20th Annual Data Protection Compliance Conference - UK

     7th & 8th October 2021 - London, UK



20th Annual Data Protection Compliance

Conference - LIVE EVENT


Day 2 - Interactive Virtual Workshops (8th October 2021)


On the second day, delegates join two interactive workshops (from a choice of eight) to attend via a virtual meetings-based platform. Led by Industry Experts, a broad range of key topics/themes are explored at each of the workshops.



Morning Workshops (10.00am - 12.30pm BST)


Workshop A: Age Appropriate Design - Practical Guidance for Children’s Data 

Bridget Treacy - Partner, Hunton Andrews Kurth


The ICO’s Children’s Code (formally known as the Age Appropriate Design Code) is a statutory set of rules governing the use of children’s personal data. It came into effect in the UK in September 2020, subject to a 12 month grace period for implementation. It is the most comprehensive code for the processing of children’s data and controllers may be challenged by some aspects of its requirements. This session provides practical advice to organisations that process data on children as regards compliance with the Code, including: 

  • The meaning of critical terminology, such as ‘best interests of the child’, ‘age appropriate application’, ‘detrimental use of data’, ‘nudge techniques’, and ‘connected toys and devices’
  • Strategies for conducting DPIAs and undertaking risk assessments
  • The tension between parental controls and the rights of developing children to autonomy and privacy
  • The applicability of the Code to non-UK controllers
  • Areas of activity to which the Code does not apply

Bridget Treacy

WORKSHOP B:  Home Working - Key Data Protection Issues for the New Normal

Peter Given - Legal Director, Womble Bond Dickinson LLP


Since the outbreak of the COVID-19 pandemic, home working has become the new normal. For many organisations this is likely to continue for many months, years or permanently. While home working brings benefits, it also presents risks that need to be considered and addressed. This session explores the main data protection issues that arise in relation to home working, including challenging compliance issues in the following areas:

  • Data security
  • Monitoring employee activities
  • Using personal devices for work purposes

The session draws on real world practical examples to bring these issues to life.


Peter Given

WORKSHOP C:  Standard Contractual Clauses - Practical Implications of Relying on SCCs for Data Exports

Victoria Hordern - Partner, Bates Wells


Given the Schrems II decision of July 2020 and EDPB recommendations that followed, what was previously a relatively straightforward exercise – signing the standard contractual clauses for international data transfers – has suddenly become more complex.  Additionally, the European Commission will be introducing new SCCs during the course of 2021 (and potentially the UK as well?). So, for many organisations, thinking through the practical implications of relying on the SCCs now requires more work. This Workshop will assess these practical implications including: 

  • How to approach relying on the SCCs given the shifting landscape
  • Using the new version of the SCCs with the different modules
  • Carrying out a Transfer Impact Assessment
  • The requirement for supplementary measures alongside the SCCs
  • Ongoing obligations when using the SCCs

Victoria Hordern



WORKSHOP D:  Outsourcing Processing - Avoiding Pitfalls and Achieving Compliance

John Fitzsimons - Barrister, Cornerstone Barristers


Organisations frequently rely on third party businesses to perform a variety of functions such as payroll administration, mailing services, cloud storage, online surveys, confidential waste management, website hosting and debt collection. While such outsourcing may assist an organisation in its day to day activities, it may also come with serious risks due to the significant amount of personal data processing often involved. This session consider best practice approaches to compliant outsourcing and in particular focuses on:

  • How to avoid the common pitfalls associated with outsourcing personal data processing
  • The Dos and Don’ts of contracting with third party processors
  • Ensuring compliant sub-processing
  • The practical and legal implications of outsourcing to cloud services providers
  • The practical and legal implications of outsourcing to foreign processors

John Fitzsimons



Afternoon Workshops  (2.00pm - 4.30pm BST)


WORKSHOP E:  FOI in the Data Protection Environment

Damien Welfare - Barrister, Cornerstone Barristers


The crossover between data protection and FOI/EIR in the public sector remains a challenge for many. What should be done where an FOI/EIR request includes the personal data of a third party (as often happens)? The rules and decisions are complex, and the guidance is lengthy. The GDPR altered the balance of the rules, while underlining the importance of getting them right. This session, which looks at the position and poses case studies, covers: 

  • Identifying personal data correctly
  • Separating special category and criminal offence data
  • Considering whether there is a lawful basis for disclosure, including legitimate interests
  • General lawfulness, fairness and transparency
  • Determining whether the right to object applies, as well as whether it has been exercised
  • Understanding whether a SAR exemption applies 

Damien Welfare

WORKSHOP F:  Data Protection by Design and Default - Ensuring Practical Compliance

Ali Vaziri - Legal Director, Lewis Silkin


The legal requirements for Data Protection by Design and Default have been with us for some time. But do we really know what it means in practice for organisations? For many it remains an abstract, if not cryptic, concept. In this session delegates learn how to operationalise the legal requirements by: 

