PDP's 14th Annual Data Protection Practical Compliance Conference





Day 2 - Friday, 15th November 2019


On the second day of the Conference, delegates choose two Workshops (one in the morning and one in the afternoon) each offering practical in-depth analysis of data protection and the GDPR. These interactive sessions explore real-life examples and encourage delegates to discuss individual issues to find out how other organisations comply with the GDPR.

Each of the Workshops is run by one or more Industry Experts and considers practical and realistic case studies. Delegates are welcome to put questions to the Workshop leader and other delegates. The full outline of each Workshop can be viewed here.

The Institute of Banking, the LIA and the Insurance Institute of Ireland award 2.5 hours CPD for attendance at one Workshop and 4 CPD hours for attendace at both Workshops.


 Timings for the Workshops Day


Morning Workshops
(10.00am - 12.45pm)


Afternoon Workshops
(2.00pm - 4.45pm)


Breach Notifications – What’s Required in Practice (FULL)

  D. Making Sense of Marketing in a Digital World

Data Protection in the Workplace – the Latest Thinking


Moving from Compliance to Accountability (FULL)


Do I really need consent?

  F. GDPR Contracts - Common Issues, Hints and Tips for Contracting and Apportioning Liability




Workshop Topics




Morning Workshops - 10.00 am - 12.45 pm


Brian Johnston

Workshop A:  Breach Notifications – What’s Required in Practice

Brian Johnston - Partner, Mason, Hayes & Curran

(This session is FULL)

Whilst organisations are required to inform the Supervisory Authority of data breaches in certain circumstances, it remains unclear as to exactly what those circumstances are. The DPC and other European regulators have said that they are receiving too many notifications when they aren’t necessary. But, on the other hand, we don’t want to fail to notify when it’s a requirement to do so (not least due to the hefty potential fines). This Workshop looks at all practical aspects of the breach notification process, including:

  • how to identify the types of incidents that must be notified to data protection regulators
  • practical advice on how to prepare for possible breach notifications (including incident response plans)
  • how to go about notifying regulators: what regulators expect to be told
  • how to maintain the compulsory internal breach register
  • what triggers the additional requirement to notify individuals



Linda Hynes

Workshop B:  Data Protection in the Workplace – the Latest Thinking

Linda Hynes - Partner, Lewis Silkin Ireland

The GDPR has a significant impact on how employers handle their employees’ personal data. Many standard HR practices which existed prior to the GDPR now need to be documented and adapted. This Workshop provides delegates with guidance on the changes that need to be made to HR practices, including detailed guidance in the following key areas:

  • conducting pre-employment background checks: what can be asked and when?
  • monitoring employees in the workplace: what notice needs to be given to employees and how can data obtained from monitoring be used?
  • providing employees with copies of the data: how should access requests now be handled?
  • changing the culture – what do employees need be equipped with to ensure GDPR compliance?



Doug McMahon

Workshop C:  Do I really need consent?

Doug McMahon - Senior Associate, McCann FitzGerald

The GDPR has brought a much closer focus on the need for a controller to have a ‘lawful basis’ to process personal data and, if relevant, special category personal data. While obtaining a data subject’s consent is one of a range of possible options, it is by no means always required and is often not the most appropriate basis. This workshop looks closely at the circumstances when consent should (and shouldn’t) be the ‘go to’ basis, as opposed to other lawful bases available, by considering a variety of practical scenarios and asking:

  • what are the requirements for a lawfully valid consent?
  • is consent practical?
  • what is the impact on individual rights?
  • when are other lawful bases better?





Afternoon Workshops -  2.00 pm - 4.45 pm


Liz FitzsimonsWorkshop D:  Making Sense of Marketing in a Digital World

Liz Fitzsimons - Partner, Eversheds Sutherland

Marketing is a critical area for most businesses and is heavily impacted by the GDPR, as well as e-privacy legislation. With the changes to these regimes and their interpretation, combined with the regulatory interest in new technologies and compliant approaches, especially online, there is increasing pressure to adopt practices that are appropriate. This Workshop provides delegates with practical insights to:

  • make sense of relevant GDPR and e-Privacy legal requirements which apply
  • improve awareness of the overlap between cookies, personal data and the GDPR
  • understand when e-Privacy applies in addition to the GDPR
  • design a marketing strategy informed by the limitations in respect of reliance on consent and/or legitimate interests
  • improve awareness of steps needed to deal with opt-in, opt-out and withdrawal of consent



stephanie-pritchett-f2f2f2-webWorkshop E:  Moving from Compliance to Accountability

