Next Event - 16th May 2019 - Madejski Football Stadium, Reading

GDPR 1 Year On – Has your organisation done enough?

4 Track Conference - IT, Marketing, Security & HR

Europe is now covered by the world's strongest data protection rules. The mutually agreed General Data Protection Regulation (GDPR) came into force on May 25, 2018, and was designed to modernise laws that protect the personal information of individuals. Companies covered by the GDPR are accountable for their handling of people's personal information. This can include having data protection policies, data protection impact assessments and having relevant documents on how data is processed. One of the biggest, and most talked about, elements of the GDPR has been the ability for regulators to fine businesses that don't comply with it. If an organisation doesn't process an individual's data in the correct way, it can be fined. If it requires and doesn't have a data protection officer, it can be fined. If there's a security breach, it can be fined. In the UK, these monetary penalties will be decided upon by Denham's office and the GDPR states smaller offences could result in fines of up to €10 million or two per cent of a firm's global turnover (whichever is greater). Those with more serious consequences can have fines of up to €20 million or four per cent of a firm's global turnover (whichever is greater). These are larger than the £500,000 penalty the ICO could previously issue.

Next Event - 16th May 2019 - Madejski Football Stadium​

Use the below buttons/tags to filter the sessions that are of interest to you


Princess Main

Welcome to the Data Protection & Privacy Conference

John Morton - CEO at Computers Processes and Management

John is a senior Enterprise IT Executive with 20 years successful leadership in steering and re-envisioning organisations to exploit data and technology to increase competitive advantage, maximize revenue, align to business strategy and inhibit competition. A proven C-Level and industry influencer, successfully leading from the front with a hands on approach who has delivered large scale technology adoption and IT programmes, both internal and customer facing. Experienced at creating empowered teams, locally and globally, to deliver innovative, high quality engineered solutions efficiently. Creating strategies, architectures and operable systems to meet business outcomes across a range of industries.

Opening Keynote

09:00 - 09:30
Princess Main

What’s next? A year after the GDPR came in, where are we going with data protection?

William Richmond-Coggan - Director at Freeths

With everything else that’s going on, it is easy to imagine that GDPR and data protection were last year’s problems. But as regulatory decisions start to come through, with the UK’s evolving relationship with Europe and with further reform around the corner, there is still a lot to think about when it comes to data privacy rights and obligations. ExecLN regular Will Richmond-Coggan will take the audience through the high (and low) points of data protection compliance now that the GDPR has had a chance to bed in.

Opening Keynote

09:30 - 10:00

Incident And Breach Management: Building A Harmonized Response Plan For Privacy & Security Teams

Ian Evans - Managing Director EMEA at OneTrust

In this session, we’ll discuss how to build a harmonized response plan that addresses both the security team’s technical needs and privacy team’s regulatory requirements across the patchwork of US privacy laws, the GDPR and other global privacy regulations. We’ll also provide tips to help you map out a 72-hour personal data breach action plan.

Opening Keynote

10:00 - 10:30

Privacy by Design and Default, what’s not to like?

Christine  Andrews - Managing Director at DQM GRC

The GDPR/DPA 2018 have been with us for nearly a year. Many companies rushed to introduce new privacy notices and policies, Article 30 Records of Processing and mandatory employee training. Yet, how many truly embraced or even understood the concepts of Privacy by design and default?

Christine Andrews examines how companies should approach this important aspect of the accountability principle and how to implement a successful privacy by design and default culture and programme."


11:15 - 11:45

The view from the front line; embedding GDPR into our business

Antony Merriman - Performance Insight and Data Science Manager at Local Heroes

One year on, reflections on how we embedded GDPR into our BAU business culture. Practical tips on what worked, what didn’t, and our biggest areas of concern going forward. From the point of view of the ‘GDPR lead person / Privacy champion’ in either an agile startup SME and/or a business unit in a FTSE 100 company (we are a bit of both!)


11:15 - 12:15

How prepared are you if a data breach hits your business?

Dominic Cockram & Mark Whitehead from Deloitte

Through an engaging simulation we will consider how to prepare for and respond to a data breach. We will provide an overview of cyber crises, using recent case studies to highlight the impact of these events. With a specific focus on the customer impact of a breach given GDPR requirements, Deloitte speakers will draw on their extensive experience to cover the operational and reputational elements that all organisations need to think about to ensure they are prepared to respond swiftly and effectively to data breach incidents.


11:15 - 11:45

Data Protection & Marketing

Tarun Samtani - DPO at Boden

Marketing and Data Protection do not generally go along hand in hand because Marketing want to exploit the data as much as possible which is contradictory to Data Protection principles.

This session will discuss more on the marketing practices that really cause concern for most businesses and tips on what to watch out for when looking at your marketing strategies. How to enable Marketing teams to stay within the law and how to build that culture of privacy into Marketing.

A) Examples of marketing that can be controversial

B) How to build a culture of privacy.

