Expo Agenda

GDPR Conference
Seminar Theatre 1
Seminar Theatre 2
Seminar Theatre 3
GDPR Conference
Seminar Theatre 1
Seminar Theatre 2
Seminar Theatre 3

10:00 am - 10:10 am

Opening Remarks from the Chair

Scott Sammons
Information and Records Management Society (IRMS)

10:10 am - 10:30 am

GDPR Preparedness – Frameworks and Guidance from the ICO

  • Preparing for the May 2018 deadline: Avoiding the risk of 20,000,000 EUR fines, or up to 4% of the total worldwide annual turnover for serious breaches to GDPR
  • Understanding the key principles of the regulation – including the right to erasure, the right to access, data portability and how to respond to data requests
  • Exploring the role of the Data Protection Officer, reporting data breaches and GDPR enforcement
  • Identifying the appropriate supervisory authority in cases of complex cross-board data processing
  • Global Implications: How GDPR will affect organisations outside of the EU
  • How does GDPR link with other data policies including the EU-US Privacy Shield and the Network and Infrastructure Directive?
Peter Brown
Group Manager
Information Commissioners Office (ICO)

10:30 am - 10:50 am

GDPR in the Boardroom – Leadership for Compliance


  • Getting data protection right to help deliver real business benefits and competitive advantage
  • Managing the implications of GDPR for your business in terms of data strategy and usage within the organisation
  • Exploring the key elements of a good information strategy
  • Examining new rights and status of Data Protection Officers
  • Creating a culture of GDPR data compliance and measuring compliance
Simon Wright
Strategic Governance Manager – Group Data Protection & Privacy

10:50 am - 11:10 am

Data Governance Requirements for GDPR

  • Meeting Data Governance regulatory requirements for GDPR – the clock is ticking, how are you protecting your data and content
  • Securing your applications and securely share files on premises and in the cloud, encrypt content, data and files
  • Cloud storage and file sharing – challenges and security threats
  • Data Governance solutions to help IT and business leaders gain greater control and transparency over visibility of data assets, who has access to files and data, data retention, reporting and auditing
  • Challenges of managing and classifying data in a digital workplace, what does best practice data governance look like
Kris Lahiri
VP Operations and Chief Security Officer

11:10 am - 11:25 am

Lead Supervisory Authorities and the Potential Effect of Brexit

Rebecca Turner
Head of Compliance and Privacy

11:25 am - 12:00 pm

Coffee and Expo

12:00 pm - 12:20 pm

Developing an Organisational Roadmap for the Introduction of GDPR in May 2018

  • Dealing with the multiple challenges and opportunities that the GDPR brings
  • Taking a proactive approach to preparing for its implementation, developing project milestones and plan of action to meet the deadline
  • Managing the impact on your company’s data strategy and ability to use data
  • Taking a cross-function approach to GDPR – Security, IT, Data and Legal teams working together
Jonathan Baines
Data Protection Officer, GDPR Readiness
Network Rail

12:20 pm - 12:40 pm

Identifying Areas of Data Risk within Your Organisation

Case Study

  • Things to consider when examining areas of the business that will be impacted by GDPR – identifying the personal information that you hold
  • Analysing data access points and accessibility
  • Undertaking a privacy impact assessment where the risk is deemed high, using as a tool to ensure you meet the GDPR obligations
  • Shared lessons from experience and what to consider in your GDPR preparations

12:40 pm - 1:00 pm

Redefining Information Architecture, Access and Reporting under GDPR

  • Reforming the way personal data is stored, used, shared, maintained and recorded – Technology and solutions to help Government and Enterprise meet GDPR challenges
  • Establishing data confidentiality, integrity and protection through encryption
  • Developing processes to manage individual data rights – including data editing, deleting, provision and compatibility
  • Implementing record keeping processes that demonstrates compliance and accountability
  • Complying with data portability requirements and overcoming security concerns of data sharing
  • Data and Backup Storage, Archiving and Recovery, Data Erasure
Christopher Bradley

1:00 pm - 2:00 pm

Lunch and Expo

2:00 pm - 2:15 pm

New Considerations for Sensitive Data, Regulated data, Personal Data and Child Data

  • Best practice in processing personal sensitive data: Understand what personal data is, what lawful processing looks like and how to gain and record consent
  • Detecting data breaches and utilising breach procedures to ensure you take the appropriate steps to inform relevant parties
  • Communicating the correct data privacy notice and that they are undertaking the appropriate consent retrieval methods
  • New measures for data retention and data disposal – how to prove state of data?
  • Managing data on children, what additional controls do you need?
John Culkin
Director of Information Management
Crown Records Management

