Ardi Kolah LL.M – Chairperson

Director, GDPR Transition Programme, Henley Business School

Ardi is Executive Fellow and Co-Director of the GDPR Transition Programme at Henley Business School and the founder of GO DPO®, which is the strategic partner for many multi-national clients in the area of GDPR compliance.

He started his career at the BBC before working for Andersen Consulting as a senior manager. He’s recognised as one of the leading data protection practitioners in Europe and has provided advice to the Government in Scotland, the Shadow Minister for Digital Economy and Senior Civil  Servants as well as trained Nationwide, HSBC, Accenture, Santander, Hitachi Consulting, Sainsbury’s, John Lewis Partnership, Marks & Spencer, Lloyds Bank, Capita Asset Services and many others on GDPR. He also has a close working relationship with the UK Information Commissioner Elizabeth Denham.

Ardi is Editor-in-Chief, Journal of Data Protection & Privacy and is a keynote speaker all over the world on GDPR and for many organisations including the BBA and the IAPP, HR Directors Forum, General Counsel’s Briefing (Switzerland), IT Directors Forum, HR Director’s Forum, Marketing Directors Forum in 2017 as well as the FT Europe Cyber Security Summit 2016, 2017.

Ardi is also Chairman of the Law & Marketing Committee for the Worshipful Company of Marketors, a Livery Company in the City of London that he was asked to set up by Sir Paul Judge over six years ago.

Vivienne Artz

Managing Director and Global Head of Privacy Legal and Head of International for the Intellectual Property and Technology Law Group, Citi

Vivienne Artz is a Managing Director and Global Head of Privacy Legal and Head of International for the Intellectual Property and Technology Law Group in the General Counsel’s Office in London.

The International team, with lawyers in London, Belfast, Singapore and Japan, is responsible for all legal aspects of intellectual property, technology, e-commerce, general commercial/procurement/outsourcing, data privacy, banking secrecy and data security, electronic trading and order routing, and market data legal issues, across all business areas in the EMEA and APAC regions.

Prior to joining Citi in 2000, Vivienne worked in private practice in London.

Vivienne chairs the AFME Data Protection Working Group, the International Regulatory Strategy Group Data Working Group and is co-chair of the IAPP Knowledge Net for the UK.  Vivienne is an active participant on the E-Commerce Group and the Data Protection Groups at the BBA and CBI, as well as a Steering Committee member for the Technology Discussion Group.  Vivienne has recently completed a two year term as co-chair of the UK Citi Women Network, and chair of the Legal Diversity Council for EMEA, and is currently a Citi Women Community Ambassador.

Vivienne is the current President of Women in Banking and Finance, having been awarded the ‘Champion for Women’ Award at the Women in Banking and Finance Awards for Achievement 2016.

Jo Blazey

Privacy Officer & Counsel, Vodafone UK

Jo Blazey is a qualified solicitor and joined Vodafone in 2010.  Since March 2015 she has served as Vodafone UK’s Privacy Officer & Counsel and leads its privacy team.  Jo is responsible for Vodafone UK’s Privacy Programme and works closely with colleagues across the business on all aspects relating to Data Protection and GDPR readiness.  Prior to joining Vodafone Jo worked in private practice for Taylor Wessing and Thomas Eggar.

Michael Bond

Data Protection Officer, GLH Hotels Management

Michael is the Data Protection Officer for UK headquartered glh Hotels and previously advised News Corp on privacy and data protection. Michael is an ambassador for Privacy by Design and recently co-authored the Data Protection Network’s industry guidance on the use of legitimate interests under the GDPR. Michael was also largely responsible for the Industry response to Government changes to the ePrivacy Directive that implemented the so called “cookie law”, pushing for pragmatic implementation of rules that have significantly impacted AdTech.

Paul Breitbarth

Director, EU Certification Research and Senior Solutions Advisor, Nymity

Paul Breitbarth joined Nymity in 2016 as Director of EU Certification Research and Senior Solutions Advisor. He is based at Nymity’s office in The Hague, the Netherlands where he works with organizations across Europe to support their privacy offices. Paul also leads Nymity’s current Regulator Projects, focused on demonstrating compliance to the European General Data Protection Regulation and data protection process certifications. He is a regular speaker at privacy events and contributes to various privacy courses. Paul is a Visiting Fellow at Maastricht University’s European Centre for Privacy and Cybersecurity. Before joining Nymity, Paul served as senior international officer at the Dutch Data Protection Authority. He was an active member of various Article 29 Working Party subgroups, co-authoring opinions on the data protection reform, surveillance, the Privacy Shield and others. In 2015, he organized the International Privacy Conference in Amsterdam. Paul holds a Master of Laws from Maastricht University in the Netherlands.

