Steve Wright

Group Data Privacy & InfoSec Officer, John Lewis Partnership

Consumers enthusiastically engage with digital assets only when they derive real value and when they implicitly trust brands. Increasingly, consumers are demanding control over what they see (Digital), when they see (time), how they see it (Channel) and they determine if they want to share their personal data with our brands (privacy). In the new data driven ecosystem Consumer Privacy and Digital Security are integrated (e.g. two sides of the same coin) and are undoubtedly the key ingredients for stronger business growth through digital channels. John Lewis Partnership has itself launched various digital and data initiatives, which aim at bringing great brand experiences to customers based on deep insights on customer needs. The commonality between all digital initiatives is the need for data governance, best practice, personalised customer engagement, and leading market innovation in digital has lead to the recent appointment of a new Data Privacy & InfoSec Officer – Mr Steve Wright.

With over 20 years’ experience, designing, developing, managing and delivering transformational data governance, privacy and security  programmes, Steve’s  vast experience as a pragmatic and charismatic leader, ideally places  him as the ‘trusted advisor’ to the Board on all  privacy and security related  matters. Steve is also a published author, a non-exec director and is regularly invited to speak at industry events, trade associations and thought leadership working groups, working towards continually finding new ways to increase trust and transparency in respect of consumer services, business functions and product vendors.

Steve believes that consumer data, cyber security and privacy must come together as they share common objectives, legal obligations and principles, and therefore require the same or common satisfactory safeguards and assurances. From a business perspective, this can be achieved by building ‘digital trust and assurance programmes’ based on the fundamental principles of transparency, trust, accountability, protection, integrity, confidentially and availability, accompanied by clear policies and delivered through comprehensive training, integrated procedures and a robust compliance regime.

This is where Steve’s role as Data Privacy & InfoSec Officer at John Lewis PLC is particularly relevant because John Lewis PLC’s digital ambition will create greater functionality, connectivity and personalisation. Steve’s role is to work collaboratively and integrally with the business, to help steer and shape the digital conversation and leverage the power of data analytics, while also  ensuring that the business remains compliant with laws around the world but still competitive, and acts in a moral and ethical way in relation to the rights of the  individual.

His role as Trusted Privacy & InfoSec Advisor (plus the Data Protection Officer), is essentially about making John Lewis PLC’s digital strategy a reality. This work involves proactively communicating with Data Protection Authorities from Europe and around the world and regularly training lawyers, marketers, HR and R&D personnel to ensure that they understand and know their responsibilities.

Please follow link to see full profile:

uk.linkedin.com/in/stevewright1970/

The Right Honourable Matthew Hancock MP

Minister of State for Digital and Culture,

Matt Hancock was appointed Minister of State responsible for digital policy at the Department for Culture, Media and Sport on 15 July 2016. He was elected Conservative MP for West Suffolk on 6 May 2010.

Minister of State for Digital and Culture

Responsibilities include:

  • arts
  • broadband
  • culture
  • creative industries
  • cyber security and telecoms resilience
  • data protection
  • digital strategy, enterprise and technology
  • digital infrastructure and spectrum
  • digital markets and consumer policy
  • digital engagement and skills
  • media

Matt was educated at Farndon County Primary School, West Cheshire College and The King’s School, Chester. He gained a degree in Philosophy, Politics and Economics from Exeter College, University of Oxford, and a Masters Degree in Economics from the University of Cambridge.

Vivienne Artz

Managing Director and Head of the IP & Technology Law Group, Citi

Vivienne Artz is a Managing Director and Head of International for the Intellectual Property and Technology Law Group in the General Counsel’s Office in London.

The International team, with lawyers in London, Belfast, Singapore and Japan, is responsible for all legal aspects of intellectual property, technology, e-commerce, general commercial/procurement/outsourcing, data privacy, banking secrecy and data security, electronic trading and order routing, and market data legal issues, across all business areas in the EMEA and APAC regions.

Prior to joining Citi in 2000, Vivienne worked in private practice in London.

Vivienne chairs the AFME Data Protection Working Group, the International Regulatory Strategy Group Data Working Group and is co-chair of the IAPP Knowledge Net for the UK.  Vivienne is an active participant on the E-Commerce Group and the Data Protection Groups at the BBA and CBI, as well as a Steering Committee member for the Technology Discussion Group.  Vivienne has recently completed a two year term as co-chair of the UK Citi Women Network, and chair of the Legal Diversity Council for EMEA, and is currently a Citi Women Community Ambassador.