2:15 pm - 2:30 pm

Sponsor Session

2:30 pm - 2:50 pm

GDPR – Being Ready for May 2018

  • Mandatory grounds for appointing a DPO under the GDPR
  • Latest Guidance by Art.29 Data Protection Working Party on the DPO
  • What the DPO is expected to do in their first 100 days?
  • How easy or difficult is it to hire a DPO?
  • How to identify a senior manager internally who could become the DPO?
  • Will ‘Team DPO’ as an outsourced solution become the de facto way to comply with the requirement for a DPO?
Ardi Kolah
Executive Fellow and Co-Director
GDPR Transition Programme - Henley Business School (UK)

2:50 pm - 3:00 pm

Questions and Answers

3:00 pm - 3:30 pm

Coffee and Expo

3:30 pm - 3:45 pm

Sponsor Session

3:45 pm - 4:00 pm

eBay – Reviewing Process, Procedure and Reporting for GDPR

Case Study

  • Reforming the way personal data is stored, used, shared, maintained and recorded
  • Technological solutions to help meet GDPR challenges
  • Developing processes to manage individual data rights
  • Implementing record keeping and reporting to demonstrate compliance and accountability
  • Developing and enhancing a culture of privacy compliance
  • Operational and technical challenges
Ben Westwood
Senior Privacy Manager & Data Protection Officer
eBay UK

4:00 pm - 4:30 pm

Creating a Culture of Data Compliance in your Organisation

Panel Discussion

  • Exploring the role of Data Protections Officers in preparing for GDPR
  • How to engage staff and the board in the responsibilities of the regulation
  • Considerations beyond the organisation: Where do you need to consider GDPR in outsourcing relationships and the supply chain?
  • Measuring GDPR compliance
  • Investing in a programme of staff training
Brian Shorten
Charities Security Forum
Ardi Kolah
Executive Fellow and Co-Director
GDPR Transition Programme - Henley Business School (UK)
Simon Wright
Strategic Governance Manager – Group Data Protection & Privacy

9:30 am - 9:50 am

Top Tips for Good Cyber Hygiene

Expert Insight

  • Helping organisations prepare, protect, prevent, respond and recover from salient cyber threats
  • Engaging with local enterprise partnerships to create a shared awareness culture
  • Encouraging organisations to help prevent attacks from spreading through the Cyber Security Information Sharing Partnership (CiSP)
  • Working with national partners across government, crime sector and industry to provide regular updates on attack trends
Jennie Williams
Cyber Protect Officer
TITAN - North West Regional Organised Crime Unit

10:00 am - 10:30 am

Sponsor Seminar Session

10:40 am - 11:00 am

The Dangers and Opportunities of AI-Based Security Systems

Expert Insight

  • The need for smart, adaptive security systems
  • AI and machine learning in new deterrence and defence technologies
  • Exploring the risks and rewards posed by smart security systems
Prof. Tim Watson
Cyber Security Centre at WMG (Warwick University)

11:20 am - 12:05 pm

Sponsor Seminar Session – PA Consulting

12:15 pm - 12:45 pm

Safeguarding Data in the Digital Economy

  • Safeguarding data in applications – inside and outside organisations
  • Reducing the need for role-based access through attribute-based access control
  • Security measures for sharing data outside the organisation
  • Exploring data safeguards for GDPR
Senior Representative


12:55 pm - 1:15 pm

Access Rights Management for Complex Information Infrastructures

Expert Insight

  • Implications of the IG Toolkit for Trusts and in meeting the modern needs of patients
  • Reducing the intrusion of biometric/biomathematics information using authenticated equipment
  • Implementing role-based control to improve compliance with HIPAA regulations without reducing efficient accessibility to patient information
Matt Argyle
Director of IT Security
South West Childen's Hospices

1:25 pm - 1:55 pm

Shared Lessons: Preparing for Ransomware Attacks and Disaster Recovery

Best Practice Panel Discussion

  • Understanding the increase in ransomware variant: More common, more cost and more damaging
  • Optimising defence: Deploying monitoring tools to detect, respond and neutralize suspicious activity for DDOS and website protection
  • Factoring ransomware into business continuity planning to enable quick and efficient response in the event of a breach
  • Paying the ransom: Discussing practicality, organisational reputation and principles
  • Preparedness best practice: Regular backups of mission critical data, defined access control and system compartmentalisation


Talal Rajab
Head of Programme – Cyber and National Security
Tech Uk
Bridget Kenyon
Head of Information Security
University College London
Stephen Baker
Chief Executive & Spokesperson on Civil Resilience and Community Safety
Suffolk Coastal and Waveney Councils & SOLACE
Gerard McGovern
Head of Technology
Great Ormond Street Hospital Children’s Charity