  • Examining exactly what the law requires
  • Understanding regulatory expectations and the consequences of getting it wrong
  • Considering the practicalities of implementing design and default
  • Identifying key design and default elements as regards complying with the data protection principles
  • Looking at the role of technology and vendors
  • Understanding the overall picture by looking at an interactive case study 

Ali Vaziri

WORKSHOP G:  Records Management for Data Protection Professionals

John Wilson - Records Management Consultant


All information governance professionals need to have some level of understanding of records management techniques and practices. This session provides delegates with: 

  • An understanding of basic records management terminology
  • An introduction to records management 'tools of the trade' and how are they are used in organisations, including how to identify and capture records, how to organise records, records security and access controls, how to find stuff, and retention and disposal of records
  • Insight into how to align the records management programme with the organisation’s data protection compliance goals
  • Guidance on how to monitor compliance with records management standards to ensure that anticipated benefits are being delivered

John Wilson

WORKSHOP H:  Apps - Unique and Challenging Data Compliance Issues

Simon Elliott - Partner, Dentons


Apps are now the mainstay of digital engagement for any organisation. Whether used for consumer-facing retail transactions; internal HR / employee management; or facilitating slicker supply chain or business partner engagement, their use is prevalent across many areas of an organisation. While a well-established technology, the data protection compliance challenges continue to evolve as the environment in which they operate changes and the sophistication of data-collection improves. This session includes:

  • How to address the challenges in the collection of location and other device-based data through apps
  • The implications of the changing OS environment including the requirements of iOS14 and other OS
  • How to manage other key data protection and cyber compliance challenges arising from the use of apps
  • Additional regulatory challenges in deploying app-based technology to assist with COVID management

Simon Elliott





View conferences by:






 Hunton Andrews Kurth

  PDP Journals logo


More to follow...



Simon Hall

“The updates on existing subjects were particularly useful.”
David Pickersgill
Johnson & Johnson

“The networking opportunities were very good. Very useful. Will attend again.”
John Pendleton
Old Mutual

“Speakers delivered good insights into various aspects of the GDPR”
Paul Woods
Government Legal Department

“Very informative and well executed conference”
Claire Robson
Kent & Medway NHS Trust

“The hotel facilities were excellent”
Andrew Dyke
Operation Mobilisation

“An interesting day packed with a plethora of useful materials. The conference never disappoints with the quality of speakers, providing insightful and pragmatic views and interpretations.”
Stephanie Allen
Shop Direct Group

“Very enjoyable day! Well worth attendance. Very good speakers.”
Sarah Rudge

“All the sessions were informative and well presented. Very enjoyable!”
Fiona Cadger
Standard Life Aberdeen PLC

“Great conference with diverse topics”
Sara Ewen

“The presentations were excellent and thought provoking”
Catherine Bowen-Walker
Close Brothers

“A very well put together and well run conference”
Helen Worthington
Jerrold Holdings

“This conference cannot be improved. Excellent!”
Caroline Mair
Registers of Scotland

“A very useful and well organised conference”
Alistair Browne
British Council

“Very useful, practical and thought provoking”
Ben Moreland

“I'm extremely impressed by the quality of speakers and content covered. An excellent balance of public and private sectors”
Julie Hinault
States of Jersey Taxes Office

“The mix of speakers meant that a lot of ground was covered effectively.”
Karen Russell
British Arab Commercial Bank

“As usual the Conference was very well organised”
Paul Byrne
British Airways

Greg Steel

“The conference content was excellent and thought provoking”
Kim Walker
Royal Air Force

“A very helpful conference. Took away some good ideas.”
Lesley Richardson
Financial Conduct Authority

“I found all the presentations very useful. The discussion panel was excellent... thoroughly enjoyed this conference and would not hesitate on coming back”
Scott McFarlane
National Trust for Scotland

“Good variety of relevant topics discussed throughout the day.  Speakers were engaging!”
Ellis Bryant
Saga Plc

“Great to see so many different sectors represented. Well organised!”
Jane Davy
University of Southampton

“Overall, an excellent, informative and useful day. Well worth attending"”
Colin Cluney
Department of Finance and Personnel

“All fantastic”
Leslie Waghorn
Virgin Media

“Another excellent year - very current and topical"
Stuart Gittings
Eli Lilly and Co.

“A very useful conference, a good broad range of speakers that were able to give practical advice"
David Mayers
Lisburn City Council

“All topics very relevant – most particularly the bits about social networking and security breaches.”
Jackie Evans
South Wales Fire & Rescue

“Once again a great conference, which gives me plenty to think about and implement!”
Kevin Giles
Glasgow Housing Association

“Very useful conference”
Alan White
Pitney Bowes

“Excellent. A well run event.”
David Higginson
ING Direct

“Great venue, superbly organised, very professional.”
Julie Barclay
Gambro Lundia

“Another excellent conference.”
Lynn Young
British Library

“Excellent venue, delegate packs and catering. Very focussed, practical and relevant.”
Albert Chan
Greater London Authority