Vivienne was awarded the ‘Champion for Women’ Award at the Women in Banking and Finance Awards for Achievement 2016.

Jonathan Bamford

Head of Strategic Liaison, Information Commissioner’s Office

Jonathan Bamford joined the staff of the Data Protection Registrar when the office was first established in early 1985. He has remained through the transition to Information Commissioner with the introduction of the Data Protection Act 1998 and Freedom of Information Act 2000. The Information Commissioner enforces this and associated legislation in the UK.

He has performed a variety of compliance and policy roles over the years ranging from enforcement and giving evidence in legal proceedings through to representing the ICO internationally and leading on policy development initiatives. These include the first ICO code of practice, original ICO audit manual, the first ICO Privacy Impact Assessment handbook and initiating the ICO’s ‘privacy by design’ work.

Jonathan is a member of the ICO’s senior management team and is responsible for the ICO’s engagement with its significant stakeholders across all sectors including civil society. His work centres upon many of the major information rights issues of the day such as state access to communications data and the practical effects of EU data protection reforms on organisations.

Nina Barakzai

Group Head of Data Protection and Privacy, Sky

Nina Barakzai is immediate Past Chair of the UK’s Commerce & Industry Group, representing UK in-house counsel.  She is Group Head of Data Protection & Privacy for the Sky group of companies, handling all aspects of privacy and data governance.  She is Vice President of In-House Counsel Worldwide; sits on the Advisory Board of the Future of Privacy Forum; served as Board Member on the International Federation of Accountants’ International Ethics Standards Board and sits on the Chartered Institute of Management Accountants’ Research Advisory Group, chairing the call for research papers on Big Data.  Her professional experience is in compliance, business ethics, privacy, corporate transactions, cloud services, cybersecurity and social media.  She is an accountant and solicitor and serves as Trustee for two community charities.

Jo Blazey

Privacy Officer & Counsel, Vodafone UK

Jo Blazey is a qualified solicitor and joined Vodafone in 2010.  Since March 2015 she has served as Vodafone UK’s Privacy Officer & Counsel and leads its privacy team.  Jo is responsible for Vodafone UK’s Privacy Programme and works closely with colleagues across the business on all aspects relating to Data Protection and GDPR readiness.  Prior to joining Vodafone Jo worked in private practice for Taylor Wessing and Thomas Eggar.

Cameron Craig

Deputy General Counsel and Group Head of Data Privacy, HSBC

Cameron Craig is deputy general counsel and group head of data privacy at HSBC, a role which he took on in September last year. In this new role he has responsibility for advising the Bank on global data privacy risks and appropriate measures to address these risks. Before joining HSBC Cameron was a partner in DLA Piper’s IP & Technology Team where he built and was the co-chair of DLA Piper’s EU Data Protection and Privacy Team. He worked as an engineer before turning to the law and his practice retains a strong technology focus. He has extensive experience in advising on outsourcing transactions and in managing and implementing global data protection solutions for international businesses. Cameron has managed many multi-jurisdictional projects, co-ordinating advice on compliance with data protection legislation across the world and advising clients on strategies for cloud adoption. Cameron is recognised as a data protection expert in Chambers for both UK and international data protection law which in 2010 stated that “he is well respected by market observers, who recommend him for his client-friendly and commercial approach” and in 2011 states that he is “technically second to none,” while clients value his “approachable manner and commercial advice.” The 2012 edition of Legal 500 recommends Cameron for “co-ordinating privacy projects for blue-chip clients” and the UK data protection team for providing ‘top-notch commercial advice’ on regulatory compliance matters, including for online products, international data transfers and security breach issues. He is also a regular contributor to journals and is the author of the data protection chapter for the Communications Law Handbook published recently by Bloomsbury Professional.

Mark Crichard

Partner, RPC

As a market leading technology and outsourcing lawyer, Mark Crichard can help both customers and suppliers on any technology related matter, whether big or small.

Specialising in non-contentious technology matters (including telecoms) and all forms of outsourcing, Mark has over 20 years’ experience advising a range of technology suppliers and customers on systems development/procurement, software licensing and distribution, cloud computing, open source and data protection issues.

On the outsourcing front, Mark advises on all types of projects including the outsourcing of IT infrastructure, AD/AM, network and data centre services, F&A, HR, FM, healthcare services and other business processes.

His clients include service providers, technology suppliers, insurers and other financial institutions, retailers, airlines and healthcare providers.

