Data Protection Agenda

14:35 - 14:40

Data Protection Summit - Chair's Opening Remarks

Catherine Easton

Catherine Easton, Lecturer in Law, Lancaster University

14:40- 15:20

Enabling Data Protection and Use with Privacy Enhancing Technologies

  • The Road towards PETs: How do you decide whether the technology is necessary and which approach is best for you?
  • Can PETs fulfil organisational needs including GDPR compliance and could they create new opportunities for your organisation?
  • The DPO perspective on privacy
  • What’s next? What could regulators do to help/guide PETs adoption?
Natasha McCarthy photo

Dr Natasha McCarthy, Head of Policy – Data, The Royal Society

Emma Butler Photo Original

Emma Butler, Data Protection Officer, Yoti 

Stuart Gunson - original

Stuart Gunson, Deputy Head of the Data Services for Commissioners Live Service, NHS Digital 

15:10 – 15:45

Afternoon Refreshments

15:45 - 16:25

Post-GDPR Breach Response: Learning from Breach Scenarios

  • The crucial 72 hours – How have organisations structured their response within the reporting window?
  • How do we define impact and gravity to ensure that responses are measured?
  • What’s the role of the DPO post breach and what varying approaches can be used to respond to the specific situation?
Stewart Room, Partner, PwC &  President, NADPO

Stewart Room, President, National Association of DP and FOI Officers

Adrian Leung, Data Protection Officer, Equifax UK

Adrian Leung, Data Protection Officer, Equifax UK

16:25- 16:45

The Delicate DPO Balancing Act: The Rights of the Data Subjects, the Needs of the Business and Legal Compliance

  • Mapping the difference in how businesses expect to use Personally Identifiable
    Information compared to how data subjects think their data is being used
  • Anticipating the data subject’s gap in knowledge between their data protection
    rights and what this translates into when making data requests
  • Convincing businesses of what is realistic, and tempering their data use
    appetite with lawful basis
Flick March, Cyber Resilience, IBM

Rhiannon Platt, Information Governance Manager and Data Protection Officer, Royal Devon and Exeter NHS Foundation Trust

16:45 - 17:05

Data Protection and Staff Monitoring: Essentials and Implications

  • Defining monitoring and its legal basis and identifying practical problems in your current monitoring practices
  • The importance of a gap analysis and assessment of your needs before implementing monitoring tools
  • Justifying what you are doing, and gaining stakeholder buy in to build a sustainable monitoring programme
  • Documentation, documentation, documentation. Getting your documentation in place and the difficulties associated with this
Sarah Laws
Sarah Laws, Data Protection and FOI/EIR Lead, London Borough of Camden


Drinks Reception