Opening Remarks from the Chair

10:00 am -10:10 am

Scott Sammons, Chair – Records Management Society (IRMS) 

Theme 1: Context


New Data Protection Regulation for Today’s Digital World - Keynote Address

10:10 am -10:30 am

  • Implementing the necessary data and information security measures for a growing UK/EU digital economy
  • Protecting people, individuals with personal lives, reputations, and livelihoods
  • Reviewing Board level responsibilities and changing mindsets that data protection is a reputational and commercial issue, rather than a technical one

GDPR Preparedness – Frameworks and Guidance from the ICO

10:30 am -10:50 am

  • Preparing for the May 2018 deadline: Avoiding the risk of 20,000,000 EUR fines, or up to 4% of the total worldwide annual turnover for serious breaches to GDPR
  • Understanding the key principles of the regulation – including the right to erasure, the right to access, data portability and how to respond to data requests
  • Exploring the role of the Data Protection Officer, reporting data breaches and GDPR enforcement
  • Identifying the appropriate supervisory authority in cases of complex cross-board data processing
  • Global Implications: How GDPR will affect organisations outside of the EU
  • How does GDPR link with other data policies including the EU-US Privacy Shield and the Network and Infrastructure Directive?

Peter Brown, Senior Technology Officer, Information Commissioner’s Office 

Data Governance Requirements for GDPR

10:50 am -11:10 am

  • Meeting Data Governance regulatory requirements for GDPR – the clock is ticking, how are you protecting your data and content
  • Securing your applications and securely share files on premises and in the cloud, encrypt content, data and files
  • Cloud storage and file sharing – challenges and security threats
  • Data Governance solutions to help IT and business leaders gain greater control and transparency over visibility of data assets, who has access to files and data, data retention, reporting and auditing
  • Challenges of managing and classifying data in a digital workplace, what does best practice data governance look like

Kris Lahiri, VP Operations and Chief Security Officer – Egnyte 


11:10 am -11:20 am

Coffee and Expo

11:20 am -12:00 pm

Theme 2: Preparedness


Developing an Organisational Roadmap for the Introduction of GDPR in May 2018

12:00 pm -12:15 pm

  • Dealing with the multiple challenges and opportunities that the GDPR brings
  • Taking a proactive approach to preparing for its implementation, developing project milestones and plan of action to meet the deadline
  • Managing the impact on your company’s data strategy and ability to use data
  • Taking a cross-function approach to GDPR – Security, IT, Data and Legal teams working together

Jonathan Baines, Data Protection Officer – GDPR Readiness, Network Rail 

Identifying Areas of Data Risk within Your Organisation

12:15 pm -12:30 pm

Case Study

  • Things to consider when examining areas of the business that will be impacted by GDPR – identifying the personal information that you hold
  • Analysing data access points and accessibility
  • Undertaking a privacy impact assessment where the risk is deemed high, using as a tool to ensure you meet the GDPR obligations
  • Shared lessons from experience and what to consider in your GDPR preparations

John Townsend, Data Protection Officer & Legal Counsel – Plusnet 


12:30 pm -12:35 pm

GDPR in the Boardroom – Leadership for Compliance

12:35 pm -1:00 pm

Panel Discussion

  • Getting data protection right to help deliver real business benefits and competitive advantage
  • Managing the implications of GDPR for your business in terms of data strategy and usage within the organisation
  • Exploring the key elements of a good information strategy
  • Examining new rights and status of Data Protection Officers
  • Creating a culture of GDPR data compliance and measuring compliance

Simon Wright, Strategic Governance Manager – Group Data Protection & Privacy, SKY

Lunch and Expo

1:00 pm -2:00 pm

Theme 3: Implementation


New Considerations for Sensitive Data, Regulated data, Personal Data and Child Data

2:00 pm -2:15 pm

  • Best practice in processing personal sensitive data: Understand what personal data is, what lawful processing looks like and how to gain and record consent
  • Detecting data breaches and utilising breach procedures to ensure you take the appropriate steps to inform relevant parties
  • Communicating the correct data privacy notice and that they are undertaking the appropriate consent retrieval methods
  • New measures for data retention and data disposal – how to prove state of data?
  • Managing data on children, what additional controls do you need?

John Culkin, Director of Information Management, Crown Records Management

Key Supporter 2

2:15 pm -2:30 pm


2:30 pm -2:35 pm

GDPR – Being Ready for May 2018

2:35 pm -3:00 pm

  • Mandatory grounds for appointing a DPO under the GDPR
  • Latest Guidance by Art.29 Data Protection Working Party on the DPO
  • What the DPO is expected to do in their first 100 days?
  • How easy or difficult is it to hire a DPO?
  • How to identify a senior manager internally who could become the DPO?
  • Will ‘Team DPO’ as an outsourced solution become the de facto way to comply with the requirement for a DPO?