C) Tips to improve marketing practices.


11:15 - 11:45

Using Data Protection compliance as a competitive advantage

Christoffer Valenta - Head of Legal at FutureLearn

Want to hear how a business can be positively impacted when Data Protection compliance is put in the front seat? FutureLearn has used Data Protection compliance to drive user trust, customer relationships and the role of Legal & Compliance within the business. This talk will touch upon how Futurelearn has achieved this and the challenges involved.


11:50 - 12:20

A CISOs view of Cloud and why it will revolutionize the security stack

Neil Thacker - CISO (EMEA) at Netskope

The Cloud has been a significant disruptor to businesses around the world. The ongoing digital transformation of businesses has led to many choosing a Cloud-first strategy that has resulted in security teams needing to review and adapt their controls to move closer to the Cloud. With SaaS, PaaS and IaaS now becoming the new normal for service offerings, what does this mean for the current security stack and how will security architectures change over the next few years.

This talk will highlight the current activities and mindset of a practising CISO who is building a Cloud-first strategy now and for a Cloud-only future and focus on:

  • Visibility into cloud services while assessing new risks
  • Securing data at rest and in-motion within cloud services
  • Meeting compliance and governance requirements with a Cloud-first strategy


11:50 - 12:20

Consent Management under GDPR

Francesco Gianferrari Pini - CEO at Blindata

Art. 7 says that

"The controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data."

Moreover, in the guidelines on consent WP 29 underlines: "

The GDPR clearly outlines the explicit obligation of the controller to demonstrate a data subject's consent. The burden of proof will be on the controller, according to Article 7(1).

In this session we will see how to easily record consents leveraging the Blockchain.


11:50 - 12:20

The cookie crumbles: Why data privacy means the end of the advertising cookie

Tim Flagg - Speaker at Advantagious

The tracking cookies that advertisers rely upon today, will not be available tomorrow. Forthcoming data privacy regulation and tracking prevention by tech giants such as Apple, mean that 3rd party advertising cookies will be blocked. What does this mean for the advertising industry, how are they preparing and will they still be able to deliver targeted advertising without cookies?


11:50 - 12:20

Keeping Ahead of Information Governance

Keith Vallance - Keeping Ahead of Information Governance at Boldon James

Information governance can sometimes seem like an impossible task. Developing the right strategy and approach is key in finding the best channels by which to assess risk. Join Martin to uncover answers to your pressing questions, including: how to gain visibility into high-risk areas, what controls should be in place to protect the company’s information assets adequately and what policies do you have in place, and how should you enforce and measure those policies?


11:50 - 12:20

HR GDPR? AAA (Ask Anything Anonymously)

William Richmond-Coggan - Director at Freeths

From the information that you have to draw to the attention of candidates at the start of a recruitment process, to the identification of suitable retention periods for the data you hold and dealing with data subject access requests from bad leavers, HR is an area that is full of data privacy potholes. Leave your name badges at the door and join this session to ask our GDPR legal expert all of those tricky questions you really need to know the answer to, but have been too afraid to ask.

To submit a question email

Silent Presentation

13:00 - 13:20
Windsor Lounge

The Role of the Data Protection Officer - One year on

Rob Masson - Founder & CEO at The DPO Centre

  • How has the role of the DPO been defined to date?
  • Why is it changing and how?
  • What new and additional skills are DPOs needing to develop?
  • Where will the role lead and how can DPOs truly help organisations to gain competitive advantage?
  • Is there a role beyond compliance?

Rob will discuss these questions with illustrations from the DPO Centre’s experience in providing outsourced DPOs to more than 250 organisations in a wide variety of sectors.


13:35 - 14:05

GDPR  - One Year On

James Hayward - Information Commissioners Office

It is one year since the implementation of GDPR. This keynote address will present a summary of the Information Commissioner’s work in the past twelve months, share the most up to date advice and take a look ahead to the future.

  • One year of GDPR – a summary of the year in data protection
  • Compliance with data protection – what’s going wrong and what are the success stories?
  • Recent enforcement case studies
  • The ICO’s most up to date policy advice
  • E-privacy and the future of data protection
  • Questions from the audience


14:10 - 14:40

Solving Mass Data Fragmentation

Stuart Gilks - Cohesity Systems Engineering Manager at Iomart

Data is an enterprise’s most valuable digital resource. It should be a competitive asset, but with the introduction of GDPR, data has become a costly and risky IT management headache.

Secondary data has become so fragmented across infrastructure silos and locations that it is too complex for IT to protect or locate – let alone leverage. Learn how to identify mass data fragmentation and establish best practices across your organization for safely and cost-effectively defeating it.


14:10 - 14:40

GDPR & ePrivacy – A holistic view, designing data protection and compliance to be a future proof business enabler.

