18th Annual Data Protection Compliance Conference


 Up to 12 CPD hours awarded

18th Annual Conference


10th & 11th October 2019 - London, UK  


FULLY BOOKED - Please This e-mail address is being protected from spambots. You need JavaScript enabled to view it to be added to waiting list


Workshops - Friday, 11th October 2019


On the second day of the 18th Annual Data Protection Compliance Conference, delegates attend two Workshops (one in the morning and one in the afternoon), each offering practical in-depth analysis of data protection and the GDPR. These interactive sessions explore real-life examples and encourage delegates to discuss individual issues to find out how other organisations comply with the GDPR.

Each of the Workshops is run by one or more Industry Experts and considers practical and realistic case studies. Delegates are welcome to put questions to the Workshop leader and other delegates. The full outline of each Workshop can be viewed here.

Each Workshop is accredited by The Law Society with 3 CPD Points.



Morning Workshops

(select one)

(9.30am - 12.45pm)



Afternoon Workshops

(select one)

(2.00pm - 5.15pm) 

A. Moving from Compliance to Accountability (FULL)   E.

Data Protection in the Workplace – the Latest Guidance (FULL)



Making Sense of Marketing in a Digital World (FULL)

  F. Do I really need consent? (FULL)

Data Protection by Design and by Default – What’s Actually Required? (FULL)


Practical Ramifications of the Right to be Forgotten, and Related Rights (FULL)


GDPR Contracts - Common Issues, Hints and Tips for Contracting and Apportioning Liability (FULL)


Breach Notifications – What’s Required in Practice (FULL)



Workshop Topics


Morning Workshops: 9.30 am - 12.45 pm


Bridget TreacyA.  Moving from Compliance to Accountability

Bridget Treacy - Partner, Hunton Andrews Kurth

(This session is now FULL)

Many organisations consider they have now achieved a good level of compliance with the GDPR, but how many organisations have truly embraced accountability, and that all that it entails? For many organisations, accountability remains a challenge. In this Workshop, delegates will:

  • consider in detail the universal elements of accountability
  • learn how the requirements of the GDPR map to the requirements of accountability
  • understand what data protection regulators expect from accountable organisations
  • consider practical challenges to implementing accountability, and how to overcome them


Liz FitzsimonsB.  Making Sense of Marketing in a Digital World

Liz Fitzsimons - Partner, Eversheds Sutherland

(This session is now FULL)

Marketing is a critical area for most businesses and is heavily impacted by the GDPR, as well as e-privacy legislation. With the changes to these regimes and their interpretation, combined with the regulatory interest in new technologies and compliant approaches, especially online, there is increasing pressure to adopt practices that are appropriate. This Workshop provides delegates with practical insights to:

  • make sense of relevant GDPR and e-Privacy legal requirements which apply,including an analysis of the relevant aspects of the UK’s Data Protection, Privacy and Electronic Communications (Amendments) (EU Exit) Regulations 2019
  • improve awareness of the overlap between cookies, personal data and the GDPR
  • understand when e-Privacy applies in addition to the GDPR
  • design a marketing strategy informed by the limitations in respect of reliance on consent and/or legitimate interests
  • improve awareness of steps needed to deal with opt-in, opt-out and withdrawal of consent


Peter GivenC.  Data Protection by Design and by Default – What’s Actually Required?

Peter Given - Legal Director, Womble Bond Dickinson

(This session is now FULL)

Data protection by design requires building data protection into the design, operation and management of any project that involves the processing of personal data. Data protection by default is the requirement to implement appropriate technical and organisational measures to ensure that, by default, only personal data which are necessary for each specific purpose are processed. This Workshop considers these requirements in practical contexts using case studies, and includes:

  • understanding what may need to be changed in your organisation
  • designing an effective framework so that design and default elements are built in
  • creating necessary awareness amongst staff members

James Clark
D.  GDPR Contracts - Common Issues, Hints and Tips for Contracting and Apportioning Liability

James Clark - Senior Associate, DLA Piper

(This session is now FULL)

Whilst the rush to update contracts prior to the entry into force of the GDPR has now passed, many organisations are still finding that data protection is one of the most complex and protracted parts of any contract negotiation. As the move towards standalone data processing and data sharing agreements solidifies, understanding how to negotiate data protection terms, as either a controller or processor, is more important than ever. This Workshop analyses the practical issues which arise in contract negotiations, including:

  • audit rights
  • sub-processor models
  • provision of assistance by the processor, including recovery of costs
  • international transfer permissions
  • descriptions of data processing
  • liability - including indemnities and liability caps
  • data sharing and joint controller agreements



Afternoon Workshops: 2.00 pm - 5.15 pm


Ann BevittE.  Data Protection in the Workplace – the Latest Guidance

Ann Bevitt - Partner, Cooley (UK) LLP

(This session is now FULL)

The GDPR requires significant changes to how employers handle their employees’ personal data. Many standard HR practices which existed prior to the GDPR now need to be altered or removed altogether. This Workshop provides delegates with guidance on the changes that need to be made to HR practices, including detailed guidance in the following two key areas:

  • conducting pre-employment background checks: what can be asked and when?
  • monitoring employees in the workplace: what notice now needs to be given to employees and how should data obtained from monitoring be handed?


Mark WattsF.  Do I really need consent?

