Vivienne Artz – Conference Chair

Chief Privacy Officer, Refinitiv

Vivienne Artz joined Refinitiv (formerly the financial and risk business of Thomson Reuters) as the Chief Privacy Officer in November 2017, based in London, leading the global Privacy Team and overseeing global privacy strategy and practice at Thomson Reuters.

Previously, Vivienne was a Managing Director and Global Head of Privacy Legal and Head of International for the Intellectual Property and Technology Law Group at Citi in the General Counsel’s Office in London. Prior to joining Citi in 2000, Vivienne worked in private practice in London.

Vivienne chairs the International Regulatory Strategy Group Data Working Group and sits on the European Advisory Board of the International Association of Privacy Professionals (IAPP).  Until recently, Vivienne was the chair of the AFME Data Protection Working Group, engaged in the UK Finance Data Protection Working Group, and co-chair of the IAPP Knowledge Net for the United Kingdom.

Vivienne is the current President of Women in Banking and Finance, having been awarded the “Champion for Women” Award at the Women in Banking and Finance Awards for Achievement 2016.  Vivienne has many years of experience leading a broad range of diversity initiatives and groups both within firms and across sectors.

Kevin Adams

Deputy Director, DCMS

Kevin Adams joined the Department for Digital, Culture, Media and Sport in September 2018 as the Deputy Director for Domestic Data Protection.  For the last four years he was in the British Embassy in Washington DC working on homeland security and justice issues.

Kevin joined the Foreign Office in 2002 and performed roles in London, Basra and Lisbon.  In 2010 he joined the Office for Security and Counter-Terrorism in the Home Office.

Charlotte Branfield

Global Head of Information Security Internal Standards & Cyber Advocacy, Citi

Charlotte is Citi’s Global Head of Information Security Internal Standards & Cyber Advocacy, with overall responsibilities for the life-cycle of Citi’s internal Information Security standards and policies, and a global, cross-franchise external engagement program to strengthen and develop Citi’s relationships with the public sector and industry partners. In this role she is also responsible for partnering with teams across Citi to support their understanding of cyber and data protection public policy, legislation and regulation, future trends and political developments.

Charlotte joined Citi in 2015. Prior to joining Citi, she had roles working with government partners within the retail and financial crime public policy teams of UK Finance, and in International Strategy at TheCityUK.

Mark Harrison

Consultant, Pen Test Partners

Mark has over 12 years of security experience, he has consulted to the largest banks in the world, helped customers respond to major cyber attacks and orchestrated global red team attacks against highly sensitive organisations. Mark is also well known for speaking around the world discussing topics from IoT to Banking and Automotive to Marine Security. Mark’s talks are well received as he keeps them as interactive as possible, if the audience isn’t witnessing a demonstration they are part of the demonstration. Mark has talked at large global events such as the US Chamber of Commerce’s Cyber Senate, the American Petroleum Institute (API) and International Association of Oil & Gas Producers (IOGP) annual conference, InfoSecurity Europe and industry specific events such as PCI, finance, technology, IoT and automotive.

Matthew Steel

Vice President, Information Security, Refinitiv

Matthew Steel is a the VP and Head of Customer Assurance at Refinitiv.  Matt has been at Refinitiv / Thomson Reuters for 5 years where he was the Head BISO for the Financial and Risk Business Unit.  Prior to joining Refinitiv, Matt worked at Morgan Stanley for 15 years where he was the European Head of Information and IT Security.  Matt is passionate about keeping firms secure and driving positive transformation within organisations and has led and been involved in numerous data leakage prevention and regulatory driven programmes.  Outside of work, Matt has three children and is married to Caroline.

Adam Green

Chief Risk Officer, Equiniti Group plc

Adam Green joined the Group as the Chief Risk Officer in 2015, working as part of the Group Executive Leadership Team. He has a wide range of experience in financial services, risk management, technology, data protection, regulation and business change. Adam was previously interim head of UK Compliance for Bupa and prior to that managed a core transition workstream at the Financial Services Authority as they established the Financial Conduct Authority and Prudential Regulatory Authority. He has also worked at PriceWaterhouseCoopers helping boards, management teams and change programmes to deliver complex risk and regulatory requirements, which followed his time as a major groups regulator at the Financial Services Authority.

