PDP Annual Data Protection Compliance Conference (2023)

Data Protection Conference

Autumn 2023


PDP's three-day Data Protection Conference 2023 has been widely praised by delegates as being one of the best yet... 



View Speakers Presentations & Download Comprehensive PDF materials via the dedicated Conference platform


"Always a great conference! Absolutely loved

the AI presentations. I now feel that I finally

understand something about AI that I can

use in my day to day consultations

with the business."

On-Demand Presentations




Paul Arnold

Deputy Chief Executive & Chief Operating Officer, Information Commissioner's Office





Mark WattsHow the Explosion in Generative AI Impacts GDPR Compliance

Mark Watts - Partner, Bristows


What is ‘generative AI’ and how is it developed? What are the main GDPR issues when training and/or deploying large-language models (LLMs)? How can privacy rights be respected when such massive datasets are processed? This talk focusses on the compliance challenges when developing or using generative AI.



Kate Brimstead

Developing a Global Privacy Compliance Programme. Where to start? Where to stop?    

Kate Brimsted - Partner, Bryan Cave Leighton Paisner


For any organisation with more than a purely national footprint, developing a joined-up approach to data privacy compliance is essential to success. But joined-up doesn’t necessarily mean homogenous. What should international organisations keep in mind when faced with varying, sometimes competing data protection laws? How might their data privacy compliance programme best function as a living operational “backbone”, rather than a GDPR-style accountability “checklist”?



Eduardo Ustaran

How The AI Regulatory Revolution Affects You

Eduardo Ustaran - Partner, Hogan Lovells


The emergence of AI specific regulation is unstoppable and data protection practitioners have a crucial role to play. This session looks at what that new regulation requires, how every organisation can prepare for it, and what contribution a DPO can make to overcome this challenge.



Richard Hollis

Thinking Like a Hacker: The Key to Data Security

Richard Hollis - Director, Risk Crew


How is it that each year despite increasing our investment in cyber security, data breaches continue to soar? We allocate extensive resources and implement, policies, procedures and controls to secure our data, yet they seem to have very little effect. Why? Because we fail to think like our adversaries. While we may adopt their tools and methodologies to assess our systems, we fail to consider their personality traits and mindsets. This session looks at what drives hackers and how we can better defend our systems by simulating these characteristics.




Emma Erskine Fox

The Evolution of Data Protection Negotiations

Emma Erskine Fox - Managing Associate, TLT Solicitors


Now that the GDPR is well-established in UK law, controllers and processors alike are very used to the need to include mandatory data processing provisions in their contracts, and well-versed in negotiating them. But the landscape is ever-evolving, and constant developments in law and guidance, as well as emerging technologies like AI, are changing the way in which parties are approaching data processing agreements. This session looks at how the evolution of the data protection landscape is affecting negotiations, and offers practical tips for how controllers and processors can navigate contractual discussions in a continually changing environment.




John FitzsimonsSubject Access Requests – The Changing Landscape

John Fitzsimons - Barrister, Cornerstone Barristers


2023 has seen several significant developments in subject access requests, including changes in how to deal with vexatious requests (as proposed in the Data Protection and Digital Information Bill), revised Guidance from both the ICO and the European Data Protection Board, two CJEU cases on the meaning of Articles 15(1)(c) GDPR and 15(3) respectively, and the High Court’s continued practice of taking a purposive approach to SARs despite there being nothing in the UK GDPR requiring such an approach. This session discusses these developments, and others, in a practical context and considers whether the handling of subject access requests in the UK is beginning to diverge from the EU. 




DPO PanelData Protection Practitioner Panel


A Panel of Data Protection Practitioners share with delegates some insights into challenges that they have been facing and solutions that they have found.






Six Workshops

Led by experts within their field, each Workshop took place in-person and virtually and explored a range of key topics/themes through case-studies and group activities.


