08:00
Registration
09:15
Chairperson’s welcome and introductions
- Ardi Kolah LL.M – Chairperson Director, GDPR Transition Programme, Henley Business School
09:30
FIRESIDE CHAT: The ICO’s view on the future of GDPR across Europe and beyond
- What do they both see as the major challenges?
- What is on the ICO’s agenda?
- Brexit: implications of the UK Data Protection Bill, impact on the regulator and on the European Commission
- What is their understanding of what each member state has been addressing?
- What is the engagement and vision beyond Britain and arranging adequacy?
- Are we negotiating with the right partners?
- Will member states’ use of derogations build a two tier privacy world, for those that do, and those that don’t use the derogations to the fullest extent?
- Can we learn from other regions and build global protections for consumers eg on cybersecurity?
- Jo Pedder Head of Policy and Engagement, Information Commissioner’s Office (ICO)
10:15
Getting ready: Developing an operational road-map to embrace GDPR and develop sustainable privacy
This practical session will offer you insights from companies on how they plan to meet their accountability requirements by putting privacy at the front end. Hear case studies of where they are now and how they plan to get to their end goal:
- How do you prioritise – what can be decentralised to other parts of the business?
- Meeting accountability requirements and demonstrating compliance needs
- Paul Breitbarth Director, EU Certification Research and Senior Solutions Advisor, Nymity
- Douglas Weekes Head of Data Governance, Corporate Services, Sainsbury’s
- Simon Tisdall Data Protection Officer, Sainsbury’s
11:00
Morning refreshments – Sponsored by IAPP
11:30
Breakout sessions
A choice of one of the following options
Operationalise GDPR and Privacy by Design: What to Automate in Your Privacy Programme
To achieve GDPR compliance, it is essential that companies embrace cross-functional collaboration between privacy, IT security, legal, and leadership teams. In this session, we will focus on the privacy programme lifecycle from initial assessments to demonstrating on-going compliance, and where automation makes practical sense. You will learn how to leverage software to automate and integrate privacy management into business processes, and how to draw the line between what to automate and what needs a human driver.
Key Takeaways:
- How to best implement efficient and effective data handling practices in the face of the new GDPR requirements
- Learn how to use PIAs and data maps to document and track new initiatives and demonstrate compliance
- Practical tips for how privacy practitioners assess current practices to determine what can and cannot be automated
- Ian Evans Managing Director, EMEA, OneTrust
- Jo Blazey Privacy Officer & Counsel, Vodafone UK
- Terry Evetts Privacy and data protection specialist, Vodafone
The New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks
- Leveraging machine learning and AI algorithms to to defend against advanced cyber-threats
- How new immune system technologies enable you to pre-empt emerging threats and reduce incident response time
- How to achieve 100% visibility of your entire business including cloud, network and IoT environments
- Why automation is critical in enabling security teams, including DPO’s, to prioritise resources and tangibly lower risk
- Real-world examples of subtle, unknown threats that routinely bypass traditional controls
- Mariana Pereira Marketing Director, Darktrace
Innovative resourcing: Recruit a DPO? Grow your own DPO? Outsource to Team DPO?
- Why appoint a DPO?
- Demonstrating compliance with the GDPR
- Skills, competencies and experience of the DPO?
- What they can expect to do in their first 100 days?
- Why training a senior manager to be the DPO could work
- Pitfalls in recruiting someone internally?
- Why outsourcing to Team DPO could be the workable solution you need right now?
- What you need to look for in an outsourcing arrangement?
