Practical LawConferences

Adjusting to the new EU General Data Protection Regulation could mean some big changes within your company. What is the reality of the current regulation, where will the biggest changes be and how can you ensure compliance?

The first part of this session will explore the latest developments and impacts of the GDPR and will adjust according to the regulation’s current status at the time of the Forum. The second part will consist of a panel discussion with speakers from different industries considering how the GDPR will impact their industry. 

What are the benefits of using the tool and how can you utilise them to comply with the GDPR obligations?

• Learning from the best practices of PIAs to minimise the risk of an intrusion into informational privacy. What does an effective PIA look like?
• Promoting a privacy by design approach in your organisation by working with different people in the business

Lifting the lid on a cyber-attack, discover directly from penetration testers how it’s done. Listen and see as they explain the tips and tricks to prevent different types of attacks

• Deconstructing a breach: what’s in the headlines, how was it done and what’s the impact?
• How to develop sensible policies for passwords and patches
• Building and monitoring the honey pot – how to attract and analyse malicious attacks
• How to obtain buy-in from the business to develop a sensible and well-enforced policy

Through someone else’s eyes: walking through a data security breach

What’s the process to manage a security breach and what’s the wider impact?

• Understanding what makes your data an attractive target for an attack and how to implement effective systems and controls to avoid data security breaches. What are the most comment root causes of breaches?
• What is the enforcement process following a breach caused by non-malicious actions?
• Understanding the risks and challenges of a breach. Where are you most vulnerable and what would be the impact of a breach be on your organisation?
• In light of the GDPR, how will your responsibilities as controller change when it comes to reporting and handling a breach?

Building and managing a comprehensive security system

So you know the risks, you know where you’re vulnerable and you know the ways you can be a target to a cyber-attack, what are the most effective systems and infrastructures to implement in order to protect your business’ data?

• Using physical security and information security to protect your data
• Working effectively with an in-house or external information security team
• Analysing different ways to protect static data and data in transit
• How can you ensure your current cybersecurity infrastructure is the best one for your business?

Please choose one of the following sessions

First Edward Snowden, now Maximillian Schrems, who by challenging data security, are forcing companies to reconsider how they handle international data transfer. The ECJ’s latest decision has presented an array of challenges to businesses managing international data and if one’s thing for certain, you need to ensure you remain compliant and abide by the law. But which ones and how?

• Update on Schrems case and ECJ decision
• What’s the real impact of recent decisions on businesses?
• What are the practical techniques to ensure compliance?
• How you can ensure you’re covering every base in-house
• Highlights of the key proposed changes to the Regulation – what parts do you need to keep an eye on?

Monitoring and collecting employee data. How can controllers strike the balance between monitoring employees and allowing reasonable and fair workplace privacy?

• Analysing the risk profile associated with employee data. What are the real risks and threats faced by your business if the data is poorly managed?
• The advantages, disadvantages and overcoming the challenges of allowing the use of social media in the workplace
• What are the restrictions on sharing employee data with other departments and organisations outside Europe?

Join us for this interactive workshop session to discuss the role of the privacy and data protection team in the business and how you can develop you and your team into an effective, strategic and instrumental department.

• Measuring your value: using metrics and other techniques to demonstrate value-add
• Effectively influencing other senior executives in the business
• Being at the front of people’s minds: how to ensure policy integration throughout the business
• Developing your role within the business: what are the other opportunities and areas for development available to you?

Please choose one of the following sessions

The opportunities presented by the ‘internet of things’. What are the upcoming developments and trends and how can you utilise them to the benefit of your business while remaining within the limits of the law?

• What devices and techniques for data farming are developers currently fine tuning?
• How can you utilise new technology to the benefit of your clients/customers and business?
• Should ethical questions be part of these considerations?

Access to data, rectification and erasure – sharing best practices – what are the most effective ways to handle data subject access requests and rectification? What are the challenges of the ‘right to erasure’ in practice?

• Implementing effective work flows in your business to handle data subject requests
• Verifying the authenticity of a subject access request and the practicalities of being unable to react to a request
• How long should you keep data for? How can you and what are the limitations of re-utilising old data?
• How far should you go to have data erased when requested? What is a reasonable and realistic interpretation of taking ‘all necessary steps’?

Join us for this interactive workshop session to discuss the role of the privacy and data protection team in the business and how you can develop you and your team into an effective, strategic and instrumental department.

• Measuring your value: using metrics and other techniques to demonstrate value-add
• Effectively influencing other senior executives in the business
• Being at the front of people’s minds: how to ensure policy integration throughout the business
• Developing your role within the business: what are the other opportunities and areas for development available to you?

Building and utilising consumer profiles. it is becoming more and more difficult to communicate and advertise as the lines between services and marketing become blurred and regulations tighten. How can DPOs and CPOs ensure the business complies with the regulators’ definitions?

• How do you clearly and lawfully differentiate between marketing and service communications? What are the best strategies for ensuring the marketing team are correctly using consumer profiles?
• Obtaining lawful and explicit consent: the opt-out and opt-in options in practice
• The variety of methods of communicating with your customers – where are the underutilised opportunities bearing in mind the ‘internet of things’?
• What kind of data do you risk collecting that develops the consumer profile but can’t or won’t be used by your organisation? Should you avoid building or storing this profile?

“Big data can work within the established data protection principles. The basic data protection principles already established in UK and EU law are flexible enough to cover big data. Applying those principles involves asking all the questions that anyone undertaking big data ought to be asking. Big data is not a game that is played by different rules,” Steve Wood, Head of Policy and Delivery, ICO

• Ensuring personal data being fed into data lakes has been collected and is now being processed in the lake, fairly and lawfully
• The role of pseudonymisation and anonymisation in data minimisation
• Implementing a document retention policy into data lakes
• The role of privacy impact assessments (including a case study)
• FCA regulatory issues for regulated firms
• Considerations of Big Data initiatives for cyber risk insurance

Sponsored by DAC Beachcroft LLP