2:05 pm - 2:35 pm

Sponsor Seminar Session

2:45 pm - 3:15 pm

Sponsor Seminar Session

3:25 pm - 3:55 pm

Sponsor Seminar Session

4:05 pm - 4:25 pm

Emerging Cyber Tech for Evolving Cyber Threats

Expert Insight

  • Matching the changing threat with the right solutions, strategy and approach
  • Working with the private cyber security industry to accelerate the development of next-gen technology
  • Developing the potential of automation, artificial intelligence and machine learning in new deterrence and defence technologies
  • Exploring the risks and rewards posed by a future of quantum computing
  • Realising the potential of Blockchain based security solutions and advanced cryptography
Prof Chris Hankin
Institute for Security Science and Technology, Imperial College London

9:40 am - 10:00 am

Taking a Proactive Approach to Cyber Defence

Case Study

  • Revisiting strategies to map and test vulnerabilities within your organisation
  • Developing a Red Team cyber approach
  • Simulating attacks with advanced threat intelligence to secure critical IT
  • Shifting mindsets from incident response to continuous response
Ian Glover

10:10 am - 10:55 am

Securely Unlocking the Value of Digital Business in the Internet of Things

  • What is the internet of things?
  • What use cases are there for the internet of things?
  • What are the challenges inherent in the internet of things?
  • How can Entrust Datacard help you prepare for the internet of things?


Luke Niemiec
Sales Associate
Entrust Datacard

11:05 am - 11:35 am

Data Breach Detection – What’s Outside Your Firewall?

  • Dark Web monitoring – has your data already left the building?
  • Watermarking and Fingerprinting – how to recognize your data when it leaks
  • Detecting Data Breaches on the Deep Dark Web
  • Beyond Google – the role of TOR, IRC and Paste sites in data breaches
  • Real-time detection and alerting as part of a GDPR compliance strategy
Jeremy Hendy
Chief Commercial Officer

11:45 am - 12:15 pm

Sponsor Seminar Session – Risk X

12:40 pm - 1:10 pm

Cyber Security Considerations for your Journey to the Cloud

Best Practice Panel Discussion

  • Exploring operational security benefits presented by Cloud based SaaS, PaaS and IaaS
  • Public, Community and Private Cloud: Evaluating which is best for your organisation
  • Best practice for data protection and service migration: Developing a data-tight roadmap
  • The importance of classifying risk of data and compliance frameworks when considering multi-tier cloud options
  • Evaluating the interoperability and versatility of security solutions and tools to reduce complexity in your security architecture
Steve Williamson
Director of IT Governance, Risk & Compliance
Sue Daley
Head of Programme for Cloud, Data Analytics and AI

1:25 pm - 1:55 pm

Sponsor Seminar Session

2:05 pm - 2:25 pm

Implementing Verify for Identity Management across Government

Case Study

  • Using a ubiquitous system to ensure widespread demographic coverage using multiple types of evidence and methods of verification
  • Keeping pace with security challenges, products and best practice
  • Ensuring strong authentication including 2nd Factor Authentication for bolstered security
  • Increasing scope to service local government, health and social care, and the private sector
  • Working with D5 nations, the United Nations, and the World Bank, to promote international standards and platforms for identification and verification
Adam Cooper
Lead Technical Architect
Verify-Government Digital Service (GDS)

2:25 pm - 3:10 pm

24 Hours in a Cyber Attack

  • Exposing how quickly multiple technical defences can be efficiently defeated
  • Protecting organisations from well-resourced, well-motivated attackers who use a wide range of advanced techniques to compromise  your security
  • Understanding the vulnerabilities of traditional systems and implementing advanced core security functions
Noel Hannan
Cyber and Digital Innovation Lead

3:20 pm - 3:50 pm

Sponsor Seminar Session

4:00 pm - 4:20 pm

The Psychology Behind Cyber Attacks and How to Manage the Insider Threat

Expert Insight

  • Implementing safeguards to administrative, procedural and technical components to decrease human error
  • Using holistic approaches to develop training for staff and reduce insider attacks
  • Reducing physical data breaches such as; lost paperwork, faxing or emails to wrong recipients
  • Monitoring technology to spot threats within the organisation
Angela Sasse
Professor of Human-Centered Technology in the Department of Computer Science
University College London