John Bowman

Senior Principal, Promontory

John is a senior principal in Promontory’s privacy and data protection team. John advises clients on all aspects of compliance with data protection laws and regulations. Prior to joining Promontory, John worked at the U.K. Ministry of Justice where he was the government’s lead negotiator on the EU General Data Protection Regulation. This work involved leading the U.K. delegation to the Council of the European Union’s DAPIX expert working group in Brussels, developing the government’s policy position on the GDPR, engaging with a wide range of stakeholders and advocates, and regularly briefing ministers.

John also represented the U.K. at the European Commission’s Article 31 Committee, which was responsible for determining the adequacy of non-EU data-protection regimes. He earlier represented the U.K. government in negotiations on reviewing The Hague Conventions on International Child Abduction and led the government’s outreach to domestic Muslim communities on issues related to family law. John also carried out a comprehensive review of the U.K.’s claims management regulatory regime for the Ministry of Justice.

Jak Bowtell

Senior Information Governance Officer, London Borough of Lambeth

Jak is a senior information governance officer at the London Borough of Lambeth, specialising in data protection and information law. He helps oversee information governance across the Council, and more recently has started to work with schools in the Borough and the NHS, promoting best practice and providing advice. He has experience in the private and public sectors and is currently a postgraduate researcher in Law at the University of London. He is a keen classical pianist and enjoys language learning and spending time with his dogs, Max and Lucy.

Paul Breitbarth

Director of Strategic Research and Regulator Outreach, Nymity

Paul Breitbarth joined Nymity in 2016 to support our EU operations. Based at Nymity’s office in The Hague, the Netherlands, Paul maintains the relations with regulators and key customers across Europe. He is also Senior Visiting Fellow at Maastricht University’s European Centre for Privacy and Cybersecurity. Before joining Nymity, Paul served as senior international officer at the Dutch Data Protection Authority.

He was an active member of various Article 29 Working Party subgroups, co-authoring a large number of opinions, including on the data protection reform, surveillance and the Privacy Shield. Paul holds a Master of Laws from Maastricht University in the Netherlands.

Peter Brown

Acting Head of Technology Policy, Information Commissioner’s Office

Peter contributes to the development and delivery of technical and information security expertise at the ICO. His role involves monitoring and researching the technological environment for new and emerging developments that may impact on information rights, providing technical advice and guidance to the ICO (particularly on technology, data breach investigations and complaints received), and producing specialist guidance at UK and European levels.

Prior to joining the ICO, Peter was responsible for information technology and network security at a specialist consultancy. He was responsible for implementing the company’s data protection policy and procedures as part of its involvement in European projects.

Egil Bergenlind

CEO, DPOrganizer

Egil Bergenlind is an award-winning data protection specialist, and the CEO and founder of DPOrganizer.

Egil has extensive experience from the data protection field. He was previously data protection officer at iZettle and data protection lawyer at Bird & Bird and is a highly appreciated speaker. Egil holds an LL.M from Uppsala University and won the award ‘Legal Innovator of the Year’ in 2016.

DPOrganizer helps business and organisations grow, and live, with GDPR. The software helps businesses map, visualize, and manage their processing of personal data in the long term. DPOrganizer is headquartered in Stockholm, with customers in 17 countries across 4 continents.


JP Buckley

Partner, Shoosmiths LLP

JP is a Partner and heads the Privacy, Data & Cyber Group at national law firm Shoosmiths LLP.

With a close understanding of the regulators’ agenda, he handles a wide range of information law work including data protection, cybersecurity, e-commerce, direct marketing, data subject access and freedom of information. In recent years he has helped a wide range of clients, including multi-national retailers, financial services institutions, and major operators in the technology, automotive, transport and airline sectors successfully audit, plan for and execute strategies to comply with relevant data laws, wherever in the world they operate.

This experience and depth of insight across multiple industries, makes him a sought-after adviser for Boards on issues including data loss prevention, cybersecurity risk assessment and audits, global data transfers, and detailed incident response planning.

A skilled and calm communicator, he advises widely on preventative strategies and the practical actions companies can take to strengthen their operational processes (particularly cross-border), as well as advising on the right steps to take in the event of a data breach or cyber attack.