Emma Butler

Data Protection Officer, Yoti

Emma Butler is Yoti’s DPO following four years in the Privacy team at RELX Group, specifically as the DPO for both UK LexisNexis businesses.

Emma previously spent seven years leading the international policy team at the ICO where she worked with other regulators and the Article 29 Working Party, as well as advising businesses and government entities on UK, EU and international privacy legislation.

She has a degree in French, Italian and linguistics, an LLM in Information Rights Law and Practice, an ISEB data protection certificate, CIPP/E and CIPP/M and is also an IAPP Fellow in Information Privacy.

Ian Evans

Managing Director, EMEA, OneTrust

Ian Evans is managing director for EMEA at OneTrust the leading privacy management software provider.

Prior to his role at OneTrust, Evans was president and managing director for EMEA at AirWatch by VMware, the leading enterprise mobility management (EMM) provider for 7 years.

Evans is now responsible for growing OneTrust’s business in the European, Middle Eastern and African regions. Evans brings more than 20 years’ experience to OneTrust from previous positions in the software industry, as well as 10 years in direct and channel sales. A diversified senior executive with global CRM technology applications and services experience, Evans has been successful in helping companies achieve their goals by structuring sales and operation processes and coaching sales teams to deliver multi-year, million dollar contracts.

Terry Evetts

Privacy and data protection specialist, Vodafone

Terry Evetts CIPP/E, joined Vodafone UK in 2015 and is a member of its privacy team.  Terry’s focus is primarily on how to operationalise and automate Vodafone’s privacy programme requirements including maintaining records of processing, carrying out privacy impact assessments and incident processes.  He also advises on Privacy by Design in the roll out of new products and services. Terry has a Law degree and masters in Computer Science and as part of his academic studies has written papers on the data protection implications of advancing technologies including cloud computing, Big Data and BYOD.  

Sue Gold

Senior Counsel, Wyndham Worldwide

Sue is Senior Counsel at Wyndham Worldwide for EMEAI based in London and is an experienced lawyer specialising in data protection . She has considerable experience in developing strategies and procedures for European data protection compliance, and providing privacy advice on complex technology transactions .

Prior to her current role , Sue was a Partner at law firm Osborne Clarke . Before that she worked as Principal Counsel EMEA for the Walt Disney Company in London for 8 years where she became recognised as a leading expert in data protection management and data privacy. This was preceded by internal legal roles in the financial services sector, providing advice on technology law and data protection at the investment banking arms of UBS, Salomon Smith Barney and she also worked at NM Rothschild and the London Stock Exchange.

Sue is a former member of the European Advisory Board for the IAPP, and is a chair of the SCL committee for the privacy and data protection group and is a past chair of the CBI and UNICE groups on data protection and IAPP KnowledgeNet. She is a regular speaker at international conferences on data protection and data privacy covering some of the more complex and cutting-edge issues.

Helen Gourdin

Senior Counsel, Global Compliance, DIAGEO

Helen has recently been appointed as Diageo’s Group Privacy Officer having previously been Diageo’s Senior Counsel Global Compliance and group subject matter expert in anti-bribery and corruption, anti-money laundering, non-facilitation of tax evasion and on leading above-market investigations. Helen Gourdin started her career at Clifford Chance, focusing primarily on commercial matters. In 2002, she joined Diageo as New Business Ventures Counsel. She then took on a role as Senior Counsel, Corporate Centre. Her previous responsibilities have included chairing the Digital Governance Leadership Team with her team reports looking after tax, compliance, projects and corporate governance matters.

James Leaton Gray

Director, The Privacy Practice

At The Privacy Practice James provides bespoke consultancy services in Data Protection and Privacy for a variety of companies and sectors. These range from financial services and retail, through to law and digital services.  James specialises in privacy implementation advice, GDPR readiness reviews and strategic data policy guidance. He also designs integrated privacy programmes, for example for the BBC’s personalisation and big data capability. As well as running the Privacy Practice he is a Consulting Director at Deloitte and the lead privacy consultant at Kemp Little Consulting.