Alexander Dittel

Solicitor, Charles Russell Speechlys

Alexander is a solicitor at a City law firm who specialises in contentious and non-contentious data protection work, cyber security and commercial law. His previous in-house experience ranged from a tech start-up to global companies, including Google, Amazon and Pfizer. Currently, Alexander covers a spread of sectors including advertising, marketing, healthcare, retail and leisure, financial services and technology, media and telecommunications.

Alternatively, please see the full version on our website http://www.charlesrussellspeechlys.com/people/d/dittel-alexander/

Mark Gleeson

Partner, Browne Jacobson

Mark heads Browne Jacobson’s Data Privacy and Cyber Security team.  He specialises in data protection, privacy, cyber-security and freedom of information.  He has almost 20 years’ experience of advising on regulatory, compliance and strategic data issues. Most recently, Mark was a partner leading the UK data privacy practice at the international law firm Squire Patton Boggs (UK). Prior to which he headed the data protection team at Addleshaw Goddard.  Mark has also held a number of senior in-house data protection roles including Head of Data Protection at Barclaycard.

Mark regularly assists clients and industry bodies in lobbying on proposed legislation most recently on the General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NIS).  He is advising a number of clients on the impact and opportunities arising from the GDPR, NIS and the Second Payment Services Directive.

He has a wealth of experience managing complex data protection projects including those involving transfers across international borders.

He is a member of the Editorial Board of the Journal of Data Protection & Privacy and a Panel Expert for DataGuidance. He also provides input on data related issues to a number of industry groups including in the fields of disruptive technology, financial services, advertising and fraud.

Hazel Grant

Partner, Fieldfisher

I am head of the privacy and information group at Fieldfisher, specialising in data protection and information law. My clients come from within the UK government, health and charitable sectors, and also include professional services firms and IT service providers. I particularly enjoy advising on pragmatic solutions and helping my clients succeed in their projects.

I’m interested in data compliance projects, international data transfers, data audits and data retention projects. My work also covers responding to data security breaches, notification of data losses to the regulator and negotiations on remediation work and compensation. I advise organisations on information access requests (whether for personal information or government held information) and handle complaints to the regulator and appeals to the tribunal.

Many of my projects are international in nature, advising clients on global solutions for their privacy compliance issues, where necessary coordinating advice from our network of specialist privacy lawyers.

In addition, I hold a Certified Information Privacy Professional (Europe) (CIPP/E).

Chambers UK 2015 says “Hazel wears her strong intellect and legal rigour lightly, and is always prepared to offer practical and commercial risk solutions in a complex and constantly changing environment” and that I have “a quick grasp of the subject and brings the essentials to the fore”

James Leaton Gray

Director, The Privacy Practice

At The Privacy Practice James provides bespoke consultancy services in Data Protection and Privacy for a variety of companies and sectors. These range from financial services and retail, through to law and digital services.  James specialises in privacy implementation advice, GDPR readiness reviews and strategic data policy guidance. He also designs integrated privacy programmes, for example for the BBC’s personalisation and big data capability. As well as running the Privacy Practice he is a Consulting Director at Deloitte and the lead privacy consultant at Kemp Little Consulting.

For over 10 years he headed the BBC’s Information Policy and Compliance Department overseeing the corporation’s systems for compliance with the Data Protection and Freedom of Information Acts. Before that he worked on a variety of policy and management roles in the BBC following a career in current affairs and political programmes production.

Geraldine Henbest

Group Data Protection Officer, XL Catlin

Geraldine Henbest is currently Group Data Privacy Officer for XL Catlin, an organization recently formed following the transaction between XL and Catlin in May 2015.

Geraldine joined the Catlin Group in June 2014 following nearly 14 years with Ernst & Young (EY). As the first person to hold the position of Global Privacy Director at EY, Geraldine was instrumental in implementing Safe Harbor for the U.S. firm and worked for 2 years on implementing Binding Corporate Rules.  Under her direction EY was the first of the ‘Big 4’ to implement both of these globally recognized compliance mechanisms.

Geraldine is the current Chair of the UK Data Protection Finance Group (DPFG), a position she has held for approximately 5 years.  The group is made up of representatives from all the major financial institutions and meets three times a year.  Geraldine has previously held a number of other key positions, such as co-chair of the European Privacy Officers Network, co-chair for the London IAPP (International Association Privacy Professionals) KnowledgeNet, and for two years was a member of the IAPP European Advisory Board.

