Next Event - 14th Nov 2019 - Reading Football Club Conference & Events Centre, (Formally - Madejski Football Stadium), Reading (UK)

At our last event in May the ICO said the big fines were coming... and they have. Marriott & British Airways have been fined a combined £300m over GDPR data breaches involving millions of customers personal information being compromised. Businesses now more than ever need to focus on improving their own security infrastructure and all other facets of protecting personal data in line with the GDPR to avoid facing similar penalties.

It is widely reported that over half of UK businesses do not yet appear to be fully GDPR-compliant, and many have de-prioritised their compliance efforts.

What to expect from the conference:

  • Hear about the ICO’s approach to fines during the first 18 months since GDPR implementation and what is next?
  • Learn from the many businesses who will be presenting their best Practices by Department focusing on IT, Security, Compliance , HR, Marketing and Finance.
  • A host of DPO’s will describe how the people in your organisation are always going to make mistakes or behave unexpectedly putting you at risk but what are the practical steps to further protect sensitive information and how to deliver it.
  • Preparing your breach response plan. How to best engage with the ICO after a breach. What should be reported and how?
  • Share and learn from others who are at varying stages of their Data Protection journeys.
  • Engage with a variety of suppliers helping with the key challenges.
  • And finally whatever happens on the 31st Oct Brexit deadline our suite of speakers will be on hand to describe if anything changes

Next Event - 14th Nov 2019 - Madejski Football Stadium​

Use the below buttons/tags to filter the sessions that are of interest to you

Keynote Presentation

09:05 - 09:25
Princess Main

Whose Data Is It Anyway?

William Richmond-Coggan - Director at Freeths

Why does privacy matter? If you have nothing to hide, why should you want to keep secrets?

Is personal data (sigh) the “new oil”? As businesses move into a new maturity phase in their engagement with data protection post-GDPR, these are the sorts of large, difficult, philosophical questions that they are having to grapple with.

To help to frame the discussion and to provide some context for the forward-looking agenda for today’s conference, data protection specialist Will Richmond-Coggan provides this brief introduction to the importance of privacy, and some real world examples demonstrating the value that everyone ought to attach to their personal data.

Keynote Presentation

09:25 - 09:45
Princess Main

Why ‘Doing’ Data Protection Doesn’t Work – We Need To Live It

Emma Martin - Data Protection Commissioner at Office of the Data Protection Authority

We are all immersed in a world that is increasingly fuelled by data. But there is an growing disconnect between those that build, control and benefit from the technology and the individuals whose personal information sits at its heart.

Data has the power to change people’s lives, influence elections and make or break businesses. But the law is only ever going to be one of a myriad of factors influencing people’s behaviour and attitudes and the speed of technological advancement means that law will always be playing catch up.

Enforcement and big fines matter to raise awareness, punish and deter poor compliance but the harm is almost always already done and data harms are real.

How can we reframe and broaden the conversation to ensure we embed the protection of data into everything we do, retaining the human qualities and freedoms we all too often take for granted both in our professional as well as our personal lives?

Keynote Presentation

09:45 - 10:05
Princess Main

From Spreadsheets to Streamlined: Automating the Third-Party Vendor Risk Lifecycle

Linda Thielová - Data Privacy Counsel at OneTrust Privacy

Managing third-party vendor risk before, during and after onboarding is a continuous effort under global privacy laws and security regulations. While outsourcing operations to vendors can alleviate business challenges, managing the associated risk with manual tools like spreadsheets is complex and time consuming. To streamline this process, organizations must put procedures in place to secure sufficient vendor guarantees and effectively work together during an audit, incident – or much more.

In this session, we'll breakdown a six-step approach for automating third-party vendor risk management and explore helpful tips and real-world practical advice to automate third-party privacy and security risk programs.


10:50 - 11:10
Princess 2

Cookies, Consent, and Tracking: What the New CJEU Rulings Mean and How It Could Impact Your Business

Nicky Watson - Chief Architect at Syrenis

The Court of Justice of the European Union recently published its new ruling on the use of cookies.

Join Nicky Watson, Chief Architect of Syrenis, as she takes a bitesize look into the world of cookies, consent and tracking, what the new the CJEU ruling means for your business and what you need to do to become compliant.


10:50 - 11:30
Suite 7

Managing Data Security and Data Compliance Through Business Transformation

Dave Barnett - Head of CASB at Forcepoint

New risks are emerging as businesses transform to exploit the latest advances in IT and Cloud to support greater efficiency, productivity and agility. Traditional security architectures are no longer fit for purpose.