For over 10 years he headed the BBC’s Information Policy and Compliance Department overseeing the corporation’s systems for compliance with the Data Protection and Freedom of Information Acts. Before that he worked on a variety of policy and management roles in the BBC following a career in current affairs and political programmes production.

Michael Harstrick

Chief Global Development Officer, Garner Products

Michael Harstrick began his career in Financial Services, with 20 years of progressive management and executive responsibility for a number of products, principally mortgage banking and brand building for alternative lending.  Michael then became a Partner in the company that invented CRM; subsequently  co-founded a consulting company that successfully installed and transformed a number of Fortune 500 and On-line clients into Customer Centric organizations.  At the conclusion of an engagement, Michael joined Garner Products, seeing a tremendous opportunity to attack one of the gaping holes in the physical data security world.  Michael Has a degree in Economics and an MA. in Rhetorical Criticism.

Paul Jordan

Managing Director, Europe, IAPP

As the European Managing Director of the IAPP European office in Brussels, Paul Jordan is responsible for implementing strategy and planning for Europe as well as leading efforts in expanding IAPP’s European presence.

A native of Dublin, Ireland, Paul has been living and working in Brussels for most of his life and has an in-depth knowledge of European Public Affairs, having managed large international projects for the European Commission, Deloitte, and other leading European consultancies. In addition to working in the corporate space in the technology services sector, Paul has delivered business management & consultancy services to a variety of association clients, including the Supply Chain Council (SCC), the International Society of Pharmaceutical Engineering (ISPE) and the Project Management Institute (PMI), overseeing their European strategy and operations. These responsibilities have included membership strategy, PR / communications, business development, events, and organizational governance.

Paul holds a degree in Business Economics with a Human Resources Management specialization from Boston University and the Vrije Universiteit Brussels. He is fluent in French, with passive knowledge of other European languages.

Claire Knight

Head of Data Protection, L'Oréal UK and Ireland

Claire Knight is the Head of Data Protection for L’Oréal UK & Ireland. L’Oréal is the world’s largest beauty company with 34 brands and operating in 140 countries. Claire advises on all aspects of data protection and privacy, including GDPR and ePrivacy.

Yukiko Lorenzo

Senior Counsel, Privacy and Data Protection, Mastercard

Yukiko Lorenzo is Senior Counsel, Privacy and Data Protection at Mastercard. She is responsible for privacy matters related to Mastercard’s Processing Business in all regions and other business lines. Prior to joining Mastercard, Yukiko worked as privacy counsel for a global bank in London, director for international business planning at an international credit reference agency in Chicago and policy analyst for law firms in Washington, D.C. Yukiko is qualified as a solicitor in England and Wales.

Rohan Massey

Partner, Ropes & Gray

Rohan Massey is a partner at Ropes & Gray.  He leads the firm’s privacy and data security practice in Europe and focuses his practice on data protection, data security, brand protection, e-commerce, and IT. As well as advising on global data protection and privacy issues he also advises on intellectual property issues arising in corporate transactions. Rohan specialises in international data transfer issues and advises clients on global compliance programs and reactive solutions, including breach data management and doxing (doxxing) issues. His industry-focused expertise covers life sciences and clinical trials, as well as media, sponsorship, advertising, sales promotions, and intellectual property issues, marketing issues in the sports apparel and food and drink sectors. His client base is international in scope, as he works extensively across Europe and the U.S.

Stephen McCartney

Former Director of Information Governance and Data Protection Officer, Royal Mail Group

Stephen has been involved in privacy and data protection law for over 17 years, as an adviser to the public at Citizens Advice, in house at a Belfast Health Trust, Google and Royal Mail Group, and for seven years with the UK Information Commissioner. Stephen also spent one year working for the European Data Protection Supervisor as a Seconded National Expert.

Paul McCormack

Senior Legal Counsel, Global Legal, HSBC

Paul McCormack is a Senior Legal Counsel & Global Lead for Digital within HSBC’s Global Data Privacy & Digital Legal team based in London.  Paul has responsibility for advising the Bank on global data privacy, cyber and digital risks, including external government and industry policy / liaison in the context of information sharing, and providing support to the Bank’s 4 global businesses (with specific focus on HSBC’s Retail Bank and Private Bank businesses). Paul has been leading on preparation and implementation of GDPR for HSBC.