Robert Johnson

Legal Director, RPC

Robert Johnson is a Legal Director with the law firm RPC.  Robert is a commercial contracts expert and for the past nine years has had a special focus on data protection.  He advises on the regulatory and contractual aspects of data protection and data exploitation, including data sharing, international transfers, data breaches and subject access requests, as well as the impact of the new General Data Protection Regulation.

Robert’s clients covers a wide range of industries, including technology, financial services, publishing and retail.

Johannes Jördens

European Privacy Counsel, Sky

As Sky’s European Privacy Counsel, Johannes advises on all aspects of data protection and information technology law. He is dual-qualified in English and German law and has broad commercial and regulatory experience in the European TMT, finance and life science sectors. His data protection work includes advising on security incidents and complex data flows, as well as the implementation of comprehensive compliance regimes.

Constantine Karbaliotis

Vice President, Privacy Office Solutions, Nymity

Leading Nymity’s global solutions team, Constantine Karbaliotis is an expert in global privacy compliance and privacy management, with a proven track record of solving the challenges faced by the privacy office via practical and consultative approach. An accomplished privacy professional (CIPP/US, CIPP/E, CIPP/IT, CIPP/C, and CIPM), Constantine regularly speaks and participates internationally at privacy events. Prior to Nymity, Constantine most recently served as global chief privacy officer for Mercer where he spent the past four years managing the company’s internal compliance and the development and implementation of privacy programs, policies, and initiatives. Before Mercer, Constantine led the global privacy compliance program at Symantec, following his role as an executive consultant at CGI leading its privacy and security practice in Toronto. Before beginning his career in privacy, Constantine ran his own law practice. Constantine holds a J.D. from Queen’s University in Kingston, Ontario and was called to the Bar of the Province of Ontario in 1986..

Frank Madden

Legal Adviser – Privacy & Data Protection, Fujitsu

Frank Madden is a Legal Adviser in Privacy and Data Protection for the global Japanese IT company Fujitsu. He is a career privacy, data protection and intellectual property rights professional who has been with Fujitsu for the last 10 years. Fujitsu’s global use of its technologies requires Frank to manage privacy and data protection to ensure best practice in systems, processes and governance, inclusive of 70 companies and 29,000 employees across EMEIA. This includes upgrading systems in preparation for the General Data Protection Regulation.

Prior to Fujitsu, Frank directed intellectual property and privacy programmes for a diverse group of organisations, including: the former Jordan Grand Prix Formula One team, NFL International, and Time Warner.

Frank is a Trade Mark Attorney, (ITMA, UK), and is ISEB-qualified in data protection law. In addition, he has an LL.M. from Notre Dame Law School, USA, an LL.B. from BPP Law School, London, an M.Sc. from Trinity College Dublin, and a BBA from Ohio University, USA.

His outside interests include fundraising for The Ireland Funds charity, featuring their “Forgotten Irish” campaign in order to assist elderly Irish immigrants in the UK.

Richard Merrygold

Data Protection Officer, Home Serve

An experienced Data Protection practitioner, Richard has spent the last 8 years working across the healthcare and financial service sectors. A firm believer in engaging on an operational level in addition to the usual key stakeholders in Compliance and Legal he takes pride in building sustainable privacy frameworks, providing real world, workable solutions to a wide range of privacy related challenges.

Richard is currently responsible for privacy compliance across the UK and European businesses covering operations in the UK, France, Italy and Spain including developing and implementing a group wide privacy framework in preparation for the General Data Protection Regulation.

Ellis Parry

Global Lead - Data Privacy, BP

Ellis Parry started his career as a solicitor in private practice, after gaining his MBA, before joining AstraZeneca pharmaceuticals in 2001 as a specialist IT lawyer. Parry became AstraZeneca’s Global Privacy Officer in 2005, leaving to join BP as its Global Lead for Data Privacy in 2010. At BP Parry is responsible for devising and implementing BP’s global approach to personal information handling, including its GDPR change programme and the maintenance of BP’s Binding Corporate Rules. Parry spoke in 2015 on the topics of the compliance challenges posed by matrixed international businesses, the impact of the GDPR including mandatory data protection impact assessments and the private sector’s view of the Freedom of Information Act and in 2016 on the topic of evidencing accountability under the GDPR. He is a contributing author to Sweet and Maxwell’s “Data Protection Law and Practice” and their new companion volume on the General Data Protection Regulation.