JP joined Shoosmiths in May 2017, having spent over 14 years at DLA Piper.

Andrew Cox

Head of Data Privacy, SNC-Lavalin

Andrew is the Head of Data Privacy and DPO for SNC-Lavalin, a global fully integrated professional services and project management company whose 50,000 employees deliver work to clients across oil and gas, mining and metallurgy, infrastructure, clean power, nuclear and EDPM (engineering design and project management).

Andrew is responsible for developing and executing the Data Privacy Compliance strategy and advising on international data privacy compliance across the SNC-Lavalin Group. Andrew has spent his career to date working on Data Privacy and Protection across direct marketing, telecoms, technology, project management and engineering sectors.

Simon Enoch

, Non-Executive Director and Solicitor

Simon Enoch, 59, is a solicitor and a former company secretary with nearly 30 years’ experience of Corporate issues including joint ventures, M&A and  high profile corporate public relations in many European jurisdictions, the US, Japan and Australia for a number of International Companies including Kingfisher. He qualified as a solicitor in 1988

He is now a non-executive director and mentor to a number of IT companies and is a member of the Exeter University Audit Committee.

Ian Evans

Managing Director, EMEA, OneTrust

Ian Evans serves as Managing Director for EMEA at OneTrust, a global leader in privacy management software which helps organizations operationalize data privacy compliance and Privacy by Design. Evans is a diversified senior executive with deep experience in data privacy and CRM technology applications and services. He brings over 20 years of software industry experience to OneTrust as well as 10 years in direct and channel sales. In his role, Evans supports thousands of global brands across the European, Middle Eastern, and African regions, leading the delivery of technology solutions to secure and privatize customer and employee personal information ahead of impending privacy regulations. Prior to OneTrust, Evans served as Vice President and Managing Director for EMEA at AirWatch (acq. by VMware in 2014 for $1.54B). AirWatch now serves more than 20,000 global customers and is recognized as the undisputed market leader in enterprise mobility management.

Nirvana Farhadi

Global Head, Financial Services RegTech, Risk & Regulatory Compliance Affairs, Hitachi

As the Global Head, Financial Services RegTech, Risk & Regulatory Compliance Affairs, for Hitachi, Nirvana is the business owner and strategic leader for Hitachi’s Financial Services RegTech business. A thought leader and pioneer in the Financial Services RegTech sector, she is a global compliance, operations and risk expert across multiple FS sector Regs and jurisdictions.

Rowenna Fielding

Data Protection Lead, Protecture

Rowenna is a self-confessed privacy nerd and Information Governance geek who began her data protection career by coming out of the IT server room and taking an interest in information security, before broadening her horizons to include the other data protection principles as well.

Rowenna is the Senior Data Protection Lead for Protecture ( during the day, but due to being hugely enthusiastic about data protection; is also on the executive committee of the National Association of Data Protection and Freedom of Information Officers (NADPO) as well as being a member of a variety of professional associations related to privacy, information security and records management in her spare time. Rowenna holds the ISEB Certificate in Data Protection and the IDM GDPR Award. She can be found on Twitter as @MissIG_Geek

Anastasia Fowle

Partner, Shoosmiths LLP

Anastasia is a Partner and joint head of the Privacy, Data & Cyber Group at national law firm Shoosmiths LLP.

A specialist in data protection compliance, she advises on all aspects of privacy law, with particular focus on complex marketing strategies, supply chain management and rapid response on breach and security issues. Anastasia has sector expertise in transport/automotive, retail/leisure and motorsport.

Anastasia’s broad experience of private practice and general counsel in house roles, gives her a refreshing ‘both sides of the fence’ perspective that enables her to cut through to commercial realities. Having sat on the Executive Committee Board for an F1 team, she has an acute understanding of the importance of delivering pragmatic, solution driven and commercially sensible advice.

In addition to advising on complex data protection issues she has a full hinterland of non-contentious and contentious experience including IP, commercial agreements, corporate transactions, digital media, commercial/corporate strategy (domestic and international), brand and reputation management, advertising and marketing strategies, cross border litigation and has initiated and conducted proceedings before the High Court, OHIM, FIA International Court of Appeal, UK Trade Mark Office and Nominet.

