17th Annual Data Protection Compliance Conference




Up to 12 CPD hours awardedWorkshops


Day 2 - Friday, 12th October 2018


On the second day of the 17th Annual Data Protection Compliance Conference, delegates attend two Workshops (one in the morning and one in the afternoon), each offering practical in-depth analysis of data protection and the GDPR. These interactive sessions explore real-life examples and encourage delegates to discuss individual issues to find out how other organisations comply with the GDPR.

Each of the Workshops is run by one or more Industry Experts and considers practical and realistic case studies. Delegates are welcome to put questions to the Workshop leader and other delegates. The full outline of each Workshop can be viewed here.

Each Workshop is accredited by The Law Society with 3 CPD Points.



Morning Workshops

(select one)

(9.30am - 12.45pm)



Afternoon Workshops

(select one)

(2.00pm - 5.15pm) 

A. Updated Rights under the GDPR   E.

New Rights and Their Implications for Organisations



Data Protection Impact Assessments – New Requirements and Methodology

  F. Outsourcing and Data Processing Arrangements under the GDPR

Compulsory Documentation – What is now Required of Organisations


Compulsory Breach Notifications – How To Prepare



Data Protection by Design and by Default – How to Implement an Effective Framework


Cybersecurity and the GDPR  



Workshop Topics


Morning Workshops: 9.30 am - 12.45 pm


Leonie Power, FieldfisherA.  Updated Rights under the GDPR

Leonie Power, Director, Fieldfisher

Complying with the rights of individuals continues to constitute an administrative burden on organisations under the new law. The GDPR tweaks the rules that relate to existing rights to make them more powerful. The dramatically enhanced fining regime now means that organisations have a strong incentive to get things right when it comes to rights. This Workshop discusses the practical effects of the changes to the following rights:

  • subject access
  • automated decision-taking
  • right to object to processing
  • right to compensation


Ashley Roughton, Venner ShipleyB.  Data Protection Impact Assessments – New Requirements and Methodology

Ashley Roughton, Barrister, Venner Shipley

For the first time in European data protection law, impact assessments are mandatory in many circumstances. This session looks at the practical implications of the new requirements, including:

  • understanding when DPIAs must be carried out
  • methodology for the effective carrying out of a DPIA
  • ways in which a DPIA can add value to your GDPR compliance programme and to the effectiveness or profitability of the organisation
  • understanding regulator expectations and recommendations


Jenai Nissim, TLTC.  Compulsory Documentation – What is now Required of Organisations

Jenai Nissim, Legal Director, TLT Solicitors

In contrast to pre-GDPR law, several sets of documents must now be created and be made available in order to demonstrate compliance with the GDPR. This Workshop looks in detail at the requirements of the GDPR in terms of accountability, and provides delegates with the knowledge and tools necessary to achieve compliance in their organisations, including:

  • what policies must be drafted, and the necessary content of those policies
  • how existing data protection statements and privacy notices need to be altered and extended
  • how organisations can raise awareness of data protection in their data protection policies and procedures


    Bridget Treacy, Hunton & Williams D.  Data Protection by Design and by Default – How to Implement an Effective Framework

    Bridget Treacy, Partner, Hunton Andrews Kurth

    Data protection by design, while not a new concept, is now a requirement under the GDPR. It requires building data protection into the design, operation and management of any project that involves the processing of personal data. Data protection by default refers to the requirement to implement appropriate technical and organisational measures to ensure that, by default, only personal data which are necessary for each specific purpose of the processing are processed. This Workshop provides delegates with practical steps to:

    • understand exactly what needs to be changed in the organisation as a result of the design and default requirements
    • design an effective framework so that design and default elements are effectively built in
    • examine the concept from an organisational, regulatory and technical perspective
    • create necessary awareness amongst staff members




    Afternoon Workshops: 2.00 pm - 5.15 pm


    Alison Deighton, TLT SolicitorsE.  New Rights and Their Implications for Organisations

    Alison Deighton, Partner, TLT Solicitors

    The GDPR introduces several new rights for individuals. This Workshop examines these news rights in detail and provides practical advice for organisations on how to handle them. The rights that are considered in this session include:

    • right to erasure
    • right to restrict personal data processing
    • right to data portability
    • rights relating to profiling


    Peter Given, Womble Bond DickinsonF.  Outsourcing and Data Processing Arrangements under the GDPR

    Peter Given, Legal Director, Womble Bond Dickinson

    The GDPR brings important changes to the relationship between controllers and processors, and some data protection obligations now apply directly to processors. Controllers and processors must have in place contractual provisions to ensure legal compliance and appropriate risk allocation under the GDPR. This Workshop analyses the practical implications of the GDPR for outsourcing, including:

    • clarification of the distinction between controllers and processors, and their revised relationship under the GDPR
    • new responsibilities of processors and the implications for controllers
    • the role of sub-processors and how they should be engaged
    • the new mandatory contractual provisions and their practical effect
    • dealing with data protection liability in contracts


    Liz Fitzsimons, Eversheds SutherlandG.  Compulsory Breach Notifications – How To Prepare

    Liz Fitzsimons, Partner, Eversheds Sutherland

    There is now an obligation to inform supervisory authorities of data breaches in many circumstances. There is an additional, and different, requirement to inform all individuals potentially affected by a breach. The session examines these requirements, including:

