08:00

Registration

09:00

Chairperson’s welcome and introductions

09:10

Keynote: UK Data Protection

  • Where are we now and where are we headed?
  • The Data Protection Act 2018
  • GDPR 6 months post implementation

09:40

UK Data Protection in the context of Brexit

  • International considerations for data protection and cyber security
    • Cross-border data transfers
  • Global regulatory landscape at a glance
    • Corporate impact and top line mitigation strategies
  • Nirvana Farhadi Global Head, Financial Services RegTech, Risk & Regulatory Compliance Affairs, Hitachi
  • JP Buckley Partner, Shoosmiths LLP

10:40

Morning break

11:10

Breakout sessions

A choice of one of the following options

Breakout option 1: Data Protection 1

  • A deep dive: the prosecutions to date and enforcement. What went wrong and why?
  • Maintaining enthusiasm, ongoing compliance and accountability
  • What are the pressures on people whilst conducting normal business?
    •  Operational challenges
    • Pressure from management
    • The grey areas
  • Claire Robson LLM Head of Governance Legal and Compliance, Great Ormond Street Hospital Children’s Charity
  • Yukiko Lorenzo Senior Managing Counsel Privacy and Data Protection, Mastercard
  • Helen Woollett Group Compliance Counsel & Data Protection Officer, The Body Shop

Breakout option 2: Cyber 1

How to avoid, prevent, and protect against cyber crime

 

Culture and insider risk

  • Culture and behaviour, accidents and collusion
  • Pre-breach

Cyber resilience

  • Post-breach strategies
  • How and when to act

Nation state attacks

  • Has their rationale changed (from theft to disruption)

Communications to the market

  • Is there “data breach” fatigue and how should a corporate respond taking into account legal and reputation requirements

Proliferation of “hacking as a service” and their availability

  • How does this affect corporates

Breakout option 3: Marketing and technology 1

  • Making sales and marketing work in a GDPR-compliant organisation
  • Challenges and pitfalls
  • Use of social media
    • New campaigns
  • Consent practicalities
    • Consent refresh
    • How long does consent last?
  • Consent management
    • Tracking
    • Monitoring
    • Do your customers really understand?

12:10

Lunch

13:10

Interactive 1

Data Protection Impact Assessments

  • Ian Evans Managing Director, EMEA, OneTrust
  • Claire Robson LLM Head of Governance Legal and Compliance, Great Ormond Street Hospital Children’s Charity

13:10

The international scene

How to take the GDPR programme to non-GDPR countries?

  • How do you protect your customers?
  • What is the reputational risk?
  • How do you manage the compliance in a non-GDPR country?
  • How do those countries do business with us?
  • What are proportional frameworks and how do you develop in a risk-based way?

Considerations post-Brexit

  • What will exit from the EU mean for UK data controllers?
  • What might adequacy look like?
  • Helen Woollett Group Compliance Counsel & Data Protection Officer, The Body Shop
  • Andrew Cox Head of Data Privacy, SNC-Lavalin

14:10

Breakout sessions

A choice of one of the following options

Breakout option 4: Data Protection 2

Incoming regulations and the privacy pipeline

  • ePrivacy
  • PECR

What does the Data Protection Act mean for me?

Breakout option 5: Cyber 2

The Cyber ecosystem

  • What are the forces at work that influence your security’s design?
  • What are the real threats?

How is risk developing?

  • Considerations for the future

Breakout option 6: Marketing and technology 2

What are the maturing capabilities of the available technologies?

Do you have the necessary tools and understanding?

  • Does everyone need to be an expert to be compliant?

14:40

Afternoon break

15:10

Interactive 2

Breach notifications and incidence response strategies

  • Catie Sheret General Counsel and Company Secretary , Cambridge University Press
  • Natalie Salunke Vice President & Head of Legal – Europe, FLEETCOR Technologies Inc.

16:10

How are roles within organisations changing to meet new data protection needs and cyber security threats?

A day in the life of a CISO and CDPO

  • The importance of collaboration,
  • Digital growth and what this means to a CDPO and CISO

Perspective is everything

  • Conflicting security understanding and needs
  • DP and Cyber as business enablers, not prevention

Working with your CEO & Board

  • Governance, DP and Cyber Security
  • Steve Wright Data Protection & Information Security Officer, John Lewis Partnership
  • Evie Kyriakides Chief Data Protection Officer and Global Digital, Privacy and Security, Associate General Counsel , Mars Incorporated
  • Catie Sheret General Counsel and Company Secretary , Cambridge University Press

16:50

Emerging tech, AI, and its role in DP & Cyber

Emerging tech, AI, and its role in DP & Cyber

Outcome-based regulation

Innovation in cyber security; supporting the UK’s cyber agenda

17:30

Chairperson’s closing comments followed by drinks and canapé reception

*Please note the agenda is subject to change

The page will be updated with further details on the agenda once they are confirmed.