Chairperson’s welcome and introductions


FIRESIDE CHAT: The ICO’s view on the future of GDPR across Europe and beyond

  • What do they both see as the major challenges?
  • What is on the ICO’s agenda?
  • Brexit: implications of the UK Data Protection Bill, impact on the regulator and on the European Commission
  • What is their understanding of what each member state has been addressing?
  • What is the engagement and vision beyond Britain and arranging adequacy?
  • Are we negotiating with the right partners?
  • Will member states’ use of derogations build a two tier privacy world, for those that do, and those that don’t use the derogations to the fullest extent?
  • Can we learn from other regions and build global protections for consumers eg on cybersecurity?


Getting ready: Developing an operational road-map to embrace GDPR and develop sustainable privacy

This practical session will offer you insights from companies on how they plan to meet their accountability requirements by putting privacy at the front end.  Hear case studies of where they are now and how they plan to get to their end goal:

  • How do you prioritise –  what can be decentralised to other parts of the business?
  • Meeting accountability requirements and demonstrating compliance needs


Morning refreshments – Sponsored by IAPP


Breakout sessions

A choice of one of the following options

Operationalise GDPR and Privacy by Design: What to Automate in Your Privacy Programme

To achieve GDPR compliance, it is essential that companies embrace cross-functional collaboration between privacy, IT security, legal, and leadership teams. In this session, we will focus on the privacy programme lifecycle from initial assessments to demonstrating on-going compliance, and where automation makes practical sense. You will learn how to leverage software to automate and integrate privacy management into business processes, and how to draw the line between what to automate and what needs a human driver.

Key Takeaways:

  • How to best implement efficient and effective data handling practices in the face of the new GDPR requirements
  • Learn how to use PIAs and data maps to document and track new initiatives and demonstrate compliance
  • Practical tips for how privacy practitioners assess current practices to determine what can and cannot be automated

The New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks

  • Leveraging machine learning and AI algorithms to to defend against advanced cyber-threats
  • How new immune system technologies enable you to pre-empt emerging threats and reduce incident response time
  • How to achieve 100% visibility of your entire business including cloud, network and IoT environments
  • Why automation is critical in enabling security teams, including DPO’s, to prioritise resources and tangibly lower risk
  • Real-world examples of subtle, unknown threats that routinely bypass traditional controls

Innovative resourcing: Recruit a DPO? Grow your own DPO? Outsource to Team DPO?

  • Why appoint a DPO?
  • Demonstrating compliance with the GDPR
  • Skills, competencies and experience of the DPO?
  • What they can expect to do in their first 100 days?
  • Why training a senior manager to be the DPO could work
  • Pitfalls in recruiting someone internally?
  • Why outsourcing to Team DPO could be the workable solution you need right now?
  • What you need to look for in an outsourcing arrangement?


Winning the hearts and minds of the business to develop a culture willing to embed data protection

  • Identifying stakeholders willing to embed privacy across the business and securing buy in
  • Putting privacy at the front end
  • Engagement: Keeping your business involved and ensuring they understand its priorities
  • Training and teaching
  • How to communicate the benefits of privacy, not just the costs




Disruptor and privacy perspectives: Is privacy really necessary?

  • Is GDPR really offering you a competitive edge?
  • Is data the currency of a company or an individual?
  • Can or should  the law keep up?


Breakout sessions

A choice of one of the following options

Consent and alternative legal bases for processing data

This session will enable you to fully understand the consent framework and how you can put it into practice with examples of companies who are already using it. It will also examine alternative options to using consent as a basis for processing.

  • Clarifying the terminology around ‘consent’
  • Transferring consent to the new world: Transforming your consent framework
  • What are the alternatives to consent?
  • What commercial difference will it make to the business if you choose the alternatives?

Global differences in regulatory approaches to GDPR: Moving towards a global privacy programme

  • How is GDPR perceived outside of Europe?  How do different countries approach/view GDPR?
  • Looking ahead – what can be done by companies now?
  • What do we all have in common and can build on?
  • How do you make your privacy ‘go global’?
  • How do you reconcile working in a global company with offices in UK, Asia and / or USA?

Making the cloud and supply chain work in relation to GDPR: Negotiating contracts

Legislation is now fixed. Customers and suppliers have a level playing field. Both have a burden.  Who is accepting what contractual obligations when it comes to making the Cloud work with GDPR?

  • What issues are key for (i) processors and (ii) controllers when negotiating contracts with GDPR language?
  • Trying to negotiate with companies who don’t understand the implications that are happening. Assessing the impact of that process on your organisation
  • How to build common industry positions around statutory requirements
  • Article 28 – tips for practical implementation


Afternoon refreshments – Sponsored by IAPP


Practical considerations and impact of the proposed E-privacy Regulation

  • When will the regulation be finalised?
  • Who will be affected?
  • What does it mean from a direct marketing perspective?
  • Understanding the impact of opt-ins and cookies
  • How does the E-Privacy Regulation work alongside the GDPR and the NIS Directive?


Respecting your customers’ data


Making the most of your data and GDPR compliance: Using data to talk to your customers better

  • Leveraging data to be contributing to the bottom line
  • Engendering trust and building a reputation based on protecting your customer’s data
  • What are the opportunities for business, to make this harmonisation help us build revenue streams? What can be done now?


Chairperson’s closing comments followed by drinks and canapé reception

*Please note the agenda is subject to change

The page will be updated with further details on the agenda once they are confirmed.