Peter Given

WORKSHOP A:  Breach Notification: a Deep Dive into What, When and Who to Notify

Peter Given - Partner, EY


This practical Workshop explores the often tricky subject of regulator and data subject notification under the GDPR. It looks at when notification must be made, what needs to be notified (and how this might be done) and who needs to be notified. Case studies and war stories will be used throughout the session to bring the materials to life. In particular, the Workshop covers:

  • Assessing the risk of a personal data breach
  • Identifying when notification is required and to whom
  • The form and approach to notification
  • Common challenges and how to overcome them


Liz Fitzsimons WORKSHOP B:   Data Transfers – Understanding the New Requirements

Liz Fitzsimons - Partner - Eversheds


We have long been familiar with the need to protect international transfers of personal data. More recently, there have been several changes, including the end of the Brexit transition period and updated standard contractual clauses in the EU and UK, which means that many organisations are having to re-assess their data transfers. This Workshop provides practical guidance and advice, including:  

  • Improving your organisation’s approach to transfer risk assessments
  • Considering necessary steps to ensure a data transfer is suitably safeguarded
  • Understanding key issues and differences between available safeguards, and
  • Making effective use of the new forms of standard contractual clauses

Andy Kimble

WORKSHOP C:   Implications of the Use of New Technologies in the Workplace

Andy Kimble - Partner, Womble Bond Dickinson


The use of new technologies can save time and improve efficiency. However, to ensure compliance with data protection laws, businesses must deploy new technologies, including AI, fairly in the workplace, including having an appropriate framework governing the deployment and sufficient oversight to manage any issues. This Workshop considers:

  • Using new technologies in an HR context and the challenges of ensuring compliance with data protection laws at all stages of the employment lifecycle including recruitment
  • The increasing opportunities for organisations to use new technologies to monitor employees
  • The competing interests between an employer's legitimate interest to ensure productivity in the workplace and an employee's right to privacy
  • Understanding what employers can lawfully monitor and what they cannot
  • The practical challenges that organisations face in ensuring compliance with both data protection laws and possible future regulation on AI, particularly in light of the divergent approach between the UK and EU to the regulation of AI



Vicki Bowles WORKSHOP D:  Cookie Masterclass

Vicki Bowles - Barrister, VWV


Over the years there has been a subtle (and sometimes not so subtle) shift in the rules and culture in relation to cookies. With the release of the European Data Protection Board report on the cookie taskforce earlier this year, the guidance is clear that a stricter approach to consent and choice is required. But what exactly are the rules, and what are the risks in this area? In this Workshop, delegates will:

  • Understand the types of cookies that are available for a website to set, and the rules that exist in relation to each type
  • Explore different ways of complying with the rules
  • Look at the risks involved in various common strategies that have been adopted to date
  • Understand what can be done with the information you collect using cookies, and why it can be helpful

Ellis Parry WORKSHOP E:   Keeping up With Requirements on Privacy Notices / Transparency - “When is Good, Good Enough?”

Ellis Parry - Privacy Consultant (formally of the ICO)


Post GDPR, organisations benchmarked their initial approach to satisfying their online transparency obligations against where the market practice had settled, usually satisfying themselves that they were “middle of the pack” within the broad consensus that was reached on how to satisfy the GDPR’s requirements. Then the EDPB overruled the Irish DPC with a forensic analysis of WhatsApp’s privacy notice and practices. The EDPB’s broadside has left many controllers wondering whether their current online notices meet the newly clarified standards to achieve transparency. This Workshop includes:

  • A refresher of what the GDPR demands
  • Examples of how that was interpreted prior to the WhatsApp Decision
  • An analysis of the EDPB’s Decision and its impact
  • How to benchmark how your organisation’s transparency efforts rank currently
  • An analysis of where the transparency goal posts have been moved to and key insights into what will be needed in your organisation to bring transparency efforts up to scratch


Damien Welfare WORKSHOP F:   A Practical Guide to Key Aspects of the UK’s Proposed New Data Protection Law

Damien Welfare - Former Public Law Barrister


The UK’s proposed new data protection law, as initially introduced into Parliament last year, contains some important changes of which data protection practitioners need to be aware. Although the new law has yet to reach its final form, the Bill sets a clear direction of travel, and this Workshop includes the following:

  • The new definition of “personal data”, in particular the scope and timing of when an individual should be regarded as identifiable
  • New lawful basis for processing for “recognised legitimate interests”
  • The loosening of the “purpose limitation” principle and its implications
  • Replacing DPOs with “Senior Responsible Individuals”
  • High Risk processing: ICO consultation to be discretionary
   Post-Event Conference Bundle Fee
Each license is for one registered email address (content sharing is not permitted)

Discount Available for Group Licenses:

An additional 50% discount is available for second and subsequent delegates booked at the same time from the same organisation.

