Conference Chair
 

The Conference is chaired by internationally-renowned Privacy Expert, Bridget Treacy

Keynote Address:

ICO Support for Organisations in an Evolving Data Protection Landscape

Emily Keaney - Deputy Commissioner, Regulatory Policy, ICO

This session offers a practical look at how the ICO will support organisations through the upcoming changes required by the Data (Use and Access) Act 2025.

Emily will offer a clear view into the ICO’s strategic priorities for 2025/26, with a focus on emerging developments in AI regulation, evolving approaches to online tracking, and strengthened protections around children’s privacy. The session will also explore how the ICO is shaping a regulatory landscape that actively supports organisational growth and innovation.

Cyber Incidents - Lessons From the Front Line

Georgina Kon - Partner, Linklaters

With the frequency, scale and cost of cyber-attacks growing rapidly, focus on cyber from boards, stakeholders, regulators and the media has never been more acute. This session covers a practical approach to cyber preparedness, including creating and testing effective incident response plans, approach to regulatory engagement, and strategies in relation to affected data subjects - based on experience from the front line of advising on major cyber incidents.
 

UK Data Reform – How Your Organisation Can Benefit From the Changes

Eleonor Duhs  - Partner, Bates Wells

This session considers the innovations and simplifications in the UK’s data protection regime created by the Data (Use and Access) Act 2025 and explains how organisations can take advantage of them to best effect including in the context of data subject rights requests, legal bases for processing, international transfers, and automated decision-making. It also looks at the effect of the Retained EU Law (Revocation and Reform) Act 2023 and the practical effect of the change from “retained EU law” to “assimilated law” and what that means for data protection compliance.
 

How to Use AdTech in a Compliant Way

Jamie Drucker - Partner, Bristows

The adtech industry has been under ever increasing regulatory scrutiny. This is especially the case given the volume of user data collected and the number of third parties which process it to deliver targeted ads. This session will focus on the main compliance challenges arising from the deployment of adtech, the regulatory landscape and some practical measures organisations should consider to mitigate risk.  

Joint Controller Relationships - Should We Be Doing More To Recognise and Embrace Them?

Duc Tran - Of Counsel, Herbert Smith Freehills Kramer

Ever since the GDPR was enacted, organisations have tended to characterise their data-related commercial arrangements with other parties as controller-processor or independent controller relationships, keenly avoiding the joint controller construct. This has not been without good reason: the practical and legal challenges that arise out of recognising and documenting joint controller relationships are not insignificant. However, with regulatory guidance and case law increasingly highlighting the prevalence of joint controller relationships in a range of circumstances, this session explores whether and how we should be recognising and dealing with them in practice

Negotiating Data Protection & AI Clauses with Suppliers

Tim Hickman - Partner, White & Case

As data and AI become ever more essential to running a business, supplier negotiations are becoming a key pressure point. This session walks through practical strategies for negotiating data protection and AI clauses in supplier contracts, exploring examples of terms that are effectively non-negotiable (including standard processor requirements), terms that are worth pushing back on (such as overly broad audit rights or unclear sub-processing terms), and terms that might benefit from a bit of creativity (e.g., when negotiating AI-specific warranties, or restrictions on model training). The session explores how to frame negotiations around operational risk and regulatory exposure, and how to reach a mutually agreeable conclusion.

What the New Data Laws mean for Subject Access Requests

Andrew Gallie - Partner, VWV

The Data (Use and Access) Act 2025 makes several changes to how UK organisations should respond to subject access requests, including clarifying the rules around how much time an organisation has to respond; providing additional certainty on when an organisation may seek clarification from the requester; new provisions around the extent of the obligation to search for personal data in response to a SAR (searches must be "reasonable and proportionate"); and new rules on complaints handling. This session discusses how to implement these changes in practice and how they can assist DPOs manage SARs in more efficiently. 

Erasing the Digital Footprint - Navigating the Right to Deletion

Leonie Power - Partner, Fieldfisher

In an era where vast amounts of data are collected about individuals, regulatory focus is turning to the right to deletion under Article 17 of the GDPR. This is evidenced by the announcement of the European Data Protection Board’s 2025 Coordinated Enforcement Framework, in which 32 Supervisory Authorities across the European Economic Area are taking part throughout 2025, which is focusing on the right of deletion. This session looks at the practical challenges organisations face in implementing the right to deletion. These range from technical difficulties in erasing data from all systems to balancing the right to deletion with other legal obligations, and the potential impact on business operations.

Panel Discussion: Practical AI Implementation

Alison Ledger - Universities Superannuation Scheme

Elham Azarpay - National Gas

Dominic Hutchinson-Backer - Brightwell (BT Pension Scheme)

Karen Blackman - University of Sussex

Lawrence Serewicz - Durham County Council 

Organisations have different risk appetites for AI. Hear how experienced data protection practitioners are supporting their organisation’s AI ambitions. Using real-world examples our panel will illustrate pitfalls and successes of recent AI implementation projects.