Stephanie Pritchett - Partner, Pritchetts Law LLP

(This session is FULL)

Many organisations consider they have now achieved a good level of compliance with the GDPR, but how many organisations have truly embraced accountability, and all that it entails? For many organisations, accountability remains a challenge. In this Workshop, delegates:

  • consider in detail the universal elements of accountability
  • learn how the requirements of the GDPR map to the requirements of accountability
  • understand what data protection regulators expect from accountable organisations
  • consider practical challenges to implementing accountability, and how to overcome them



James ClarkWorkshop F:  GDPR Contracts - Common Issues, Hints and Tips for Contracting and Apportioning Liability

James Clark - Senior Associate, DLA Piper

Whilst the rush to update contracts prior to the entry into force of the GDPR has now passed, many organisations are still finding that data protection is one of the most complex and protracted parts of any contract negotiation. As the move towards standalone data processing and data sharing agreements solidifies, understanding how to negotiate data protection terms, as either a controller or processor, is more important than ever. This Workshop analyses the practical issues which arise in contract negotiations, including:

  • audit rights
  • sub-processor models
  • provision of assistance by the processor, including recovery of costs
  • international transfer permissions
  • descriptions of data processing
  • liability - including indemnities and liability caps
  • data sharing and joint controller agreements





To make a booking:

  • Complete the online booking form
  • Send us an This e-mail address is being protected from spambots. You need JavaScript enabled to view it
  • Telephone the PDP Office +44 (0)207 014 3399

Make a booking with PDP Training

Sign up for PDP's Email Newsletter

View conferences by:


Conference Brochure PDF available to view and download




View PDF Brochure here >



 McCann FitzGerald



OneTrust Data Guidance





"Excellent day! The presentations provided practical advice that will be useful in my day to day job."
Jason Palmer
AXA Life Europe Ltd


"Particularly useful was the guidance on formulation and structure of data protection policies."
Dan McDonnell
Co Carlow VEC


"Extremely helpful and well organised"
Jim O’Connell
Douglas Credit Union


"Each presentation had something important to reflect on"
Marie Cussen


"Content was excellent"
Philip Higgins
ESB Energy Solutions


"Very informative and enjoyable. The handouts are very good"
Stephen Nolan


"Excellent presentations"
Paul Dawson
Dublin City Council


"Good to hear about the new developments. Very passionate speakers"
Ann Smith
Chartered Accountants Ireland


"The presenters were very interesting."
Muriel Koyce
Sunbeam House Services


"I found the Conference to touch all the relevant areas for practitioners and something that I have no doubt will be utilised within my organisation"
Lynne Martin
Eirecom Limited


"Great mix of topics/issues relating to data protection."
Tony Hughes
Waterford Credit Union


"Good tips on outsourcing. The lessons learned from breaches was very useful."
Bernadette Ryan
Bord Gais Eireann


"Speakers were very knowledgeable and articulate"
Philip Higgins
ESB Electric


"It was well put together. Good speakers, content and venue. First class. Thank you."
Danny O’Donoghue
Bishopstown Credit Union

“Excellent conference… really interesting. You covered a multitude of topics which has given me a food for thought!”
Louise Colgen
Central Bank of Ireland


"Very useful and informative"
Cathal McDermott


"Great event. All speakers and presentations were compelling and relevant"
Brian Short
Irish Continental Group plc


"Informative as usual"
Helen Sheehan
Euromedic Diagnostics Ltd


"The theory and practical advice given were highly welcomed"
Ann Smith
Chartered Accountants Ireland


"The presenters were very interesting."
Judith Fanning


"The practicality of the subjects was brilliant. A real feeling of having learned something to take away and think about"
Nicola Flannery
Paddy Power Plc


"Every subject was relevant and current"
Veronica O’Brien
Irish Water


"A very useful conference for all DP Practitioners and a great opportunity to share experiences with other practitioners in the field"
Catriona O’Sullivan
University College Cork


"This year, I was very happy with all the presentations. Thank you for organising it"
Irina Sharapova
Kerry Group Plc


"I found the conference not only to be practical, but enjoyable which was down to the standard and quality of the presenters"
Martina McKenna
Cavan and Monaghan Education and Training Board