Ardi Kolah, Executive Fellow & Programme Co-ordinator – GDPR Transition Programme – Henley Business School 

Coffee & Expo

3:00 pm -3:30 pm

Reviewing Data Architecture, Access, Verification and Reporting for GDPR

3:30 pm -3:45 pm

Case Study

  • Reforming the way personal data is stored, used, shared, maintained and recorded – Technology and solutions to help Government and Enterprise meet GDPR challenges
  • Establishing data confidentiality, integrity and protection through encryption
  • Developing processes to manage individual data rights – including data editing, deleting, provision and compatibility
  • Implementing record keeping processes that demonstrates compliance and accountability
  • Complying with data portability requirements and overcoming security concerns of data sharing
  • Data and Backup Storage, Archiving and Recovery, Data Erasure

Understanding Individuals Rights under GDPR - A Legal Perspective

3:45 pm -4:00 pm

  • Managing the implications of individuals having a stronger right to demand that their data is deleted where consent is the legal basis for data processing
  • Risk management vs compliance – keeping in line with the law

Creating a Culture of Data Compliance in your Organisation

4:00 pm -4:25 pm

Panel Discussion

  • Exploring the role of Data Protections Officers in preparing for GDPR
  • How to engage staff and the board in the responsibilities of the regulation
  • Considerations beyond the organisation: Where do you need to consider GDPR in outsourcing relationships and the supply chain?
  • Measuring GDPR compliance
  • Investing in a programme of staff training

Brian Shorten, Chairman, Charities Security Forum 

Conference close


Check back regularly for further updates. For speaker and content enquiries please contact [email protected] or call 020 3770 6569. 

If you would like to sponsor the GDPR Conference or exhibit click here, email [email protected] or call 020 3770 6546.

Top Tips for Good Cyber Hygiene

9:30 am -9:50 am

Expert Insight

  • Helping organisations prepare, protect, prevent, respond and recover from salient cyber threats
  • Engaging with local enterprise partnerships to create a shared awareness culture
  • Encouraging organisations to help prevent attacks from spreading through the Cyber Security Information Sharing Partnership (CiSP)
  • Working with national partners across government, crime sector and industry to provide regular updates on attack trends

Jennie Williams, Cyber Protect Officer – TITAN North West Regional Organised Crime Unit (Confirmed)

Best Practice in Security Management System, Security-based Standards, ISO 27001 Certification, Training

10:00 am -10:30 am

Session Lead - PA Consulting

11:20 am -12:05 pm

Session Lead - NextLabs

12:15 pm -12:45 pm

Access Rights Management for Complex Information Infrastructures

12:55 pm -1:15 pm

Expert Insight

  • Implications of the IG Toolkit for Trusts and in meeting the modern needs of patients
  • Reducing the intrusion of biometric/biomathematics information using authenticated equipment
  • Implementing role-based control to improve compliance with HIPAA regulations without reducing efficient accessibility to patient information

Shared Lessons: Preparing for Ransomware Attacks and Disaster Recovery

1:35 pm -2:05 pm

Best Practice Panel Discussion

  • Understanding the increase in ransomware variant: More common, more cost and more damaging
  • Optimising defence: Deploying monitoring tools to detect, respond and neutralize suspicious activity for DDOS and website protection
  • Factoring ransomware into business continuity planning to enable quick and efficient response in the event of a breach
  • Paying the ransom: Discussing practicality, organisational reputation and principles
  • Preparedness best practice: Regular backups of mission critical data, defined access control and system compartmentalisation


Talal Rajab, Head of Programme – Cyber and National Security, Tech UK (Confirmed)

Bridget Kenyon, Head of Information SecurityUCL (Confirmed)


Managing and Mitigating Risks to Improve and Protect your Organisation to Achieve Continual Improvement

2:15 pm -2:30 pm

Emerging Cyber Tech for Evolving Cyber Threats

3:50 pm -4:10 pm

Expert Insight

  • Matching the changing threat with the right solutions, strategy and approach
  • Working with the private cyber security industry to accelerate the development of next-gen technology
  • Developing the potential of automation, artificial intelligence and machine learning in new deterrence and defence technologies
  • Exploring the risks and rewards posed by a future of quantum computing
  • Realising the potential of Blockchain based security solutions and advanced cryptography

Check back regularly for further updates. For speaker and content enquires please contact [email protected] or call 020 3770 6569.

If you would like a sponsored speaking slot in this seminar theatre or wish to exhibit please click here, email [email protected] or call 020 3770 6546.

Taking a Proactive Approach to Cyber Defence

9:40 am -10:00 am

Case Study

  • Revisiting strategies to map and test vulnerabilities within your organisation
  • Developing a Red Team cyber approach
  • Simulating attacks with advanced threat intelligence to secure critical IT
  • Shifting mindsets from incident response to continuous response

Ian Glover, President – CREST 

Session Lead - Entrust

10:10 am -10:55 am

Data Breach Detection – What’s Outside Your Firewall?

11:05 am -11:35 am

  • Dark Web monitoring – has your data already left the building?
  • Watermarking and Fingerprinting – how to recognize your data when it leaks
  • Detecting Data Breaches on the Deep Dark Web
  • Beyond Google – the role of TOR, IRC and Paste sites in data breaches
  • Real-time detection and alerting as part of a GDPR compliance strategy

Jeremy Hendy, Chief Commercial Officer, RepKnight

Session Lead - RiskX

11:45 am -12:15 pm

Cyber Security Considerations for your Journey to the Cloud

12:40 pm -1:10 pm

Best Practice Panel Discussion

  • Exploring operational security benefits presented by Cloud based SaaS, PaaS and IaaS
  • Public, Community and Private Cloud: Evaluating which is best for your organisation
  • Best practice for data protection and service migration: Developing a data-tight roadmap
  • The importance of classifying risk of data and compliance frameworks when considering multi-tier cloud options
  • Evaluating the interoperability and versatility of security solutions and tools to reduce complexity in your security architecture

Steve Williamson, Director IT Governance, Risk & Compliance – GlaxoSmithKline 

Sue Daley, Head of Programme for Cloud, Data, Analytics and AI, Tech UK

Implementing Verify for Identity Management across Government

2:05 pm -2:25 pm

Case Study

  • Using a ubiquitous system to ensure widespread demographic coverage using multiple types of evidence and methods of verification
  • Keeping pace with security challenges, products and best practice
  • Ensuring strong authentication including 2nd Factor Authentication for bolstered security
  • Increasing scope to service local government, health and social care, and the private sector
  • Working with D5 nations, the United Nations, and the World Bank, to promote international standards and platforms for identification and verification

Adam Cooper, Lead Technical Architect, Gov.UK Verify-Government Digital Service 

Session Lead - GoSecure

2:35 pm -3:20 pm

What does Impenetrable Digital Vault Look Like and How Does it Protect You, Your Passwords and Data?

3:30 pm -3:45 pm

The Psychology Behind Cyber Attacks and How to Manage the Insider Threat

4:10 pm -4:30 pm

Expert Insight

  • Implementing safeguards to administrative, procedural and technical components to decrease human error
  • Using holistic approaches to develop training for staff and reduce insider attacks
  • Reducing physical data breaches such as; lost paperwork, faxing or emails to wrong recipients
  • Monitoring technology to spot threats within the organisation

Angela Sasse, Professor of Human-Centred Technology -Department of Computer Science, University College London 

Check back regularly for further updates. For speaker and content enquires please contact [email protected] or call 020 3770 6569.

If you would like a sponsored speaking slot in this seminar theatre or wish to exhibit please click here, email [email protected] or call 020 3770 6546.

Session Lead - EOL IT Services

9:35 am -10:05 am

The Evolving Cyber Threat Landscape – Looking Ahead for the Next 12 Months

10:15 am -10:35 am

Expert Insight

  • Horizon scanning for emerging and future threat vectors
  • Exploring new areas of vulnerability and new opportunities for exploitation
  • Examining the changing nature of the threat: Large scale state-level vs. personal and reputational attacks

Ewan Lawson, Senior Research Fellow – Royal United Services Institute (RUSI) 

Session Lead - Software Box Ltd

10:45 am -11:15 am

Dealing with the Increased Sophistication of Phishing Attacks

11:25 am -11:55 am

Best Practice Panel Discussion

  • Reducing vulnerability and managing risk – updating security policies and solutions to eliminate threats as they evolve
  • Educating employees and conducting training sessions with mock phishing scenarios
  • Implementing the use of anti-virus on mobiles to combat the effect of smishing damaging organisations smart working and mobile security
  • Applying log in activity software to halt fake email interfaces stealing log-in details
  • Exposing the dangers of URLS as websites built by criminals that gain access to identities and systems


Piers Wilson, Director – Institute of Information Security Professionals 


Michelle Hanson, Head of Information Security – News UK 

Glenn Maleary, Detective Chief Superintendent – City of London Police 

Session Lead - MetaCompliance

12:05 pm -12:35 pm

Protecting your Digital Assets with Password Manager for Mobile Devices and Computers – Keeping your Data and Assets Secure Anytime, Anywhere

2:00 pm -2:30 pm

Ensuring Cyber Security Culture in Complex Environments of Regular Change

2:45 pm -3:05 pm

Case Study

  • Reviewing the layers of security risk connected to mobile cyber-security: Network, device, application, and back-end system
  • Implementing cyber security policies and processes to manage remote working risks
  • Creating a culture of security through clear responsibilities and accountability
  • Taking a proactive and protective approach to mobile security for next-generation productive working
  • Using encryption and preventative software to manage risks

Jasvinder Pham, Information and Cyber Security Manager – HS2 

Maintaining Resilience of Complex IT Infrastructures

3:55 pm -4:15 pm

Case Study

  • Defending essential protocols such as VoIP, SIP, SS7 from ever more sophisticated hacking tactics
  • Evolving security practices in line with growth of cloud and data storage offerings
  • Managing the risks posed by IoT and growing networks of connected devices
  • Encouraging the adherence of security standards in manufacturing
  • Protecting your networks and digital infrastructure

Check back regularly for further updates. For speaker and content enquires please contact [email protected] or call 020 3770 6569.

If you would like a sponsored speaking slot in this seminar theatre or wish to exhibit please click here, email [email protected] or call 020 3770 6546.