Paul is a regular speaker on data protection, digital and cyber security related issues, having acted as the co-Chair of the legal and regulatory working group for the UK’s Open Banking Working Group, and the current Chair of FS-ISAC’s Cyber Working Group.

Nicholas Oliver

Founder & CEO,

Nicholas is the CEO & founder of – a European start-up that is giving people ownership of their data. Their ‘firewall for people’ will give individuals control over the access, use and value associated to decentralised data.

By downloading the app, users are rewarded for answering questions and engaging with brands, but at no stage is their personal or tokenised data sold or given to the advertisers; if they delete their account, all their data is deleted. This people-centric approach enables brands to create GDPR compliant campaigns that have shown an average CTR in excess of 30%.

Having announced a major partnership with Telefónica Deutschland, recently reached #1 in the iTunes UK trending app chart and continues to build significant momentum.

In 2016, Nicholas was recognised as NASDAQ’s Rising Star at the prestigious Founders Forum and now sits on TechUK’s Cloud, Data, Analytics & AI Counsel.

Prior to founding, Nicholas held senior global positions on 3 continents. His experience spans strategic & commercial innovation for international agency groups (WPP), Fortune 50 companies (Ford Motor Co.) and start-ups; building products and services that are designed to empower consumers and in doing so, create a meaningful narrative between technology, brands and people.

Jo Pedder

Head of Policy and Engagement, Information Commissioner’s Office (ICO)

Jo Pedder is Head of the ICO’s Policy and Engagement department. In her current role she is responsible for overseeing policy lines, advice and guidance related to data protection and freedom of information legislation. Jo is also responsible for the ICO’s engagement teams that focus on strategic stakeholders in the private sector and public services. Prior to taking on her current role Jo has worked in a number of policy and operational roles for the ICO since 2004. Before joining the ICO Jo worked at the Charity Commission dealing with large charities.

Mariana Pereira

Marketing Director, Darktrace

As a Director at Darktrace, Mariana works closely with the development, analyst, and marketing teams to devise high-impact commercial strategies for promoting Darktrace’s AI technology for cyber defense to technical and non-technical audiences. Her extensive career as an executive includes over a decade of commercial and marketing experience in companies spanning multiple industries, including enterprise software company Autonomy and FMCG global leader Heinz. She holds an MBA from the University of Chicago, and speaks several languages.

Catie Sheret

Senior Vice President, Chief Privacy Officer and Associate General Counsel for Core Markets, Pearson

Catie is Chief Privacy Officer and Associate General Counsel for Core markets at Pearson. She leads Pearson’s global privacy programme and acts as the primary legal counsel to the President of the Core markets group (one of Pearson’s 3 territorial groupings, covering UK, Europe, Africa and APAC). She leads a team of 20 lawyers, privacy and contracts professionals.

She studied law at the London School of Economics, Law Society Finals at the College of Law, then did a Stage at European Commission in 1993/94. Prior to Pearson, she trained with Linklaters law firm then had a short stint with Charles Russell in the Commercial team. She has worked at Pearson for 17 years, always as part of the International Legal team.

Pearson’s global legal team has been particularly innovative over the past 3 years, transforming its structure, introducing a number of new software solutions and streamlining its processes. It continues to look for new ways to manage its costs effectively whilst providing great support and advice for Pearson.

Monica Simoes de Almeida

Senior Manager Data Privacy, John Lewis Partnership

Monica has over 10 years experience supporting organisations in data protection and also commercial and corporate matter, and she has joined John Lewis Partnership as Senior Manager for Data Privacy and Governance last year leading a team of data privacy analysts and administrators working in the most varied data privacy matters.

