Morning Workshops - Day 2 & Day 3

WORKSHOP A:   

Top 10 Practical Impacts of the UK's Data Protection Reforms

Kate Brimsted - Partner, Shoosmiths

Alice Wallbank - Professional Support Lawyer, Shoosmiths

Data reforms are coming to the UK! Changes include additional grounds for processing personal data, amendments to the requirement to inform individuals about processing, updates to the ‘legitimate interests’ basis for using data, reforms to the restrictions on international transfers and automated processing, and enhanced powers for the regulator (whose name will change to the Information Commission). This Workshop explores the Top 10 impacts of the imminent reforms - centered on the Data (Use and Access) Bill - and the practical effects for those working in data protection.

WORKSHOP B:

Use of Biometric Technologies & CCTV

Peter Given - Partner, DAC Beachcroft

Jade Kowalski - Partner, DAC Beachcroft

Whilst CCTV has long been in use by organisations, it continues to present complex data protection challenges. The rise of biometric technology has once again brought this issue to the fore. However, many organisations also recognise its benefits and are now considering the use of such technology. This workshop provides delegates with practical insights on:

• best practice when using CCTV and biometric technologies
• the legal requirements around the use of biometric technologies and CCTV including recent enforcement action
• the key issues that need to be considered and addressed in the deployment of these technologies, as well as the practicalities of undertaking a Data Protection Impact Assessment

Case studies and real-world examples to bring the materials to life.

WORKSHOP C:    

Helping Employees Meet Their Data Protection Obligations

Vicki Bowles - Partner & Barrister, Bevan Brittan

• looking at potential roles and responsibilities for employees and how these fit within the organisation
• assessing potential policies and procedures to work out what would be helpful in your organisation
• reviewing the requirement for training, and discussing how to ensure that training is the best fit for your employees
• discussing how to approach the security requirement under the UK GDPR with employees and looking at what is necessary and what can be helpful

Afternoon Workshops - Day 2 & Day 3

WORKSHOP D:  

Reconciling AI Compliance with the GDPR  

Andrew Kimble - Partner, Womble Bond Dickinson

Katie Simmonds - Managing Associate, Womble Bond Dickinson

As the rate of AI adoption continues to increase, organisations must grapple with the challenge of ensuring these new technologies comply with new AI laws and guidance, while also ensuring compliance with the GDPR. Even where AI governance sits outside of the remit of the DPO or data protection department in your organisation, the use of AI technologies could lead to GDPR breaches. This Workshop:

• considers how data protection compliance regimes can be adapted/extended for the advancement and use of AI tools
• examines the automated decision-making requirements under the GDPR and under the new DUA Bill, and how these requirements apply in the context of AI 
• analyses the evolving regulatory landscape, including the EU AI Act's risk-based approach and how this enhances/builds on the existing principles set out in the GDPR, the UK's pro-innovation focus, and the ICO's strategic approach to regulating AI
• provides practical guidance, focussing on the use of human oversight and adopting a privacy by design approach to projects involving AI, as well as how to achieve these effectively when buying in AI tools from third party suppliers

This Workshop uses case-studies to highlight potential adverse consequences, and how to avoid them, where privacy compliance has not been adequately factored into the roll-out of AI systems.

WORKSHOP E:  

Individuals' Rights - Practical Risk-Based Compliance

Liz Fitzsimons - Partner, Eversheds Sutherland

• understanding the limits of each right and when rights are not relevant
• improved awareness of your obligations in relation to each right and available options for dealing with them
• how and when best to use available exemptions
• techniques to aid organisational focus on affected data and records
• defending alleged non-compliance

WORKSHOP F: 

Children's Personal Data - the Additional Considerations

Claire Hall - Legal Director, VWV

• when the Children's Code applies and how to implement its requirements
• navigating the interplay between data protection compliance and safeguarding obligations
• what to consider when doing Legitimate Interests Assessments in relation to children's data
• how to create privacy notices with age-appropriate language, visuals, and layered approaches
• managing children's data rights requests, e.g. subject access requests, including considering the exemptions that commonly apply