Data Protection & Privacy Conference November 2019
Ian Williams Limited
Next Event - 14th Nov 2019 - Reading Football Club Conference & Events Centre, (Formally - Madejski Football Stadium), Reading (UK)
At our last event in May the ICO said the big fines were coming... and they have. Marriott & British Airways have been fined a combined £300m over GDPR data breaches involving millions of customers personal information being compromised. Businesses now more than ever need to focus on improving their own security infrastructure and all other facets of protecting personal data in line with the GDPR to avoid facing similar penalties.
It is widely reported that over half of UK businesses do not yet appear to be fully GDPR-compliant, and many have de-prioritised their compliance efforts.
What to expect from the conference:
09:05 - 09:25
Why does privacy matter? If you have nothing to hide, why should you want to keep secrets?
Is personal data (sigh) the “new oil”? As businesses move into a new maturity phase in their engagement with data protection post-GDPR, these are the sorts of large, difficult, philosophical questions that they are having to grapple with.
To help to frame the discussion and to provide some context for the forward-looking agenda for today’s conference, data protection specialist Will Richmond-Coggan provides this brief introduction to the importance of privacy, and some real world examples demonstrating the value that everyone ought to attach to their personal data.
09:25 - 09:45
We are all immersed in a world that is increasingly fuelled by data. But there is an growing disconnect between those that build, control and benefit from the technology and the individuals whose personal information sits at its heart.
Data has the power to change people’s lives, influence elections and make or break businesses. But the law is only ever going to be one of a myriad of factors influencing people’s behaviour and attitudes and the speed of technological advancement means that law will always be playing catch up.
Enforcement and big fines matter to raise awareness, punish and deter poor compliance but the harm is almost always already done and data harms are real.
How can we reframe and broaden the conversation to ensure we embed the protection of data into everything we do, retaining the human qualities and freedoms we all too often take for granted both in our professional as well as our personal lives?
09:45 - 10:05
Managing third-party vendor risk before, during and after onboarding is a continuous effort under global privacy laws and security regulations. While outsourcing operations to vendors can alleviate business challenges, managing the associated risk with manual tools like spreadsheets is complex and time consuming. To streamline this process, organizations must put procedures in place to secure sufficient vendor guarantees and effectively work together during an audit, incident – or much more.
In this session, we'll breakdown a six-step approach for automating third-party vendor risk management and explore helpful tips and real-world practical advice to automate third-party privacy and security risk programs.
10:50 - 11:10
Join Nicky Watson, Chief Architect of Syrenis, as she takes a bitesize look into the world of cookies, consent and tracking, what the new the CJEU ruling means for your business and what you need to do to become compliant.
10:50 - 11:30
New risks are emerging as businesses transform to exploit the latest advances in IT and Cloud to support greater efficiency, productivity and agility. Traditional security architectures are no longer fit for purpose.
Join Dave to discuss and debate:
How far digital transformation is forcing change to the way we manage data compliance and data protection.
Why traditional security and compliance architectures fail to cope as businesses move more of their sensitive data into the Cloud.
10:50 - 11:30
Even in our digital world, paperwork still accounts for a large proportion of information breaches, with over 28% happening as a result of employee negligence or error.
Many of our clients have document management policies in place, but can you be 100% sure that your staff members make the right choice in disposing of sensitive information every single time?
We will be discussing the hidden risks of processing paper, recycling bins, desk bins and shredders all of which can and do lead to data breaches, Shred-it can support you and your employees understand, manage and securely destroy confidential information providing a ‘Shred-it protected’ process for your people, customers and business.
10:50 - 11:30
In the past months, Data Protection Authorities in Europe, and especially the Information Commissioner’s Office, have launched several ground-breaking initiatives on online advertising.
The digital advertising landscape is changing rapidly, with far-reaching consequences for organisations, advertisers and website editors alike.
In this session, we will present and discuss the practical consequences of the new and forthcoming changes, and advise on how to carry out successful campaigns in compliance with the new obligations, including the requirement to collect data from internet users, in particular around cookie consent banners.
11:10 - 11:30
Data is an enterprise’s most valuable digital resource. It should be a competitive asset, but with the introduction of GDPR, data has become a costly and risky IT management headache.Secondary data has become so fragmented across infrastructure silos and locations that it is too complex for IT to protect or locate – let alone leverage.
Learn how to identify mass data fragmentation and establish best practices across your organization for safely and cost-effectively defeating it.
11:40 - 12:10
We often focus on the obligations and costs of GDPR compliance. While these are very real, the time has perhaps come to envisage GDPR also as an investment for new business opportunities. From enhancing customer service to improving supplier selection, optimizing business processes and clarifying roles and responsibilities including strategizing on corporate liability and security risk profile, GDPR may also be approached as a business differentiator leading to revenue growth. In fact, EU institutions claim that companies seeking to expand in Europe will create a whopping 2.3 billion euros in revenue per year by adopting GDPR-compliant cross-border data transfer schemes.