Anastasia qualified as a solicitor in 2000, working at US law firm Dorsey & Whitney (London) until her move to Shoosmiths in 2009.

Robert Gillis

Senior Legal Counsel: IP Technology and Data Protection, Citi

Senior counsel specialising in data protection, digital and mobile customer technologies, cloud applications and infrastructure; Co-managing GDPR implementation in the EU/EEA, Switzerland and Jersey and key advisor on extra-territorial implementation for the retail bank and Citi Private Bank in NAM/LATAM and APAC; Support on vendor agreements for the a wide range of business, technology and data services and products including indices and data licensing
FinTech and Citi Labs R&D regional legal SME. Support in commercial agreement issues (including advice and strategy for service termination). Legal lead on change delivery and global implementation of electronic signatures and documents. Advice on compliance and transaction reporting, assessing risks and safeguarding the institution’s adherence to the regulatory framework. Assisting index licensing and market data negotiations and agreements for the securities bank globally.
Contributor to AFME, UK Finance (Blockchain) and other industry forums and supporting global government affairs in relation to legislative and policy content and impact.

Matt Ginn

Head of information Governance/Data Protection Officer, London Borough of Lambeth

Matt is an experienced Information & corporate governance lawyer predominantly in the public sector. He is currently a DPO and Head of Service of a growing Information Governance Team.

  • Having implemented information governance systems and processes at  several public authorities, he has many years experience in :
  • The challenges and demands of compliance with Information Law, Data Leakage,  Encryption, Strategy, Data Protection, Privacy,  Fraud,  Security issues and third party risks.
  • Advising in relation to security breach management and action taken or proposed by the Information Commissioner or individuals in relation to alleged infringement of relevant legislation
  • Assisting on the specific data protection aspects of clients’ corporate and commercial transactions such as corporate due diligence, transitional services agreements and outsourcing
  • He also has many years experience dealing with and advising on complex legal, regulatory and contractual requirements.

He comes from a long line of lawyers , his great grandfather having been a solicitor in the late 19 century ! In his spare time he enjoys collecting and restoring Georgian and William lV furniture.


Yukiko Lorenzo

Senior Managing Counsel Privacy and Data Protection, Mastercard

Yukiko Lorenzo is Senior Counsel, Privacy and Data Protection at Mastercard. She is responsible for privacy matters related to Mastercard’s Processing Business in all regions and other business lines. Prior to joining Mastercard, Yukiko worked as privacy counsel for a global bank in London, director for international business planning at an international credit reference agency in Chicago and policy analyst for law firms in Washington, D.C. Yukiko is qualified as a solicitor in England and Wales.

Sherif Malak

Partner, Shoosmiths LLP

Sherif is a Partner in the Privacy, Data & Cyber Group at national law firm Shoosmiths LLP.

Regarded as the ‘legal guru’ in direct marketing and e-Privacy, Sherif regularly advises major corporates on their marketing strategies and tactics in the light of enhanced privacy regulation, devising effective and compliant ways to navigate access to worldwide markets, incorporating e-commerce, social media and digital marketing channels. Clients pay testament to his ability to identify and navigate pathways that deliver robust compliance for customer data, whilst respecting the distinctive ethos of their brand to its customers.


Sherif’s background is eight years as a specialist privacy, publishing and digital media lawyer, with an intricate knowledge of UK and international consumer rights law as well as practical experience of scaling up creative concepts to tap global markets. His experience includes drafting data-centric technology agreements including in relation to AdTech, IoT, APIs, social and mobile, advising on legal compliance issues in relation to Pottermore (the digital home of the Harry Potter books) and drafting and negotiating website and App development agreements. This background gives him a strong practical context for advising business on their data, in that he brings an understanding of the commercial end game.

He delivers legal briefings for clients and the industry, including the Direct Marketing Association, and has lectured on publishing law to masters students at University College London. He is a member of the Society for Computers & Law and recent work includes handling a data security breach for a high street and e-commerce retailer.

Sherif trained with a US firm in London between 2007 and 2009. He moved to boutique publishing and digital media specialists Laurence Kaye Solicitors in 2010 before joining Shoosmiths in 2013.