Join Dave to discuss and debate:

How far digital transformation is forcing change to the way we manage data compliance and data protection.

Why traditional security and compliance architectures fail to cope as businesses move more of their sensitive data into the Cloud.


10:50 - 11:30
Suite 5


Caroline Woods, David Moriarty & Matt Steel - Confidential Information Security Experts at Shred IT

Even in our digital world, paperwork still accounts for a large proportion of information breaches, with over 28% happening as a result of employee negligence or error.

Many of our clients have document management policies in place, but can you be 100% sure that your staff members make the right choice in disposing of sensitive information every single time?

We will be discussing the hidden risks of processing paper, recycling bins, desk bins and shredders all of which can and do lead to data breaches, Shred-it can support you and your employees understand, manage and securely destroy confidential information providing a ‘Shred-it protected’ process for your people, customers and business.


10:50 - 11:30
Suite 2

A Focus on Digital Marketing and Digital Advertising: Are You Ready To Meet Your New Obligations?

Ivana Bartoletti - Head of Privacy & Data Protection | Samuel Plantié - Principal Data Protection Consultant at Gemserv

In the past months, Data Protection Authorities in Europe, and especially the Information Commissioner’s Office, have launched several ground-breaking initiatives on online advertising.

The digital advertising landscape is changing rapidly, with far-reaching consequences for organisations, advertisers and website editors alike.

In this session, we will present and discuss the practical consequences of the new and forthcoming changes, and advise on how to carry out successful campaigns in compliance with the new obligations, including the requirement to collect data from internet users, in particular around cookie consent banners.


11:10 - 11:30
Princess 2

Solving Mass Data Fragmentation

John Burrowes - Business Strategy Consultant at Iomart

Data is an enterprise’s most valuable digital resource. It should be a competitive asset, but with the introduction of GDPR, data has become a costly and risky IT management headache.Secondary data has become so fragmented across infrastructure silos and locations that it is too complex for IT to protect or locate – let alone leverage.

Learn how to identify mass data fragmentation and establish best practices across your organization for safely and cost-effectively defeating it.


11:40 - 12:10
Princess 2

The Opportunities that GDPR Investments can bring to your Business.

Christel Cao-Delebarre - Global Privacy Officer at Carlson Wagonlit Travel

We often focus on the obligations and costs of GDPR compliance. While these are very real, the time has perhaps come to envisage GDPR also as an investment for new business opportunities. From enhancing customer service to improving supplier selection, optimizing business processes and clarifying roles and responsibilities including strategizing on corporate liability and security risk profile, GDPR may also be approached as a business differentiator leading to revenue growth. In fact, EU institutions claim that companies seeking to expand in Europe will create a whopping 2.3 billion euros in revenue per year by adopting GDPR-compliant cross-border data transfer schemes.

This session looks at how to mitigate the regulatory risks while also attracting and retaining new business to eventually turn GDPR into a profit centre.


11:40 - 12:10
Royal Suite

Can Artificial Intelligence and Data Privacy co-exist?

Jaya Handa - Privacy Director at Liberty Specialty Markets

We are entering a technological revolution with artificial intelligence promising to revolutionise sectors from insurance to education to healthcare.

Companies of all sizes are embarking upon a race to build better automated systems with more precise outcomes utilising large data sets and consuming vast amounts of personal data. However, data protection and data privacy are often seen as an obstacle to this development as global privacy laws are based upon the principles of purpose limitation, data minimisation and transparency.

How can we utilise Artificial Intelligence whilst complying with data protection laws?

This session will explore these issues.

Silent Presentation

13:05 - 13:25
Windsor Lounge

Building An Effective Privacy And Data Protection Team

Rob Masson - CEO at The DPO Centre

As The Role Of The Dpo Evolves And Data Protection Considerations Become Increasingly Important To Many Business Operations, Many Organisations Are Developing New Strategies To Embed A Culture Of Data Protection Into Their Teams.

Robert Masson, Ceo Of The Dpo Centre Will Discuss Some Of The Latest Practices And Technologies Being Adopted To Address These Issues.


13:30 - 14:00
Princess 2

From Theory to Practice: Implementing Data Protection by Design in Business Processes?

Dr. David Reeve - Head of Information | Data & Analytics at Jisc

Now that the spotlight on data protection is dimming the challenge for data protection officers is embedding into an organisations processes and practices.

Dr Reeve focuses on data protection by design, a legal requirement to embed data protection at the design of new services and processes.

This paper looks at the practical examples and approaches to this new requirements


13:30 - 14:00
Royal Suite

GDPR In The Real World – The Devil in the Detail of Consent

Adrian Jolly - Cyber Security | Compliance Lead at Sports & Stadia Portfolio

The sporting world throws up a range of GDPR challenges.