Alex Pickering

Global Privacy Director, BBC

Alex Pickering is Global Privacy Director for BBC Worldwide (BBCW), the commercial arm of the BBC.  He is responsible for all data protection, information and content security policy and compliance matters and  training and awareness activities in all operating territories including the US, Australia and Europe.  Alex sits on the pan-BBC Personal Data Governance Group and is also a member of the BBCW Content Security Board.  Alex has spent his career in Media and joined BBCW in 2009 after roles with Emap Consumer Media, Bauer Media and News UK.

Natalie Salunke

European Counsel, Enterprise Holdings

Natalie is the European Counsel for global service provider, Enterprise Rent A Car. She is a member of the UK and European management teams and plays a strategic role in advising the business on a variety of legal matters and strategic developments within the EMEA region. Prior to her role at Enterprise, Natalie carried out a similar role for US-listed could software provider, NetSuite, and was Group Head of Legal and Company Secretary of Venda, a UK-based eCommerce SaaS provider. In these roles she has been responsible for all company legal matters including adopting an advisory role in relation to the group’s shareholders, board of directors and executive management. Her three year tenure at Venda subsequently culminated in her leading the successful sale of the business to NetSuite and had her preparing the business for an IPO, advising on various fundraising rounds and debt restructurings, and working on key commercial projects for the business. Natalie became Head of Legal at Venda at the age of 27. Before then, she worked in Travelex’s legal team based in London, having trained at international city law firm, Taylor Wessing.

David Smith

EU Research Advisor of Nymity, and former Deputy Commissioner and Director of Data Protection Information Commissioners

David Smith retired from his position as Deputy Commissioner and Director of Data Protection in the UK Information Commissioner’s Office in November 2015. During his 25 year career at the ICO, first as Assistant Commissioner and latterly as Deputy Commissioner, David was closely involved in all aspects of the development and application of Data Protection regulation in the UK. As Deputy Commissioner and a member of the ICO’s Management Board David led work across all the ICO’s Data Protection functions. He was responsible to the Commissioner for ensuring that the ICO built and maintained its reputation as an effective but practical supervisory authority both in the UK and internationally. This included overseeing the introduction of civil monetary penalties from 2010 onwards.

During his 10 years as Deputy Commissioner David represented the ICO on the Article 29 Working Party of European Data Protection commissioners. Amongst his other international responsibilities David served as Chairman of the Joint Supervisory Body charged with supervising Data Protection compliance by the European police organisation, Europol and represented the UK in the privacy related work of the OECD (Organisation for Economic Cooperation and Development).

Since leaving the ICO David now works part-time as an independent Data Protection expert. As well as acting as Nymity’s EU Research Adviser his assignments include a role as Special Adviser to the leading UK law firm Allen & Overy and continuing to assist the OECD in its data privacy work.

Asli Yildiz

Legal Counsel, Canon

Asli is a Turkish qualified lawyer with over 7 years post qualification experience in the UK, Europe and Middle East, Africa, Central and Eastern Europe & Turkey region. Acts as a compliance officer and general counsel as her leading roles.

She is holding an International Commercial Law LLM from City University, London with a title of competition law specialist.

Before joining Canon Europe, Asli gained experience in regulated markets, litigation, competition law practices, contract and commercial law applications and compliance areas by working in private practice and global companies such as BT, Kirkland & Ellis LLP, Acacia International in London.

In her current role as an Asli is advising to emerging markets’ senior management on their strategic projects such as establishing subsidiaries, representative offices, forming business models for B2B and B2C channels, managing distribution models & services, software and solution related developments and M&A activities.

In addition to this, she is the dedicated Data Protection lawyer in Canon Europe’s legal team, advising on the Data Protection/Privacy area as a member of the Data Privacy Competency centre of Canon EMEA. She is leading the projects for compliance of GDPR and providing trainings, workshops for internal and external clients.

Laszlo Zsoldos

GDPR Readiness Programme, Royal Bank of Scotland

Laszlo Zsoldos is currently advising the RBS Group on implementing the provisions of the GDPR, leading the work on Article 35 and Privacy Impact Assessments. Laszlo commenced his legal career in 2005 as a Barrister at Law practicing in a commercial set in Brisbane, Australia, before moving to the United Kingdom in 2008. Specialising in privacy and data protection advisory in the financial services and TMT sectors, prior to joining RBS Laszlo worked at Barclays, Lloyds TSB and held DPO positions at Vodafone UK and Thompson Reuters for Finance & Risk. Laszlo advises and consults on privacy and data protection matters covering projects, transactional and BAU activity, operational framework and process design, regulatory compliance, audit, incident and risk management.