Mark Watts - Partner, Bristows

(This session is now FULL)

The GDPR has brought a much closer focus on the need for a controller to have a ‘lawful basis’ to process personal data and, if relevant, special category personal data. While obtaining a data subject’s consent is one of a range of possible options, it is by no means always required and is often not the most appropriate basis. This workshop looks closely at the circumstances when consent should (and shouldn’t) be the ‘go to’ basis, as opposed to other lawful bases available, by considering a variety of practical scenarios and asking:

  • what are the requirements for a lawfully valid consent?
  • is consent practical?
  • what is the impact on individual rights?
  • when are other lawful bases better?


Leonie PowerG. Practical Ramifications of the Right to be Forgotten, and Related Rights

Leonie Power - Partner, Fieldfisher

(This session is now FULL)

The GDPR creates a much stronger right of erasure of personal data (“right to be forgotten”) than existed previously. But the way in which this right works, and exactly when individuals are entitled to have their data deleted by controllers, can be confusing. This session explains the right in detail and provides delegates with practical guidance on:

  • when the right actually applies
  • what the requester is entitled to
  • the extent of the obligations on controllers as regards data deletion
  • the exceptions to the right to be forgotten (when requests can be refused)
  • insight into the practical implications of the related rights of objection and restriction


John O'BrienH.  Breach Notifications – What’s Required in Practice

John O'Brien - Associate, Reed Smith

(This session is now FULL)

Whilst organisations are required to inform the Supervisory Authority of data breaches in certain circumstances, it remains unclear as to exactly what those circumstances are. The ICO and other European regulators have said that they are receiving too may notifications when they aren’t necessary. But, on the other hand, we don’t want to fail to notify when it’s a requirement to do so (not least due to the hefty potential fines). This Workshop looks at all practical aspects of the breach notification process, including:

  • how to identify the types of incidents that must be notified to data protection regulators
  • practical advice on how to prepare for possible breach notifications (including incident response plans)
  • how to go about notifying regulators: what regulators expect to be told
  • how to maintain the compulsory internal breach register
  • what triggers the additional requirement to notifiy individuals



Easy Ways to book

  • Book online
  • Book by telephone at +44 (0) 207 014 3399
  • Book by sending an This e-mail address is being protected from spambots. You need JavaScript enabled to view it




Make a booking with PDP Training

Sign up for PDP's Email Newsletter

View conferences by:


Conference Brochure PDF available to view and download


Download Conference brochure here


View PDF Brochure here >







Hunton Andrews Kurth


OneTrust Data Guidance





 PDP Journals logo



Simon Hall

“The updates on existing subjects were particularly useful.”
David Pickersgill
Johnson & Johnson

“The networking opportunities were very good. Very useful. Will attend again.”
John Pendleton
Old Mutual

“Speakers delivered good insights into various aspects of the GDPR”
Paul Woods
Government Legal Department

“Very informative and well executed conference”
Claire Robson
Kent & Medway NHS Trust

“The hotel facilities were excellent”
Andrew Dyke
Operation Mobilisation

“An interesting day packed with a plethora of useful materials. The conference never disappoints with the quality of speakers, providing insightful and pragmatic views and interpretations.”
Stephanie Allen
Shop Direct Group

“Very enjoyable day! Well worth attendance. Very good speakers.”
Sarah Rudge

“All the sessions were informative and well presented. Very enjoyable!”
Fiona Cadger
Standard Life Aberdeen PLC

“Great conference with diverse topics”
Sara Ewen

“The presentations were excellent and thought provoking”
Catherine Bowen-Walker
Close Brothers

“A very well put together and well run conference”
Helen Worthington
Jerrold Holdings

“This conference cannot be improved. Excellent!”
Caroline Mair
Registers of Scotland

“A very useful and well organised conference”
Alistair Browne
British Council

“Very useful, practical and thought provoking”
Ben Moreland

“I'm extremely impressed by the quality of speakers and content covered. An excellent balance of public and private sectors”
Julie Hinault
States of Jersey Taxes Office

“The mix of speakers meant that a lot of ground was covered effectively.”
Karen Russell
British Arab Commercial Bank

“As usual the Conference was very well organised”
Paul Byrne
British Airways

Greg Steel

“The conference content was excellent and thought provoking”
Kim Walker
Royal Air Force

“A very helpful conference. Took away some good ideas.”
Lesley Richardson
Financial Conduct Authority

“I found all the presentations very useful. The discussion panel was excellent... thoroughly enjoyed this conference and would not hesitate on coming back”
Scott McFarlane
National Trust for Scotland

“Good variety of relevant topics discussed throughout the day.  Speakers were engaging!”
Ellis Bryant
Saga Plc

“Great to see so many different sectors represented. Well organised!”
Jane Davy
University of Southampton

“Overall, an excellent, informative and useful day. Well worth attending"”
Colin Cluney
Department of Finance and Personnel

“All fantastic”
Leslie Waghorn
Virgin Media

“Another excellent year - very current and topical"
Stuart Gittings
Eli Lilly and Co.

“A very useful conference, a good broad range of speakers that were able to give practical advice"
David Mayers
Lisburn City Council

“All topics very relevant – most particularly the bits about social networking and security breaches.”
Jackie Evans
South Wales Fire & Rescue

“Once again a great conference, which gives me plenty to think about and implement!”
Kevin Giles
Glasgow Housing Association

“Very useful conference”
Alan White
Pitney Bowes

“Excellent. A well run event.”
David Higginson
ING Direct

“Great venue, superbly organised, very professional.”
Julie Barclay
Gambro Lundia

“Another excellent conference.”
Lynn Young
British Library

“Excellent venue, delegate packs and catering. Very focussed, practical and relevant.”
Albert Chan
Greater London Authority