Nicky  Watson - Chief Architect at Syrenis

Covering GDPR, ePrivacy, marketing and technology. In this session we will cover some simple steps to help promote the understanding of data protection within different areas of your organisation, highlighting the benefits it can bring to each business unit. We will also look at how data protection can be utilised to be a competitive advantage and what you need to plan for in the coming years as Nicky gazes into her famous crystal ball!

There’ll be some fun but informative interactions plus 6 lucky winners will walk away at the end of the talk with ‘Rocket Wave Notebooks’ and pens.


14:10 - 14:40

The implications of Brexit and GDPR

Yasmin Hinds - Risk and Regulatory SME at Sopra Steria

  • What will it mean to have a Brexit Deal or No Deal?
  • How easy will it be for UK businesses to adhere to data regulations from outside the EU?
  • With the disruption of Brexit can and will businesses continue trading across the EU in the same way?


14:10 - 14:40

Embedding a privacy and ethics by design approach into your digital transformation journey

Raminta Šulskutė - Data Protection Consultant & Edward Williams - Head of Digital Transformation at Gemserv

Organisations are increasing engaging in digital transformation. Through the process of digitalisation, the deployment of new systems and processes - such as new CRM and HR systems, new apps and customer interfaces or the deployment of machine-learning algorithms are increasingly helping companies to achieve their operations in more efficiency ways. However, these systems will have to be assessed from the perspective of data protection by design and default, which will involve examining the design of interfaces, ensuring the accuracy and limitation of scope in data collection and usage, and supporting security features around systems. One year after GDPR, this presentation aims to ensure organisations build on their compliance journeys and continue their privacy journey.


15:05 - 15:35

Data Ethics beyond Legal Compliance ensuring Customer Centricity - Let's get it right for your customers and organisation

Dan Cope - Vice Chairman & Young Professionals Group Lead at BCS

  • What’s the difference between data protection compliance and data ethics?
  • Who is responsible for ethical decision making: organisations, politicians, consumers, society at large, does events such Brexit have a part to play?
  • How is data ethics applied in practice?
  • What is the ROI?
  • What trends are emerging globally in how people and businesses are thinking about data ethics?


15:05 - 15:35

Accountability under GDPR – beyond theory

Ben Westwood  - Associate Director, Privacy & Data Protection at IHS Markit

12 months’ on from May 2018 and many businesses are still grappling with how to approach “accountability”. Ben’s presentation draws upon his experience, spanning a decade, where he was responsible for building, managing and maintaining accountability frameworks. The session will set the stage on regulatory expectations, before providing real world examples of successful strategies and methodologies all business can consider within their accountability frameworks.


15:05 - 15:35

How the RSPCA are using GDPR to build confidence in our brand through a supporter optimized Privacy Policy  

Adam Moore - Marketing Projects Manager at RSPCA & David Cole - Managing Director at fastmap

In this session the RSPCA and fastmap will take you through their Privacy By Design approach which involves supporters in the creation of a Privacy Policy. The RSPCA want to put supporters at the centre of all communications both by choice to build long-term, effective relationships and to comply with GDPR which focuses on the data subject. We will explain how fastmap research is informing the RSPCA’s development of a Privacy Policy that delivers in four areas; comprehension; confidence in the RSPCA’s handling of personal data; reflecting the society’s brand values and contribution to a Net Promoter Score.


15:05 - 15:35

The HR Department – One Year On

Pulina Whitaker  - Partner at Morgan, Lewis & Bockius LLP

For HR departments, the GDPR demanded significant additional tasks: preparing employee privacy notices, ensuring policies included updated rights of access and deletion of data as well as rights of restriction and objecting to data processing and implementing these data subject rights which can often be time consuming and burdensome. One year on, now the dust has settled, Pulina will discuss some of the most challenging issues for the HR department when trying to meet the compliance requirements, whilst keeping employees informed and engaged.


15:40 - 16:10

The impact of GDPR on marketing

John Mitchison - Director OF Policy and Compliance at DMA

Discussing how new data laws have changed the way marketers engage customers, how they use data and the channels they utilise. Including the latest insight from the DMA's industry benchmarking reports, Customer engagement series and Data privacy tracker.


15:40 - 16:10

Data Protection & Cyber Investment - getting the Board to say 'Yes'.

Chris Procter - Group DPO at Whitbread group (outgoing)

All too often Data Protection professionals know little about Information Security and Information Security professionals know little about Data Protection, yet the 2 are extremely complementary. This presentation highlights the information security essentials for effective data protection and the advantages for InfoSec colleagues in really understanding what DP is all about. Importantly it sets out the key areas for collaboration which will motivate the Board to say 'yes' to investment.


16:15 - 16:45

Any Questions Answered / Interactive Session

Multiple Speakers

Do you have a burning question that you can't seem to get a straight answer to?

3 of our experts will take their seats for a ‘no holds barred’ interactive Q & A session. You can submit your questions via email before 2pm on the day before the event or ask live during the session.