This session looks at how to mitigate the regulatory risks while also attracting and retaining new business to eventually turn GDPR into a profit centre.
11:40 - 12:10
We are entering a technological revolution with artificial intelligence promising to revolutionise sectors from insurance to education to healthcare.
Companies of all sizes are embarking upon a race to build better automated systems with more precise outcomes utilising large data sets and consuming vast amounts of personal data. However, data protection and data privacy are often seen as an obstacle to this development as global privacy laws are based upon the principles of purpose limitation, data minimisation and transparency.
How can we utilise Artificial Intelligence whilst complying with data protection laws?
This session will explore these issues.
13:05 - 13:25
As The Role Of The Dpo Evolves And Data Protection Considerations Become Increasingly Important To Many Business Operations, Many Organisations Are Developing New Strategies To Embed A Culture Of Data Protection Into Their Teams.
Robert Masson, Ceo Of The Dpo Centre Will Discuss Some Of The Latest Practices And Technologies Being Adopted To Address These Issues.
13:30 - 14:00
Now that the spotlight on data protection is dimming the challenge for data protection officers is embedding into an organisations processes and practices.
Dr Reeve focuses on data protection by design, a legal requirement to embed data protection at the design of new services and processes.
This paper looks at the practical examples and approaches to this new requirements
13:30 - 14:00
The sporting world throws up a range of GDPR challenges.
From fan consents to the holding of player medical records. From working with minors through the academy structures to the interaction between clubs and their foundations. Mike Bohndiek, Managing Director at PTI Consulting – a specialist sports technology and compliance advisory group – will share insight from their client base which ranges from the Ryder Cup to Premiership Rugby clubs and a wealth of football clubs.
14:10 - 14:40
A brief look at what happens to flows of personal data across borders after Brexit in all scenarios (Deal or No Deal).
The issues of data protection, data flows, and a data adequacy agreement, post-Brexit, are the fundamental questions for the digital and tech sectors.
This session will look at what Businesses need to consider when transferring data outside of the UK
14:10 - 14:40
New technology is frequently met with concern or even fear. In the case of facial recognition technology, some of those fears are justified.
There is the genuine prospect of automated state surveillance on a scale never before possible.But should this mean that this innovative tech should be banned, or that any users of facial recognition systems should be tarred with the same Orwellian brush?
Will Richmond-Coggan, director at Freeths and data protection specialist takes a calm and balanced look behind the alarmist headlines.
15:05 - 15:35
A brief look at the implications of Article 32 and the organisational measures needed to ensure the appropriate level of security.
This session will look at what organisations need to consider when embedding Data Protection into the psyche of their employees day to day work.
15:05 - 15:35
Actionable strategies to significantly increase your lead generation and sales ROI from marketing campaigns in a post GDPR world.
With changes to company marketing strategies brought around by data protection, James provides expertise if you're looking to maximise return on your marketing investment in a post GDPR world. Small or large, your company will benefit from these advanced strategies in addition to learning how to prepare for future changes to the marketing and data protection relationship.
James Oakley is a serial entrepreneur, author and speaker. He leads James Oakley Media; the ROI focused Digital Marketing Agency. He is recognised as one of the leading mobile marketing strategists, and was featured on the BBC and Radio 5’s Wake up to Money.
15:40 - 16:10
Developing a culture of privacy compliance is critical to the success of any modern privacy program. Businesses need to move away from the box ticking exercise and build a framework that embeds a culture of privacy across the entire organisation. But, from a practical standpoint, how can this be achieved?
This talk provides real world examples and strategies for driving cultural change within organisations.
15:40 - 16:10
After 15 years as an information security professional at a large, global consulting and outsource company with multi-national clients, I took the opportunity to move to a small but rapidly growing company with their own challenges around security and compliance and, especially, the protection of personal data.
Just under a year in, this is a review of my experience: the highs and lows; specific challenges and learning experiences, not least the challenges of international data transfers and processing.
16:15 - 16:55
A significant impact of GDPR’s adoption in 2018 appears to have been a step change in the public awareness of personal data as an issue, and of the existence of the wide range of rights that are conferred on data subjects by the legislation. Requests for subject access, erasure, data portability and corrections are becoming increasingly commonplace as a result. But as more and more data subjects look to exercise those rights, what are the practical implications for them and for the businesses that control their data? Can data subject rights be used to find grounds for litigation, or weaponised to put pressure on businesses as a form of activism? What is the right balance to strike?
Grappling with these questions and more, our panel of data protection experts bring a diversity of perspectives to this discussion:
Will Richmond-Coggan is a lawyer at Freeths LLP and a data protection specialist having practised in this field for over 15 years;
Bryan Foss is a Digital Non-Executive Director, Risk & Audit Chair, Visiting Professor and board readiness coach FRC. Bryan has been an independent board member for 15 years across listed, private, public sector, banking and fintech/regtech…