Richard Merrygold

Director of Group Data Protection, Homeserve

An experienced Data Protection practitioner, Richard has spent the last 9 years working across healthcare, pharmaceutical, technology and financial service sectors. A firm believer in engaging on an operational level in addition to key stakeholders in Compliance and Legal he takes pride in building sustainable privacy frameworks, providing real-world, workable solutions to a wide range of privacy related challenges.

Richard is currently Group Director of Data Protection and DPO for HomeServe plc and is responsible for privacy compliance across the UK and European businesses, he is also a regular speaker and commentator on data protection and privacy matters.

Roxanne Morison

Head of Digital Policy, CBI

Roxanne leads the CBI’s work on digital & technology policy and is responsible for lobbying and policy development across the UK & Brussels on issues from data, to cyber security and internet regulation. Roxanne is the author of numerous technology reports and works with businesses, civil servants and senior government officials to support the UK’s digital economy. Previously Roxanne worked on SME and scale-up policy and has a degree in Politics, Psychology & Sociology from the University of Cambridge.

Claire Robson LLM

Head of Governance Legal and Compliance, Great Ormond Street Hospital Children’s Charity

Claire Robson has worked for Great Ormond Street Hospital Children’s Charity since February 2016.  Claire acts as the Charity’s Data Protection Officer and is their appointed Head of Governance, Legal and Compliance.  Prior to that she spent eleven years in the Health Sector specialising in Information Governance.  Originally starting her career as a Company Secretary, qualifying with the ICSA in 2003, Claire first started specialising in Data Protection around 2000, implementing the Data Protection Act 1998.  She completed a specialist masters degree in Information Rights Law and Practice in 2008 and has qualifications in Computer Forensics and Information Security.  In December 2010, Claire had a Case Study Article published called “FOI Requests at an NHS Trust” in PDP’s Freedom of Information Journal.  In June 2017, Claire successfully completed the ICSA Charity Law and Governance Certificate.   Claire has wide and extensive knowledge within the field of information management and is leading GOSH Charity in their Governance and data protection programme.

Natalie Salunke

Vice President & Head of Legal – Europe, FLEETCOR Technologies Inc.

Natalie is the Head of Legal for Fleetcor, a global provider of specialised payment products and services to commercial fleets, major oil companies and petroleum marketers. She is a member of the UK and European management teams and plays a strategic role in advising the business on a variety of legal matters and strategic developments across the UK, Europe, Asia and Australasia. Prior to her role at Fleetcor, Natalie carried out similar roles for the US’s largest car rental company, Enterprise Rent-A-Car, and for US-listed cloud software provider, NetSuite (now part of Oracle), and was Group Head of Legal and Company Secretary of Venda, a UK-based eCommerce SaaS provider. In these roles she has been responsible for all company legal matters including adopting an advisory role in relation to the group’s shareholders, board of directors and executive management. Her three year tenure at Venda subsequently culminated in her leading the successful sale of the business to NetSuite and had her preparing the business for an IPO, advising on various fundraising rounds and debt restructurings, and working on key commercial projects for the business. Natalie became Head of Legal at Venda at the age of 27. Before then, she worked in Travelex’s legal team based in London, having trained at international city law firm, Taylor Wessing.

Pulina Whitaker

Partner, Morgan, Lewis & Bockius

Pulina Whitaker’s practice encompasses both labor and employment matters as well as data privacy and cybersecurity. She manages employment and data privacy issues in sales and acquisitions, commercial outsourcings, and restructurings. Pulina provides day-to-day advisory support for multinationals on all employment issues, including the UK’s Modern Slavery Act and gender pay reporting requirements. She also advises on the full spectrum of data privacy issues, including preparing for the General Data Protection Regulation. Pulina has deep experience managing international employee misconduct investigations and has been appointed as a Compliance Monitor for a transnational organization.

Tash Whitaker

Senior Consultant, Whitaker Solutions

Tash started her career managing master data, implementing governance and protecting data privacy in the days when Mark Zuckerberg was still writing BASIC on his Atari and GDPR was not yet a four letter word. With over 20 years of experience with Dun & Bradstreet, Cisco and Moorcrofts LLP, Tash now uses her knowledge and experience to guide organisations through their data privacy journey, offering consultancy, advice, and training, as well as data privacy as a service.

