protocols into governance
Data sharing through the pandemic - a look back and a look forward
Sorcha Lorimer, Data Governance & Privacy, Global Open Finance CoE & Founder, Trace
12:30 Lunch, Networking & Exhibition
The closing session will consider some of the most prominent data protection trends that have emerged over 2020 and examine the associated challenges facing practitioners. From the increasing volume of sensitive personal data and the limitations of consent, to the shift to data localisation and the impact of the Schrems II decision on international data flows.
13:30 When Consent Won’t Cut It
Understanding special category personal data
Lawful basis for processing
Conditions for processing special category personal data
Toby Hayes, Global Data Protection Controller, Pladis Global
13:50 Data Localisation in a Global World
Data Localisation vs Data Sovereignty
Drivers for Data Localisation
Types of Localisation
Existing Data Localisation Laws
IRGS Data Working Group Report Recommendations
Vivienne Artz, Chief Privacy Officer, Refinitiv
14:10 Schrems II and Global Data: What’s Next?
The Schrems II decision
Understanding the implications of the ruling
There are a growing number of cross-border data transfer regimes
How companies around the world are currently responding
How U.S. EU and UK policymakers could respond
Caitlin Fennessy, Research Director, IAPP
14:30 Combined Q&A
14:55 Closing Remarks
15:00 Session Close
15:00 Networking & Exhibition
16:30 End of Day