Each Workshop covers an in-depth analysis of a specific issue of data protection compliance, and will give the delegates opportunities to ask questions and discover how issues are dealt with at other organisations.

These Workshops can be booked separately or in conjunction with the Conference.  Attendance at the Workshops by Conference delegates is optional but it is anticipated that most Conference delegates will wish to attend one or more of the Workshops.

Each Workshop is accredited by the Law Society with 3 CPD Points.

A:  Training staff in data protection practices

Led by Rosemary Jay, Partner, Pinsent Masons  ( This workshop is now full )

In many organisations, the person responsible for data protection has now become responsible for training all staff that work with personal data.  This Workshop will cover how to further this goal.  The session includes:

• Getting the message across: various key issues for different levels of staff
• Planning your sessions: the use of practical examples and the design of relevant case studies for particular audiences
• Gathering your tools: preparing for different types of training, the resources to use and how to keep the materials up to date
• Conducting the training: engaging the audience, using role plays, avoiding getting bogged down in legal details and sticking to the plan

B:  Surveillance: CCTV and employee monitoring

Led by Hazel Grant, Partner, Bird & Bird

The surveillance society is a high priority on the Information Commissioner’s agenda. Organisations that monitor people, both internally and externally, must ensure that they comply with the laws, particularly where the organisation wishes to use the data it has collected.  This Workshop looks at the key data protection issues including:

• CCTV monitoring: when the Data Protection Act applies, when the images can be disclosed in response to a SAR, where cameras should be placed and what they may focus on, what signage is necessary and where it should be displayed, how long images should be kept and who should have access to them
• Monitoring employees: what monitoring is permitted of email, internet and phone communications, when other forms of monitoring can be used ( e.g. tracking of vehicles or productivity measurements )
• Disclosure of information: when information can and should be disclosed to prevent or detect crime, what processes should be in place to ensure that the disclosure of employee or CCTV information is legal, what issues may arise in relying on monitoring information in employment related claims

C:  Data protection for the financial services sector

Led by Richard Jones, Director of Data Privacy, Clifford Chance

This Workshop focuses on current “hot” data protection topics for all organisations in the financial services sector including banks, insurance companies and investment firms.  This session will cover:

• Data movements: the requirements for transferring client and employee data across international borders
• “Regulatory” processing: reconciling the information requirements of foreign regulators, litigation and internal investigations with EU data privacy rules Complex outsourcing projects: how to ensure compliance with legal regulation and how to determine when a service provider becomes a “data controller”
• The overlap between data privacy and confidentiality / bank secrecy

D:  Conducting the data protection audit

Led by Nick Graham, Partner, Denton Wilde Sapte

Increasingly, businesses are undertaking data protection compliance reviews and audits in order to identify and manage data protection and privacy risks.  This Workshop examines the current practice in data protection audits and explores practical tips on how to manage the process and maximise the benefits.  Topics include:

• The benefits of conducting an audit
• The aims / scope of the audit - the need to “know the business”
• How best to investigate current practice
• Practical scenarios for data collection, use and transfer
• The key areas to look at: CRM strategy, international transfers, information security and Human Resources
• The interface with existing audit / compliance review structure
• International issues
• The interface with broader “data risks” e.g. FOIA and IPR training
• Implementation of solutions

E:  Handling subject access requests - the latest thinking

Led by Andrew Dyson, Partner, DLA Piper

This interactive Workshop explores solutions to common subject access request issues, as well as practical strategies for providing a compliant response that does not cause undue burden or harm to your organisation. This session covers:

• Understanding when access rights apply: the “personal data” debate
• Verifying access requests: identification, clarification and compensation
• The exemptions: how and when they can be properly applied
• HR data: dealing with employee references
• Structuring records (or not): the importance of having a clear policy to support overall compliance

Workshop Leader - Biography:  Andrew Dyson is a Partner in the Technology Media and Commerce group at DLA Piper.  He advises clients on IT contracts and information law issues, with specialist expertise in relation to data protection and freedom of information legislation. Andrew works closely with significant public and private sector organisations developing effective strategies for ensuring compliance with this legislation.

He has particular experience advising on the management of personal data in the context of outsourcing transactions, corporate acquisitions and in the health and HR environment.