Agenda | The Future of Data Protection Forum 2016

Discover Thomson Reuters Contact & Support

Date: Tuesday 8 November 2016 | Location: Hilton London Bankside, London

The Future of Data Protection Forum 2016

5th Annual

08:00

Registration

09:00

Chairperson’s welcome and introductions

Steve Wright Group Data Privacy & InfoSec Officer, John Lewis Partnership

09:10

KEYNOTE: Brexit and the implications for the UK data protection landscape

EU restrictions on transferring personal data
Analysing the UK’s potential options, including: adequacy decision, EEA/EFTA membership, bilateral data pact, liberalisation of data protection laws
Differences in regulatory approach between the EU and the US in relation to data protection
Looking ahead – what can be done by companies now?

The Right Honourable Matthew Hancock MP Minister of State for Digital and Culture,

09:55

GDPR – Bridging the gap: Where are you now? Where will you need to be?

Key changes to data protection law under the GDPR
Will Brexit actually impact the UK implementation of GDPR?
May 2018 deadline – where should you be now if you want to be compliant
Challenges Data Protection Officers are facing in implementing GDPR compliance measures

Constantine Karbaliotis Vice President, Privacy Office Solutions, Nymity
David Smith EU Research Advisor of Nymity, and former Deputy Commissioner and Director of Data Protection Information Commissioners
James Leaton Gray Director, The Privacy Practice

10:40

Morning refreshments

11:10

Cross-border data transfer developments

Cross-border data transfer in the context of GDPR requirements
Overview of the EU-US Privacy Shield framework
Are the Privacy Shield and alternative data transfer mechanisms such as EU standard contractual clauses vulnerable to invalidity challenges?

Ellis Parry Global Lead - Data Privacy, BP
Cameron Craig Deputy General Counsel and Group Head of Data Privacy, HSBC
Natalie Salunke European Counsel, Enterprise Holdings

11:55

Analysing, understanding and following your privacy impact assessments (PIA) results

How to use PIAs to comply with the GDPR obligations
What are your obligations as a Data Protection Officer regarding risk after the PIA?
Best practices to minimise the risk of an intrusion into information privacy

Jo Blazey Privacy Officer & Counsel, Vodafone UK
Laszlo Zsoldos GDPR Readiness Programme, Royal Bank of Scotland
Hazel Grant Partner, Fieldfisher

12:40

Lunch

13:40

Breakout sessions

A choice of one of the following two options

Breakout option 1 – Going back to basics – How to be a Data Protection Officer (DPO)

Identifying your core responsibilities – What are your company needs?
Developing pratical policies for handling personal data
How to effectively communicate internal data protection policies and processes (externally and internally)
Top tips from a senior DPO: developing your role within the business
What are the DPO requirements under the GDPR
KPIs – Turning them into your best friends

Richard Merrygold Data Protection Officer, Home Serve
Alex Pickering Global Privacy Director, BBC

Breakout option 2 – Cyber security trends and approaches to data protection

Data protection vs information security vs cyber security
How can you ensure your current cyber security infrastructure is the best one for the business?
Network & Information Security (NIS) Directive – the Cybersecurity Directive before and after Brexit – breach notifications

Vivienne Artz Managing Director and Head of the IP & Technology Law Group, Citi
Alexander Dittel Solicitor, Charles Russell Speechlys

14:25

Breakout sessions

A choice of one of the following two options

Breakout option 1 – The impact of data protection in artificial intelligence

Putting the right systems in place to avoid data protection attacks by intelligent machines
Using machine learning – identifying internal and external threats
Artificial intelligence vs the human element
AI impacts on the security profession

Nina Barakzai Group Head of Data Protection and Privacy, Sky
Johannes Jördens European Privacy Counsel, Sky

Breakout option 2 – Outsourcing and cloud computing

What impact will the GDPR have on outsourcing contracts ?
How are customers and suppliers reacting now to changes in data protection law and practice ?
What should you be putting in your contracts in preparation for the GDPR ?
How do cloud contracts differ from outsourcing contracts in this context ?

Mark Crichard Partner, RPC
Robert Johnson Legal Director, RPC

15:10

Afternoon refreshments

15:40

New obligations on data processors under the GDPR

Direct obligations and liability on data processors for the first time
Controller-processor contracts – what must be covered?
Sub-contracting restrictions and consent
Accountability and demonstrating compliance
Security and breach notification requirements
Further requirements including on transfer to third parties and appointing DPOs

Frank Madden Legal Adviser – Privacy & Data Protection, Fujitsu
Mark Gleeson Partner, Browne Jacobson
Asli Yildiz Legal Counsel, Canon

16:25

The changes ahead: the Information Commissioner’s view

The new Commissioner’s priorities
Building competence on GDPR
The future of DP regulation in the UK

Jonathan Bamford Head of Strategic Liaison, Information Commissioner’s Office

17:10

Chairperson’s closing comments followed by drinks and canapé reception

Steve Wright Group Data Privacy & InfoSec Officer, John Lewis Partnership

Please note the agenda is subject to change

The page will be updated with further details on the agenda once they are confirmed.