9:35 am - 9:55 am

The Evolving Cyber Threat Landscape – Looking Ahead for the Next 12 Months

Expert Insight

  • Horizon scanning for emerging and future threat vectors
  • Exploring new areas of vulnerability and new opportunities for exploitation
  • Examining the changing nature of the threat: Large scale state-level vs. personal and reputational attacks
Ewan Lawson
Senior Research Fellow
Royal United Services Institute (RUSI)

10:05 am - 10:35 am

Sponsor Seminar Session – EOL IT Services

10:45 am - 11:15 am

The Cybernetics Of Society

  • Understanding cyber as a complex, self-adaptive, socio-technical phenomenon operating at societal scale
  • Exploring the implications of this for cyber security and society
  • Projecting the possible future developments of cyber as a societal construct
Colin Williams
Software Box (SBL)

11:25 am - 11:55 am

Dealing with the Increased Sophistication of Phishing Attacks

Best Practice Panel Discussion

  • Reducing vulnerability and managing risk – updating security policies and solutions to eliminate threats as they evolve
  • Educating employees and conducting training sessions with mock phishing scenarios
  • Implementing the use of anti-virus on mobiles to combat the effect of smishing damaging organisations smart working and mobile security
  • Applying log in activity software to halt fake email interfaces stealing log-in details
  • Exposing the dangers of URLS as websites built by criminals that gain access to identities and systems
Piers Wilson
Institute of Information Security Professionals (IISP)
DCSupt Glenn Maleary
Detective Chief Superintendent
City of London Police - Economic Crime Directorate
Chris Rivinus
Head of Business Systems
Tullow Oil

12:05 pm - 12:35 pm

A Dummies Guide to GDPR – Getting Down to Business with European Privacy

  • Ensuring business buy in to your GDPR project
  • A methodology for implementing a GDPR compliant business environment
  •  Incorporating GDPR as the keystone of your Digital Transformation strategy
  • Aligning your Cyber Security and Data Protection objectives
Robert O’Brien
MetaCompliance Limited

12:45 pm - 1:15 pm

Sponsor Seminar Session

1:25 pm - 1:45 pm

Joining Records Management and Cyber Security

  • The role of Records Management and Cyber Security Experts in handling information.
  • How do Records Management and Cyber Security Expertise integrate?
  • How can good practice be communicated across a business?
  • Industry knowledge from organisations across the public and private sector in the area of boosting security through communication.
Martin Fletcher
Government Liaison and Training Manager
The National Archives

2:05 pm - 2:35 pm

Sponsor Seminar Session

2:45 pm - 3:05 pm

Ensuring Cyber Security Culture in Complex Environments of Regular Change

Case Study

  • Reviewing the layers of security risk connected to mobile cyber-security: Network, device, application, and back-end system
  • Implementing cyber security policies and processes to manage remote working risks
  • Creating a culture of security through clear responsibilities and accountability
  • Taking a proactive and protective approach to mobile security for next-generation productive working
  • Using encryption and preventative software to manage risks
Jasvinder Pham
Information & Cyber Security Manager
High Speed Two (HS2)

3:15 pm - 3:45 pm

Sponsor Seminar Session

3:55 pm - 4:15 pm

Reframing Security Strategies for Secure Mobile Working

Case Study

  • Reviewing the layers of security risk connected to mobile cyber-security: Network, device, application, and back-end system
  • Implementing cyber security policies and processes to manage remote working risks
  • Creating a culture of security through clear responsibilities and accountability
  • Taking a proactive and protective approach to mobile security for next-generation productive working
  • Using encryption and preventative software to manage risks
  • 2-Factor Authentication to protect against data breaches
  • Cloud and BYOD security
Giacomo Collini
Director of Information Security

HackChat will put a range of senior leaders in the hot seat to explain critical learnings from previous hacks, as well as provide insights into some of the UK’s most vulnerable industry sectors. HackChat will also feature key government agencies at the heart of national protection, reviewing progress against key components of the National Cyber Security Strategy, one year after its release.

10:30 am - 10:45 am

Developing the UK’s Cyber Skills for the Future

Debbie Tunstall
Head of Education Programmes
Cyber Security Challenge UK

11:00 am - 11:15 am

Reframing Security Strategies for Secure Mobile Working

Giacomo Collini
Director of Information Security

11:30 am - 11:45 am

Protecting Digital Organisations

Joe Fogarty
Head of the Cyber Resilience Centre
Department for Work and Pensions (DWP)

12:00 pm - 12:15 pm

How Cyber Effects Front-Line Staff in Local Government

Sarah Pickup
Deputy Chief Executive
Local Government Association

12:30 pm - 12:45 pm

Attracting More Female Talent to the Cyber Security Industry

Vicki Gavin
Head of Business Continuity, Cyber Security, Data Privacy & Compliance Director
The Economist