From fan consents to the holding of player medical records. From working with minors through the academy structures to the interaction between clubs and their foundations. Mike Bohndiek, Managing Director at PTI Consulting – a specialist sports technology and compliance advisory group – will share insight from their client base which ranges from the Ryder Cup to Premiership Rugby clubs and a wealth of football clubs.


14:10 - 14:40
Princess 2

Data Flow and Brexit: What you need to know

Harry Boje - MSc | Chief Privacy Officer at Nesta

A brief look at what happens to flows of personal data across borders after Brexit in all scenarios (Deal or No Deal).

The issues of data protection, data flows, and a data adequacy agreement, post-Brexit, are the fundamental questions for the digital and tech sectors.

This session will look at what Businesses need to consider when transferring data outside of the UK


14:10 - 14:40
Royal Suite

Facing Facts: A Grown-up Approach To Facial Recognition

William Richmond-Coggan - Director at Freeths

New technology is frequently met with concern or even fear. In the case of facial recognition technology, some of those fears are justified.

There is the genuine prospect of automated state surveillance on a scale never before possible.But should this mean that this innovative tech should be banned, or that any users of facial recognition systems should be tarred with the same Orwellian brush?

Will Richmond-Coggan, director at Freeths and data protection specialist takes a calm and balanced look behind the alarmist headlines.


15:05 - 15:35
Princess 2

GDPR – Organisational Controls, how to make Data Protection second nature

Lesley Holmes - Data Protection Officer at MHR

A brief look at the implications of Article 32 and the organisational measures needed to ensure the appropriate level of security.

This session will look at what organisations need to consider when embedding Data Protection into the psyche of their employees day to day work.


15:05 - 15:35
Royal Suite

Opening Pandoras Box

James Oakley - Author | Marketing Strategist

Actionable strategies to significantly increase your lead generation and sales ROI from marketing campaigns in a post GDPR world.

With changes to company marketing strategies brought around by data protection, James provides expertise if you're looking to maximise return on your marketing investment in a post GDPR world. Small or large, your company will benefit from these advanced strategies in addition to learning how to prepare for future changes to the marketing and data protection relationship.

James Oakley is a serial entrepreneur, author and speaker. He leads James Oakley Media; the ROI focused Digital Marketing Agency. He is recognised as one of the leading mobile marketing strategists, and was featured on the BBC and Radio 5’s Wake up to Money.


15:40 - 16:10
Princess 2

Developing a Culture of Privacy Compliance

Ben Westwood - Associate Director, Privacy and Data Protection at IHS Markit

Developing a culture of privacy compliance is critical to the success of any modern privacy program. Businesses need to move away from the box ticking exercise and build a framework that embeds a culture of privacy across the entire organisation. But, from a practical standpoint, how can this be achieved?

This talk provides real world examples and strategies for driving cultural change within organisations.


15:40 - 16:10
Royal Suite

Pinnacles and Pitfalls: The Challenges of a New DPO Role

Tim Burnett - DPO at Sykes Cottages

After 15 years as an information security professional at a large, global consulting and outsource company with multi-national clients, I took the opportunity to move to a small but rapidly growing company with their own challenges around security and compliance and, especially, the protection of personal data.

Just under a year in, this is a review of my experience: the highs and lows; specific challenges and learning experiences, not least the challenges of international data transfers and processing.

Panel Debate

16:15 - 16:55
Royal Suite

Data Subject Rights: Risks, Controls and Finding the Balance

Christel Cao-Delebarre | William Richmond-Coggan | Prof Bryan Foss

A significant impact of GDPR’s adoption in 2018 appears to have been a step change in the public awareness of personal data as an issue, and of the existence of the wide range of rights that are conferred on data subjects by the legislation. Requests for subject access, erasure, data portability and corrections are becoming increasingly commonplace as a result. But as more and more data subjects look to exercise those rights, what are the practical implications for them and for the businesses that control their data? Can data subject rights be used to find grounds for litigation, or weaponised to put pressure on businesses as a form of activism? What is the right balance to strike?

Grappling with these questions and more, our panel of data protection experts bring a diversity of perspectives to this discussion:

Will Richmond-Coggan is a lawyer at Freeths LLP and a data protection specialist having practised in this field for over 15 years;

Bryan Foss is a Digital Non-Executive Director, Risk & Audit Chair, Visiting Professor and board readiness coach FRC. Bryan has been an independent board member for 15 years across listed, private, public sector, banking and fintech/regtech…