Aaron Simpson

Partner, Hunton & Williams

Aaron Simpson is a partner at Hunton & Williams and the managing partner of the firm’s London office. He advises clients on a broad range of complex privacy, data protection and cybersecurity matters, including international and US federal and state privacy and data security requirements. As a leader on the firm’s privacy team, Aaron’s work ranges from advising clients on large-scale cybersecurity incidents to the development of cross-border data transfer solutions, compliance with existing and emerging data protection requirements in Europe, and negotiating data-driven commercial agreements. He is well known as a top privacy professional and has been recognized by Chambers and Partners, Computerworld, New York Super Lawyers, The Legal 500 and Who’s Who Legal for his work on behalf of clients. Aaron regularly speaks before industry groups, government agencies and other organizations and has written numerous articles, book chapters and handbooks on privacy and cybersecurity issues.

Cheryl Sims-Hancock

Associate Director, Cyber Risk Services, Deloitte

Cheryl is an Associate Director in Deloitte’s Cyber Risk practice where she focusses on Cyber Strategy, helping executives to develop cyber risk programmes in line with the strategic objectives and risk appetites of their organisations. She is formerly the CIO of a political party, an experienced IT Risk Management professional, and management consultant who has held global and regional leadership roles. With background studies in strategic management and organisational psychology, Cheryl has significant experience working in IT governance and developing skills and training to support strategic objectives.

Simon Tisdall

Data Protection Officer, Sainsbury’s

Simon is responsible for the Sainsbury’s and Argos’ compliance with current and future data protection legislation. Previously Simon was a retailer before becoming a commercial lawyer and then Sainsbury’s Data Protection lawyer.

Douglas Weekes

Head of Data Governance, Corporate Services, Sainsbury’s

Douglas Weekes, Head of Data Governance for Sainsbury’s and Argos. Responsible for implementing GDPR and working with InfoSec and Finance to provide a single consistent message to colleagues and customers across GDPR, PCI and Information Security. Previously led the Sainsbury’s Corporate PMO, Programme managed a number of strategic projects including the purchase of Sainsbury’s Bank and has worked in Management consultancy and Retail with PA Consulting and Waitrose.

Steve Wright

Group Data Privacy & InfoSec Officer, John Lewis Partnership

Consumers enthusiastically engage with digital assets only when they derive real value and when they implicitly trust brands. Increasingly, consumers are demanding control over what they see (Digital), when they see (time), how they see it (Channel) and they determine if they want to share their personal data with our brands (privacy). In the new data driven ecosystem Consumer Privacy and Digital Security are integrated (e.g. two sides of the same coin) and are undoubtedly the key ingredients for stronger business growth through digital channels. John Lewis Partnership has itself launched various digital and data initiatives, which aim at bringing great brand experiences to customers based on deep insights on customer needs. The commonality between all digital initiatives is the need for data governance, best practice, personalised customer engagement, and leading market innovation in digital has lead to the recent appointment of a new Data Privacy & InfoSec Officer – Mr Steve Wright.

With over 20 years’ experience, designing, developing, managing and delivering transformational data governance, privacy and security  programmes, Steve’s  vast experience as a pragmatic and charismatic leader, ideally places  him as the ‘trusted advisor’ to the Board on all  privacy and security related  matters. Steve is also a published author, a non-exec director and is regularly invited to speak at industry events, trade associations and thought leadership working groups, working towards continually finding new ways to increase trust and transparency in respect of consumer services, business functions and product vendors.

Steve believes that consumer data, cyber security and privacy must come together as they share common objectives, legal obligations and principles, and therefore require the same or common satisfactory safeguards and assurances. From a business perspective, this can be achieved by building ‘digital trust and assurance programmes’ based on the fundamental principles of transparency, trust, accountability, protection, integrity, confidentially and availability, accompanied by clear policies and delivered through comprehensive training, integrated procedures and a robust compliance regime.

This is where Steve’s role as Data Privacy & InfoSec Officer at John Lewis PLC is particularly relevant because John Lewis PLC’s digital ambition will create greater functionality, connectivity and personalisation. Steve’s role is to work collaboratively and integrally with the business, to help steer and shape the digital conversation and leverage the power of data analytics, while also  ensuring that the business remains compliant with laws around the world but still competitive, and acts in a moral and ethical way in relation to the rights of the  individual.

His role as Trusted Privacy & InfoSec Advisor (plus the Data Protection Officer), is essentially about making John Lewis PLC’s digital strategy a reality. This work involves proactively communicating with Data Protection Authorities from Europe and around the world and regularly training lawyers, marketers, HR and R&D personnel to ensure that they understand and know their responsibilities.

Please follow link to see full profile: