Expo Agenda

GDPR Conference
Seminar Theatre 1
Seminar Theatre 2
Seminar Theatre 3
GDPR Conference
Seminar Theatre 1
Seminar Theatre 2
Seminar Theatre 3

10:00 am - 10:10 am

Opening Remarks from the Chair

Scott Sammons
Information and Records Management Society (IRMS)

10:10 am - 10:30 am

GDPR Preparedness – Frameworks and Guidance from the ICO

  • Preparing for the May 2018 deadline: Avoiding the risk of 20,000,000 EUR fines, or up to 4% of the total worldwide annual turnover for serious breaches to GDPR
  • Understanding the key principles of the regulation – including the right to erasure, the right to access, data portability and how to respond to data requests
  • Exploring the role of the Data Protection Officer, reporting data breaches and GDPR enforcement
  • Identifying the appropriate supervisory authority in cases of complex cross-board data processing
  • Global Implications: How GDPR will affect organisations outside of the EU
  • How does GDPR link with other data policies including the EU-US Privacy Shield and the Network and Infrastructure Directive?
Peter Brown
Group Manager
Information Commissioners Office (ICO)

10:30 am - 10:50 am

GDPR in the Boardroom – Leadership for Compliance


  • Getting data protection right to help deliver real business benefits and competitive advantage
  • Managing the implications of GDPR for your business in terms of data strategy and usage within the organisation
  • Exploring the key elements of a good information strategy
  • Examining new rights and status of Data Protection Officers
  • Creating a culture of GDPR data compliance and measuring compliance
Simon Wright
Strategic Governance Manager – Group Data Protection & Privacy

10:50 am - 11:10 am

Data Governance Requirements for GDPR

  • Meeting Data Governance regulatory requirements for GDPR – the clock is ticking, how are you protecting your data and content
  • Securing your applications and securely share files on premises and in the cloud, encrypt content, data and files
  • Cloud storage and file sharing – challenges and security threats
  • Data Governance solutions to help IT and business leaders gain greater control and transparency over visibility of data assets, who has access to files and data, data retention, reporting and auditing
  • Challenges of managing and classifying data in a digital workplace, what does best practice data governance look like
Kris Lahiri
VP Operations and Chief Security Officer

11:10 am - 11:20 am

Questions and Answers

11:20 am - 12:00 pm

Coffee and Expo

12:00 pm - 12:20 pm

Developing an Organisational Roadmap for the Introduction of GDPR in May 2018

  • Dealing with the multiple challenges and opportunities that the GDPR brings
  • Taking a proactive approach to preparing for its implementation, developing project milestones and plan of action to meet the deadline
  • Managing the impact on your company’s data strategy and ability to use data
  • Taking a cross-function approach to GDPR – Security, IT, Data and Legal teams working together
Jonathan Baines
Data Protection Officer, GDPR Readiness
Network Rail

12:20 pm - 12:40 pm

Identifying Areas of Data Risk within Your Organisation

Case Study

  • Things to consider when examining areas of the business that will be impacted by GDPR – identifying the personal information that you hold
  • Analysing data access points and accessibility
  • Undertaking a privacy impact assessment where the risk is deemed high, using as a tool to ensure you meet the GDPR obligations
  • Shared lessons from experience and what to consider in your GDPR preparations
John Townsend
Data Protection Officer & Legal Counsel

12:40 pm - 1:00 pm

Redefining Information Architecture, Access and Reporting under GDPR

  • Reforming the way personal data is stored, used, shared, maintained and recorded – Technology and solutions to help Government and Enterprise meet GDPR challenges
  • Establishing data confidentiality, integrity and protection through encryption
  • Developing processes to manage individual data rights – including data editing, deleting, provision and compatibility
  • Implementing record keeping processes that demonstrates compliance and accountability
  • Complying with data portability requirements and overcoming security concerns of data sharing
  • Data and Backup Storage, Archiving and Recovery, Data Erasure

1:00 pm - 2:00 pm

Lunch and Expo

2:00 pm - 2:15 pm

New Considerations for Sensitive Data, Regulated data, Personal Data and Child Data

  • Best practice in processing personal sensitive data: Understand what personal data is, what lawful processing looks like and how to gain and record consent
  • Detecting data breaches and utilising breach procedures to ensure you take the appropriate steps to inform relevant parties
  • Communicating the correct data privacy notice and that they are undertaking the appropriate consent retrieval methods
  • New measures for data retention and data disposal – how to prove state of data?
  • Managing data on children, what additional controls do you need?
John Culkin
Director of Information Management
Crown Records Management

2:15 pm - 2:30 pm

Implementing an Enterprise Content Management System (ECM) to Take Control of Your Information and Processes

Thought Leadership session

2:30 pm - 2:50 pm

GDPR – Being Ready for May 2018

  • Mandatory grounds for appointing a DPO under the GDPR
  • Latest Guidance by Art.29 Data Protection Working Party on the DPO
  • What the DPO is expected to do in their first 100 days?
  • How easy or difficult is it to hire a DPO?
  • How to identify a senior manager internally who could become the DPO?
  • Will ‘Team DPO’ as an outsourced solution become the de facto way to comply with the requirement for a DPO?
Ardi Kolah
Executive Fellow and Co-Director
GDPR Transition Programme - Henley Business School (UK)

2:50 pm - 3:00 pm

Questions and Answers

3:00 pm - 3:30 pm

Coffee and Expo

3:30 pm - 3:45 pm

Session Lead: TBC

3:45 pm - 4:00 pm

eBay – Reviewing Process, Procedure and Reporting for GDPR

Case Study

  • Reforming the way personal data is stored, used, shared, maintained and recorded
  • Technological solutions to help meet GDPR challenges
  • Developing processes to manage individual data rights
  • Implementing record keeping and reporting to demonstrate compliance and accountability
  • Developing and enhancing a culture of privacy compliance
  • Operational and technical challenges
Ben Westwood
Senior Privacy Manager & Data Protection Officer
eBay UK

4:00 pm - 4:30 pm

Creating a Culture of Data Compliance in your Organisation

Panel Discussion

  • Exploring the role of Data Protections Officers in preparing for GDPR
  • How to engage staff and the board in the responsibilities of the regulation
  • Considerations beyond the organisation: Where do you need to consider GDPR in outsourcing relationships and the supply chain?
  • Measuring GDPR compliance
  • Investing in a programme of staff training
Brian Shorten
Charities Security Forum
Ardi Kolah
Executive Fellow and Co-Director
GDPR Transition Programme - Henley Business School (UK)
Simon Wright
Strategic Governance Manager – Group Data Protection & Privacy
John Townsend
Data Protection Officer & Legal Counsel

9:30 am - 9:50 am

Top Tips for Good Cyber Hygiene

Expert Insight

  • Helping organisations prepare, protect, prevent, respond and recover from salient cyber threats
  • Engaging with local enterprise partnerships to create a shared awareness culture
  • Encouraging organisations to help prevent attacks from spreading through the Cyber Security Information Sharing Partnership (CiSP)
  • Working with national partners across government, crime sector and industry to provide regular updates on attack trends
Jennie Williams
Cyber Protect Officer
TITAN - North West Regional Organised Crime Unit

10:00 am - 10:30 am

Best Practice in Security Management System, Security-based Standards, ISO 27001 Certification, Training

10:40 am - 11:00 am

The Dangers and Opportunities of AI-Based Security Systems

Expert Insight

  • The need for smart, adaptive security systems
  • AI and machine learning in new deterrence and defence technologies
  • Exploring the risks and rewards posed by smart security systems
Prof. Tim Watson
Cyber Security Centre at WMG (Warwick University)

11:20 am - 12:05 pm

Session Lead – PA Consulting

12:15 pm - 12:45 pm

Safeguarding Data in the Digital Economy

  • Safeguarding data in applications – inside and outside organisations
  • Reducing the need for role-based access through attribute-based access control
  • Security measures for sharing data outside the organisation
  • Exploring data safeguards for GDPR

12:55 pm - 1:15 pm

Access Rights Management for Complex Information Infrastructures

Expert Insight

  • Implications of the IG Toolkit for Trusts and in meeting the modern needs of patients
  • Reducing the intrusion of biometric/biomathematics information using authenticated equipment
  • Implementing role-based control to improve compliance with HIPAA regulations without reducing efficient accessibility to patient information

1:35 pm - 2:05 pm

Shared Lessons: Preparing for Ransomware Attacks and Disaster Recovery

Best Practice Panel Discussion

  • Understanding the increase in ransomware variant: More common, more cost and more damaging
  • Optimising defence: Deploying monitoring tools to detect, respond and neutralize suspicious activity for DDOS and website protection
  • Factoring ransomware into business continuity planning to enable quick and efficient response in the event of a breach
  • Paying the ransom: Discussing practicality, organisational reputation and principles
  • Preparedness best practice: Regular backups of mission critical data, defined access control and system compartmentalisation


Talal Rajab
Head of Programme – Cyber and National Security
Tech Uk
Bridget Kenyon
Head of Information Security
University College London
Stephen Baker
Chief Executive & Spokesperson on Civil Resilience and Community Safety
Suffolk Coastal and Waveney Councils & SOLACE
Gerard McGovern
Head of Technology
Great Ormond Street Hospital Children’s Charity

2:15 pm - 3:00 pm

How an ECM Solution Can Help with GDPR to Store and Manage Personal Data

  • Information Management and GDPR – what is the connection and why is GDPR a strategic business challenge?
  • Implementing an Enterprise Content Management System (ECM) to take control of your information and processes
  • How to effectively use ECM to store and manage personal data
  • Reviewing your current systems and ensuring future compliance

3:10 pm - 3:40 pm

Session Lead – TBC

3:50 pm - 4:10 pm

Emerging Cyber Tech for Evolving Cyber Threats

Expert Insight

  • Matching the changing threat with the right solutions, strategy and approach
  • Working with the private cyber security industry to accelerate the development of next-gen technology
  • Developing the potential of automation, artificial intelligence and machine learning in new deterrence and defence technologies
  • Exploring the risks and rewards posed by a future of quantum computing
  • Realising the potential of Blockchain based security solutions and advanced cryptography
Prof Chris Hankin
Institute for Security Science and Technology, Imperial College London

9:40 am - 10:00 am

Taking a Proactive Approach to Cyber Defence

Case Study

  • Revisiting strategies to map and test vulnerabilities within your organisation
  • Developing a Red Team cyber approach
  • Simulating attacks with advanced threat intelligence to secure critical IT
  • Shifting mindsets from incident response to continuous response
Ian Glover

10:10 am - 10:55 am

Securely Unlocking the Value of Digital Business in the Internet of Things

  • What is the internet of things?
  • What use cases are there for the internet of things?
  • What are the challenges inherent in the internet of things?
  • How can Entrust Datacard help you prepare for the internet of things?


Luke Niemiec
Sales Associate
Entrust Datacard

11:05 am - 11:35 am

Data Breach Detection – What’s Outside Your Firewall?

  • Dark Web monitoring – has your data already left the building?
  • Watermarking and Fingerprinting – how to recognize your data when it leaks
  • Detecting Data Breaches on the Deep Dark Web
  • Beyond Google – the role of TOR, IRC and Paste sites in data breaches
  • Real-time detection and alerting as part of a GDPR compliance strategy
Jeremy Hendy
Chief Commercial Officer

11:45 am - 12:15 pm

Session Lead – TBC

12:40 pm - 1:10 pm

Cyber Security Considerations for your Journey to the Cloud

Best Practice Panel Discussion

  • Exploring operational security benefits presented by Cloud based SaaS, PaaS and IaaS
  • Public, Community and Private Cloud: Evaluating which is best for your organisation
  • Best practice for data protection and service migration: Developing a data-tight roadmap
  • The importance of classifying risk of data and compliance frameworks when considering multi-tier cloud options
  • Evaluating the interoperability and versatility of security solutions and tools to reduce complexity in your security architecture
Steve Williamson
Director of IT Governance, Risk & Compliance
Sue Daley
Head of Programme for Cloud, Data Analytics and AI

1:25 pm - 1:55 pm

CCTV and Cyber Security

  • Is your CCTV system secure from cyberattack?.  The need to do more to safeguard your security networks.
  • GDPR and CCTV Cyber Security – addressing the CCTV vulnerability to cyber-attacks.
  • Is your CCTV fit for purpose and Cyber secure, how can you ensure secure protection of surveillance systems, data protection, data encryption.

2:05 pm - 2:25 pm

Implementing Verify for Identity Management across Government

Case Study

  • Using a ubiquitous system to ensure widespread demographic coverage using multiple types of evidence and methods of verification
  • Keeping pace with security challenges, products and best practice
  • Ensuring strong authentication including 2nd Factor Authentication for bolstered security
  • Increasing scope to service local government, health and social care, and the private sector
  • Working with D5 nations, the United Nations, and the World Bank, to promote international standards and platforms for identification and verification
Adam Cooper
Lead Technical Architect
Verify-Government Digital Service (GDS)

2:25 pm - 3:10 pm

24 Hours in a Cyber Attack

  • Exposing how quickly multiple technical defences can be efficiently defeated
  • Protecting organisations from well-resourced, well-motivated attackers who use a wide range of advanced techniques to compromise  your security
  • Understanding the vulnerabilities of traditional systems and implementing advanced core security functions
Noel Hannan
Cyber and Digital Innovation Lead

3:20 pm - 3:50 pm

Cyber Insurance

  • Why Cyber Insurance should be a key part of your Cyber risk strategy
  • How can you protect your business in a fast and complex world where cyber risk is constantly changing
  • Reputational Harm and Cyber Insurance
  • How can a specialist cyber insurance partner mitigate the risk
  • The need to take a proactive approach to brand risk management
  • Crisis Management, business interruption, data breach

4:00 pm - 4:20 pm

The Psychology Behind Cyber Attacks and How to Manage the Insider Threat

Expert Insight

  • Implementing safeguards to administrative, procedural and technical components to decrease human error
  • Using holistic approaches to develop training for staff and reduce insider attacks
  • Reducing physical data breaches such as; lost paperwork, faxing or emails to wrong recipients
  • Monitoring technology to spot threats within the organisation
Angela Sasse
Professor of Human-Centered Technology in the Department of Computer Science
University College London

9:35 am - 9:55 am

The Evolving Cyber Threat Landscape – Looking Ahead for the Next 12 Months

Expert Insight

  • Horizon scanning for emerging and future threat vectors
  • Exploring new areas of vulnerability and new opportunities for exploitation
  • Examining the changing nature of the threat: Large scale state-level vs. personal and reputational attacks
Ewan Lawson
Senior Research Fellow
Royal United Services Institute (RUSI)

10:05 am - 10:35 am

Session Lead – EOL IT Services

10:45 am - 11:15 am

The Cybernetics Of Society

  • Understanding cyber as a complex, self-adaptive, socio-technical phenomenon operating at societal scale
  • Exploring the implications of this for cyber security and society
  • Projecting the possible future developments of cyber as a societal construct
Colin Williams
Software Box (SBL)

11:25 am - 11:55 am

Dealing with the Increased Sophistication of Phishing Attacks

Best Practice Panel Discussion

  • Reducing vulnerability and managing risk – updating security policies and solutions to eliminate threats as they evolve
  • Educating employees and conducting training sessions with mock phishing scenarios
  • Implementing the use of anti-virus on mobiles to combat the effect of smishing damaging organisations smart working and mobile security
  • Applying log in activity software to halt fake email interfaces stealing log-in details
  • Exposing the dangers of URLS as websites built by criminals that gain access to identities and systems


Piers Wilson
Institute of Information Security Professionals (IISP)
DCSupt Glenn Maleary
Detective Chief Superintendent
City of London Police - Economic Crime Directorate
Chris Rivinus
Head of Business Systems
Tullow Oil

12:05 pm - 12:35 pm

A Dummies Guide to GDPR – Getting Down to Business with European Privacy

  • Ensuring business buy in to your GDPR project
  • A methodology for implementing a GDPR compliant business environment
  •  Incorporating GDPR as the keystone of your Digital Transformation strategy
  • Aligning your Cyber Security and Data Protection objectives
Robert O’Brien
MetaCompliance Limited

12:45 pm - 1:15 pm

Session Lead – TBC

1:35 pm - 1:55 pm

Protecting your Digital Assets with Password Manager for Mobile Devices and Computers – Keeping your Data and Assets Secure Anytime, Anywhere

2:15 pm - 2:35 pm

Joining Records Management and Cyber Security

  • The role of Records Management and Cyber Security Experts in handling information.
  • How do Records Management and Cyber Security Expertise integrate?
  • How can good practice be communicated across a business?
  • Industry knowledge from organisations across the public and private sector in the area of boosting security through communication.
Martin Fletcher
Government Liaison and Training Manager
The National Archives

2:45 pm - 3:05 pm

Ensuring Cyber Security Culture in Complex Environments of Regular Change

Case Study

  • Reviewing the layers of security risk connected to mobile cyber-security: Network, device, application, and back-end system
  • Implementing cyber security policies and processes to manage remote working risks
  • Creating a culture of security through clear responsibilities and accountability
  • Taking a proactive and protective approach to mobile security for next-generation productive working
  • Using encryption and preventative software to manage risks
Jasvinder Pham
Information & Cyber Security Manager
High Speed Two (HS2)

3:15 pm - 3:45 pm

Protecting your Organisation Against Data Breaches, Secure Access on any Device, Anytime Anywhere

  • 2-Factor Authentication – What is it and how can it strengthen access security?
  • BYOD Security
  • Cloud Security

3:55 pm - 4:15 pm

Reframing Security Strategies for Secure Mobile Working

Case Study

  • Reviewing the layers of security risk connected to mobile cyber-security: Network, device, application, and back-end system
  • Implementing cyber security policies and processes to manage remote working risks
  • Creating a culture of security through clear responsibilities and accountability
  • Taking a proactive and protective approach to mobile security for next-generation productive working
  • Using encryption and preventative software to manage risks
  • 2-Factor Authentication to protect against data breaches
  • Cloud and BYOD security
Giacomo Collini
Director of Information Security