Tash has a reputation for making the impossible seem simple and turning regulatory legalese into something that can be understood and implemented by all. She is direct, to the point, and importantly, gets things done.

A life changing accident two years ago has done nothing to subdue her passion for all things data but has left her with the belief that we can’t do things alone, and we should do our upmost to support others.* With a sound educational background (BA (Hons) CIPP/E, CIPM and a DPO certification from Maastricht University, Faculty of Law), Tash shares her thought leadership by speaking at conferences, industry forums and learns from her extensive LinkedIn network of like-minded professionals.

*It has also left her with a Harry Potter scar, which makes her easy to recognise at networking events!

Kate Wilson

Barrister, One Brick Court Chambers

Kate is an experienced junior whose practice encompasses all aspects of media, communications and information law. She acts for claimants and defendants. Kate has appeared at all levels of the courts and has substantial trial experience, which is highly valued by clients. She regularly acts for public authorities facing claims for misuse of private information and breach of the Data Protection Act. Kate has appeared in a number of high-profile libel actions. She has also acted for numerous companies and individuals responding to the impending publication of confidential or potentially damaging information. In the Family Court and criminal courts, Kate has acted for both media organisations as well as private individuals in applications concerning reporting restrictions and access to documents. She is recognised by solicitors for her commitment to solving clients’ legal problems effectively. In addition to litigation work, Kate gives pre-publication advice to publishers, including academic publishers. Other non-contentious work includes advising on responses to subject access requests. Kate is listed as a leading junior in defamation and privacy in The Legal 500 2017 and Chambers and Partners 2018.

Helen Woollett

Group Compliance Counsel & Data Protection Officer, The Body Shop

Helen Woollett is the Group Compliance Counsel & Data Protection Officer for The Body Shop which is a global cosmetics and skin care company owned by Natura. Natura &Co which includes Natura, The Body Shop and Aesop, has a common commitment to sustainable and ethical business practices. Helen has over 25 years of global business and legal experience in data privacy and protection, governance, compliance and risk, in the finance, information technology and retail sectors. Prior to commencing her role at The Body Shop in February 2018, Helen was the Global Head of Privacy for Barclays Bank Plc based in London for nearly six years. In that role she had extensive experience with implementing data protection and privacy programmes, managing data privacy risks, applying the EU General Data Protection Regulation, and managing multi-disciplinary teams. During this time Helen chaired the UK banking industry association working group on data protection, and was closely involved with submissions to government on the UK Data Protection Act (2018).  Helen also has extensive information technology industry experience having worked for IBM in Germany, Switzerland and Asia Pacific in various legal, policy and data protection roles, for over 13 years.

Steve Wright

Data Protection & Security,

At John Lewis, I am fortunate enough to be in the unique position of reporting directly into the Group Financial Director (CFO), but answerable to the Board and Audit & Risk Committee. This empowers me to ensure that when it comes to data privacy and data security compliance, I can set the strategy, policy, direction and the tone (rate) of change necessary to take this great British icon into its optimal position of leveraging the data it collects, whilst at the same time protecting the rights of our customers and Partners, by ensuring legal and regulatory compliance, delivering and enhancing Privacy and Security capabilities – whilst ensuring Trust and Transparency remains at the heart of our fantastic Brands – Waitrose and John Lewis.

I’ve spent more than 25 years learning in IT (the last 8 in Legal and Finance), but all the time designing, developing, managing (mainly people) and delivering transformational data governance, privacy and security programmes, but in the last year, my role at John Lewis has tested me beyond my existing skills.

At John Lewis, my skills as a chief negotiator, senior motivator and leader (and only because I have an excellent team) – have led me to evolve into more of a Chief Compliance Officer and/or Chief Data Officer role. Whilst this is fine, I don’t want to dilute my skill base as a leader in security and privacy, and don’t want to loose my independence, or diminish my role as a ‘trusted Board advisor’.

I believe that data (governance) lies at the heart of our society and everything is connected to this one common denominator = data. And as we know, data security and data privacy are inextricably linked – they share common objectives, threats and therefore require comprehensive safeguards (controls), legal compliance and assurances mechanisms – both for the Board, our Partners and of course our Customers.

I am only human, and limited by human capacity, but I would hope you may share in some of my passions and philosophies.