    • the types of incidents that will trigger mandatory notification to supervisory authorities
    • he higher level of seriousness of incidents that will require notification to individuals
    • practical advice on how to prepare for possible breach notifications (including incident response plans and opportunities to mitigate risk)
    • notifying regulators: what the Information Commissioner’s Office expects of organisations
    • how to maintain the compulsory internal breach register
    • consequences of failing to notify


    Manish Soni, MacfarlanesH.  Cybersecurity and the GDPR

    Manish Soni, Senior Counsel, Macfarlanes

    The role of a data protection professional increasingly requires not only being an expert in legal privacy frameworks but being able to readily apply this knowledge in various complex organisational contexts, such as cybersecurity. This Workshop is prepared specifically in the context of the GDPR with the objective of data protection professionals acquiring confidence in talking about and handling cybersecurity matters within their organisations, including:

    • what exactly is "cybersecurity" and what is the security triad?
    • security "incidents" vs. "personal data breaches" and defining "risk"
    • an introduction to cryptography: encryption, at rest and in transit; hashing and salting
    • an introduction to the ontology of malware and typical cyberattacks: botnets, viruses, worms, ransomware, Denial of Service (and DDoS) and Advanced Persistent Threats (APTs)
    • marrying up the data security and breach response requirements in the GDPR and your organisation's approach - the good, the bad and the ugly



    Easy Ways to book

    • Book online
    • Book by telephone at +44 (0) 207 014 3399
    • Book by sending an This e-mail address is being protected from spambots. You need JavaScript enabled to view it



    Make a booking with PDP Training

    Sign up for PDP's Email Newsletter

    View conferences by:

    Conference Brochure

     Download the Conference PDF brochure here


    View the Brochure (PDF) here >





    Hunton Andrews Kurth






    PDP Journals logo



    Simon Hall

    “The updates on existing subjects were particularly useful.”
    David Pickersgill
    Johnson & Johnson

    “The networking opportunities were very good. Very useful. Will attend again.”
    John Pendleton
    Old Mutual

    “Speakers delivered good insights into various aspects of the GDPR”
    Paul Woods
    Government Legal Department

    “Very informative and well executed conference”
    Claire Robson
    Kent & Medway NHS Trust

    “The hotel facilities were excellent”
    Andrew Dyke
    Operation Mobilisation

    “An interesting day packed with a plethora of useful materials. The conference never disappoints with the quality of speakers, providing insightful and pragmatic views and interpretations.”
    Stephanie Allen
    Shop Direct Group

    “Very enjoyable day! Well worth attendance. Very good speakers.”
    Sarah Rudge

    “All the sessions were informative and well presented. Very enjoyable!”
    Fiona Cadger
    Standard Life Aberdeen PLC

    “Great conference with diverse topics”
    Sara Ewen

    “The presentations were excellent and thought provoking”
    Catherine Bowen-Walker
    Close Brothers

    “A very well put together and well run conference”
    Helen Worthington
    Jerrold Holdings

    “This conference cannot be improved. Excellent!”
    Caroline Mair
    Registers of Scotland

    “A very useful and well organised conference”
    Alistair Browne
    British Council

    “Very useful, practical and thought provoking”
    Ben Moreland

    “I'm extremely impressed by the quality of speakers and content covered. An excellent balance of public and private sectors”
    Julie Hinault
    States of Jersey Taxes Office

    “The mix of speakers meant that a lot of ground was covered effectively.”
    Karen Russell
    British Arab Commercial Bank

    “As usual the Conference was very well organised”
    Paul Byrne
    British Airways

    Greg Steel

    “The conference content was excellent and thought provoking”
    Kim Walker
    Royal Air Force

    “A very helpful conference. Took away some good ideas.”
    Lesley Richardson
    Financial Conduct Authority

    “I found all the presentations very useful. The discussion panel was excellent... thoroughly enjoyed this conference and would not hesitate on coming back”
    Scott McFarlane
    National Trust for Scotland

    “Good variety of relevant topics discussed throughout the day.  Speakers were engaging!”
    Ellis Bryant
    Saga Plc

    “Great to see so many different sectors represented. Well organised!”
    Jane Davy
    University of Southampton

    “Overall, an excellent, informative and useful day. Well worth attending"”
    Colin Cluney
    Department of Finance and Personnel

    “All fantastic”
    Leslie Waghorn
    Virgin Media

    “Another excellent year - very current and topical"
    Stuart Gittings
    Eli Lilly and Co.

    “A very useful conference, a good broad range of speakers that were able to give practical advice"
    David Mayers
    Lisburn City Council

    “All topics very relevant – most particularly the bits about social networking and security breaches.”
    Jackie Evans
    South Wales Fire & Rescue

    “Once again a great conference, which gives me plenty to think about and implement!”
    Kevin Giles
    Glasgow Housing Association

    “Very useful conference”
    Alan White
    Pitney Bowes

    “Excellent. A well run event.”
    David Higginson
    ING Direct

    “Great venue, superbly organised, very professional.”
    Julie Barclay
    Gambro Lundia

    “Another excellent conference.”
    Lynn Young
    British Library

    “Excellent venue, delegate packs and catering. Very focussed, practical and relevant.”
    Albert Chan
    Greater London Authority