Larger discounts apply to Group bookings with 5+ delegates. Send us an This e-mail address is being protected from spambots. You need JavaScript enabled to view it with your specific requirements for a quotation.


Order your Post-Event Bundle 
  • send us an This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Alternatively, please contact the PDP Head Office on +44 (0)207 014 3399.


Book Now

Sign up to PDP's email News Updates

View conferences by:

Event Sponsors:


Hunton Andrews Kurth


Eversheds Sutherland












Simon Hall

“The updates on existing subjects were particularly useful.”
David Pickersgill
Johnson & Johnson

“The networking opportunities were very good. Very useful. Will attend again.”
John Pendleton
Old Mutual

“Speakers delivered good insights into various aspects of the GDPR”
Paul Woods
Government Legal Department

“Very informative and well executed conference”
Claire Robson
Kent & Medway NHS Trust

“The hotel facilities were excellent”
Andrew Dyke
Operation Mobilisation

“An interesting day packed with a plethora of useful materials. The conference never disappoints with the quality of speakers, providing insightful and pragmatic views and interpretations.”
Stephanie Allen
Shop Direct Group

“Very enjoyable day! Well worth attendance. Very good speakers.”
Sarah Rudge

“All the sessions were informative and well presented. Very enjoyable!”
Fiona Cadger
Standard Life Aberdeen PLC

“Great conference with diverse topics”
Sara Ewen

“The presentations were excellent and thought provoking”
Catherine Bowen-Walker
Close Brothers

“A very well put together and well run conference”
Helen Worthington
Jerrold Holdings

“This conference cannot be improved. Excellent!”
Caroline Mair
Registers of Scotland

“A very useful and well organised conference”
Alistair Browne
British Council

“Very useful, practical and thought provoking”
Ben Moreland

“I'm extremely impressed by the quality of speakers and content covered. An excellent balance of public and private sectors”
Julie Hinault
States of Jersey Taxes Office

“The mix of speakers meant that a lot of ground was covered effectively.”
Karen Russell
British Arab Commercial Bank

“As usual the Conference was very well organised”
Paul Byrne
British Airways

Greg Steel

“The conference content was excellent and thought provoking”
Kim Walker
Royal Air Force

“A very helpful conference. Took away some good ideas.”
Lesley Richardson
Financial Conduct Authority

“I found all the presentations very useful. The discussion panel was excellent... thoroughly enjoyed this conference and would not hesitate on coming back”
Scott McFarlane
National Trust for Scotland

“Good variety of relevant topics discussed throughout the day.  Speakers were engaging!”
Ellis Bryant
Saga Plc

“Great to see so many different sectors represented. Well organised!”
Jane Davy
University of Southampton

“Overall, an excellent, informative and useful day. Well worth attending"”
Colin Cluney
Department of Finance and Personnel

“All fantastic”
Leslie Waghorn
Virgin Media

“Another excellent year - very current and topical"
Stuart Gittings
Eli Lilly and Co.

“A very useful conference, a good broad range of speakers that were able to give practical advice"
David Mayers
Lisburn City Council

“All topics very relevant – most particularly the bits about social networking and security breaches.”
Jackie Evans
South Wales Fire & Rescue

“Once again a great conference, which gives me plenty to think about and implement!”
Kevin Giles
Glasgow Housing Association

“Very useful conference”
Alan White
Pitney Bowes

“Excellent. A well run event.”
David Higginson
ING Direct

“Great venue, superbly organised, very professional.”
Julie Barclay
Gambro Lundia

“Another excellent conference.”
Lynn Young
British Library

“Excellent venue, delegate packs and catering. Very focussed, practical and relevant.”
Albert Chan
Greater London Authority