- Ardi Kolah LL.M – Chairperson Director, GDPR Transition Programme, Henley Business School
- Emma Butler Data Protection Officer, Yoti
12:15
Winning the hearts and minds of the business to develop a culture willing to embed data protection
- Identifying stakeholders willing to embed privacy across the business and securing buy in
- Putting privacy at the front end
- Engagement: Keeping your business involved and ensuring they understand its priorities
- Training and teaching
- How to communicate the benefits of privacy, not just the costs
- Catie Sheret Senior Vice President, Chief Privacy Officer and Associate General Counsel for Core Markets, Pearson
- Cheryl Sims-Hancock Associate Director, Cyber Risk Services, Deloitte
- Emma Butler Data Protection Officer, Yoti
13:00
Lunch
14:00
Disruptor and privacy perspectives: Is privacy really necessary?
- Is GDPR really offering you a competitive edge?
- Is data the currency of a company or an individual?
- Can or should the law keep up?
- Michael Bond Data Protection Officer, GLH Hotels Management
- Nicholas Oliver Founder & CEO, people.io
14:30
Breakout sessions
A choice of one of the following options
Consent and alternative legal bases for processing data
This session will enable you to fully understand the consent framework and how you can put it into practice with examples of companies who are already using it. It will also examine alternative options to using consent as a basis for processing.
- Clarifying the terminology around ‘consent’
- Transferring consent to the new world: Transforming your consent framework
- What are the alternatives to consent?
- What commercial difference will it make to the business if you choose the alternatives?
- Vivienne Artz Managing Director and Global Head of Privacy Legal and Head of International for the Intellectual Property and Technology Law Group, Citi
- Monica Simoes de Almeida Senior Manager Data Privacy, John Lewis Partnership
- Paul Jordan Managing Director, Europe, IAPP
Global differences in regulatory approaches to GDPR: Moving towards a global privacy programme
- How is GDPR perceived outside of Europe? How do different countries approach/view GDPR?
- Looking ahead – what can be done by companies now?
- What do we all have in common and can build on?
- How do you make your privacy ‘go global’?
- How do you reconcile working in a global company with offices in UK, Asia and / or USA?
- Sue Gold Senior Counsel, Wyndham Worldwide
- Aaron Simpson Partner, Hunton & Williams
Making the cloud and supply chain work in relation to GDPR: Negotiating contracts
Legislation is now fixed. Customers and suppliers have a level playing field. Both have a burden. Who is accepting what contractual obligations when it comes to making the Cloud work with GDPR?
- What issues are key for (i) processors and (ii) controllers when negotiating contracts with GDPR language?
- Trying to negotiate with companies who don’t understand the implications that are happening. Assessing the impact of that process on your organisation
- How to build common industry positions around statutory requirements
- Article 28 – tips for practical implementation
- Yukiko Lorenzo Senior Counsel, Privacy and Data Protection, Mastercard
- Paul McCormack Senior Legal Counsel, Global Legal, HSBC
15:15
Afternoon refreshments – Sponsored by IAPP
15:45
Practical considerations and impact of the proposed E-privacy Regulation
- When will the regulation be finalised?
- Who will be affected?
- What does it mean from a direct marketing perspective?
- Understanding the impact of opt-ins and cookies
- How does the E-Privacy Regulation work alongside the GDPR and the NIS Directive?
- Stephen McCartney Former Director of Information Governance and Data Protection Officer, Royal Mail Group
- Rohan Massey Partner, Ropes & Gray
- Claire Knight Head of Data Protection, L'Oréal UK and Ireland
16.30
Respecting your customers’ data
- Michael Harstrick Chief Global Development Officer, Garner Products
16:40
Making the most of your data and GDPR compliance: Using data to talk to your customers better
- Leveraging data to be contributing to the bottom line
- Engendering trust and building a reputation based on protecting your customer’s data
- What are the opportunities for business, to make this harmonisation help us build revenue streams? What can be done now?
- Steve Wright Group Data Privacy & InfoSec Officer, John Lewis Partnership
- Helen Gourdin Senior Counsel, Global Compliance, DIAGEO
17:20
Chairperson’s closing comments followed by drinks and canapé reception
*Please note the agenda is subject to change
The page will be updated with further details on the agenda once they are confirmed.