Welcome and Introduction
Dyann Heward-Mills - Baker & McKenzie (Chair)
Accountability and the Need for Documentation
Jessica Lavery - Deloitte
The new accountability requirements mean that organisations must produce significant quantities of documentation, such as data handling policies, prior to 25th May 2018. This talk explains what is required and provides practical advice on how to go about meeting the accountability requirements.
Revised Definitions and New Terms
Professor Ian Walden - Baker & McKenzie
Seemingly small changes to the definitions of existing terms, such as ‘consent’ and ‘legitimate interests’ are likely to have a big impact. New concepts such as ‘one stop shop’, ‘main establishment’ and ‘pseudonymisation’ will dramatically affect many organisations. This session looks at the practical steps that organisations will need to take to prepare for the revised definitions and new terms.
Changing Role of Data Protection Officers
Julie Wilson - Baker & McKenzie
The requirement for compulsory DPOs will itself have a dramatic impact on the compliance activities of organisations, but the new law will also impact the nature of the work that DPOs do on a daily basis. This session considers the appointment of DPOs, their security of tenure, the requirement for independence and their new responsibilities.
Privacy Notices – New Requirements
Benjamin Slinn - Baker & McKenzie
Changes to the requirements for ‘transparency’ will impact every organisation as regards the information that needs to be supplied to individuals. This session explains the work that organisations will need to do to ensure that their privacy notices and data protection statements meet the new rules.
Rights of Individuals – Expanded, Strengthened and New
Susan Boynton - Bloomberg
The GDPR not only strengthens existing rights, but also creates new ones. From removing several exemptions and decreasing the time period for complying with access requests, to establishing rights of data deletion and data portability, this session looks at the changes that organisations will need to make to existing practices.
Using Data Processors
Daniel Gibson - Triumph Motorcycles
This talk looks at how the new rules will impact outsourcing arrangements, including the compulsory and suggested changes that will need to be made to contracts with data processors. The new responsibilities on data processors and the restrictions on sub-contracting are also discussed.
Cyber Security & Breach Management – Preparing for Compulsory Notifications
Dyann Heward-Mills - Baker & McKenzie
The GDPR will require organisations to notify serious beaches to both the national data protection authorities and the individuals who are, or may be, affected by the breach. This sessions looks at the new notification obligations on organisations, and provides practical advice on how to prepare.