PDP Annual Data Protection Compliance Conference (2023)

Data Protection Conference

Central London / Virtual  


Wednesday 4th - Friday, 6th October 2023



Workshops - Day 2 & Day 3

5th & 6th October 2023

Led by Industry Experts, each Workshop is highly practical and explores a range of key topics/themes through case-studies and group activities.



Day 2 Workshops - in-Person

Day 2 - In-Person Workshops

(Thursday, 5th October 2023)

On the second day, delegates select an initial two Workshops (from a choice of six) to attend in-person at the Conference venue in Central London.


WORKSHOP E - FULL (Day 3 virtual passes for these workshops are still available)

WORKSHOPS A, C & F - Final Few Places Remaining

Day 3 Workshops - Virtual

Day 3 - Virtual Workshops

(Friday, 6th October 2023)

On the third day, delegates select a further two Workshops conducted via the Virtual meetings platform, Webex


Morning Workshops - Day 2 & Day 3

Peter Given

Workshop A:  Breach Notification: a Deep Dive into What, When and Who to Notify

Peter Given - Partner, EY


This practical Workshop explores the often tricky subject of regulator and data subject notification under the GDPR. It looks at when notification must be made, what needs to be notified (and how this might be done) and who needs to be notified. Case studies and war stories will be used throughout the session to bring the materials to life. In particular, the Workshop covers:

  • Assessing the risk of a personal data breach
  • Identifying when notification is required and to whom
  • The form and approach to notification
  • Common challenges and how to overcome them




Liz Fitzsimons WORKSHOP B:   Data Transfers – Understanding the New Requirements

Liz Fitzsimons - Partner - Eversheds


We have long been familiar with the need to protect international transfers of personal data. More recently, there have been several changes, including the end of the Brexit transition period and updated standard contractual clauses in the EU and UK, which means that many organisations are having to re-assess their data transfers. This Workshop provides practical guidance and advice, including:  

  • Improving your organisation’s approach to transfer risk assessments
  • Considering necessary steps to ensure a data transfer is suitably safeguarded
  • Understanding key issues and differences between available safeguards, and
  • Making effective use of the new forms of standard contractual clauses


Andy Kimble

WORKSHOP C:   Implications of the Use of New Technologies in the Workplace

Andy Kimble - Partner, Womble Bond Dickinson


The use of new technologies can save time and improve efficiency. However, to ensure compliance with data protection laws, businesses must deploy new technologies, including AI, fairly in the workplace, including having an appropriate framework governing the deployment and sufficient oversight to manage any issues. This Workshop considers:

  • Using new technologies in an HR context and the challenges of ensuring compliance with data protection laws at all stages of the employment lifecycle including recruitment
  • The increasing opportunities for organisations to use new technologies to monitor employees
  • The competing interests between an employer's legitimate interest to ensure productivity in the workplace and an employee's right to privacy
  • Understanding what employers can lawfully monitor and what they cannot
  • The practical challenges that organisations face in ensuring compliance with both data protection laws and possible future regulation on AI, particularly in light of the divergent approach between the UK and EU to the regulation of AI



Afternoon Workshops - Day 2 & Day 3

Vicki Bowles WORKSHOP D:  Cookie Masterclass

Vicki Bowles - Barrister, VWV


Over the years there has been a subtle (and sometimes not so subtle) shift in the rules and culture in relation to cookies. With the release of the European Data Protection Board report on the cookie taskforce earlier this year, the guidance is clear that a stricter approach to consent and choice is required. But what exactly are the rules, and what are the risks in this area? In this Workshop, delegates will:

  • Understand the types of cookies that are available for a website to set, and the rules that exist in relation to each type
  • Explore different ways of complying with the rules
  • Look at the risks involved in various common strategies that have been adopted to date
  • Understand what can be done with the information you collect using cookies, and why it can be helpful


Ellis Parry WORKSHOP E:   Keeping up With Requirements on Privacy Notices / Transparency - “When is Good, Good Enough?”

Ellis Parry - Privacy Consultant (formally of the ICO)


Post GDPR, organisations benchmarked their initial approach to satisfying their online transparency obligations against where the market practice had settled, usually satisfying themselves that they were “middle of the pack” within the broad consensus that was reached on how to satisfy the GDPR’s requirements. Then the EDPB overruled the Irish DPC with a forensic analysis of WhatsApp’s privacy notice and practices. The EDPB’s broadside has left many controllers wondering whether their current online notices meet the newly clarified standards to achieve transparency. This Workshop includes:

  • A refresher of what the GDPR demands
  • Examples of how that was interpreted prior to the WhatsApp Decision
  • An analysis of the EDPB’s Decision and its impact
  • How to benchmark how your organisation’s transparency efforts rank currently
  • An analysis of where the transparency goal posts have been moved to and key insights into what will be needed in your organisation to bring transparency efforts up to scratch


Damien Welfare WORKSHOP F:   A Practical Guide to Key Aspects of the UK’s Proposed New Data Protection Law

Damien Welfare - Former Public Law Barrister


The UK’s proposed new data protection law, as initially introduced into Parliament last year, contains some important changes of which data protection practitioners need to be aware. Although the new law has yet to reach its final form, the Bill sets a clear direction of travel, and this Workshop includes the following:

  • The new definition of “personal data”, in particular the scope and timing of when an individual should be regarded as identifiable
  • New lawful basis for processing for “recognised legitimate interests”
  • The loosening of the “purpose limitation” principle and its implications
  • Replacing DPOs with “Senior Responsible Individuals”
  • High Risk processing: ICO consultation to be discretionary

Book Now

Sign up to PDP's email News Updates

View conferences by:

This Event is

sponsored by:


Eversheds Sutherland












Simon Hall

“The updates on existing subjects were particularly useful.”
David Pickersgill
Johnson & Johnson

“The networking opportunities were very good. Very useful. Will attend again.”
John Pendleton
Old Mutual

“Speakers delivered good insights into various aspects of the GDPR”
Paul Woods
Government Legal Department

“Very informative and well executed conference”
Claire Robson
Kent & Medway NHS Trust

“The hotel facilities were excellent”
Andrew Dyke
Operation Mobilisation

“An interesting day packed with a plethora of useful materials. The conference never disappoints with the quality of speakers, providing insightful and pragmatic views and interpretations.”
Stephanie Allen
Shop Direct Group

“Very enjoyable day! Well worth attendance. Very good speakers.”
Sarah Rudge

“All the sessions were informative and well presented. Very enjoyable!”
Fiona Cadger
Standard Life Aberdeen PLC

“Great conference with diverse topics”
Sara Ewen

“The presentations were excellent and thought provoking”
Catherine Bowen-Walker
Close Brothers

“A very well put together and well run conference”
Helen Worthington
Jerrold Holdings

“This conference cannot be improved. Excellent!”
Caroline Mair
Registers of Scotland

“A very useful and well organised conference”
Alistair Browne
British Council

“Very useful, practical and thought provoking”
Ben Moreland

“I'm extremely impressed by the quality of speakers and content covered. An excellent balance of public and private sectors”
Julie Hinault
States of Jersey Taxes Office

“The mix of speakers meant that a lot of ground was covered effectively.”
Karen Russell
British Arab Commercial Bank

“As usual the Conference was very well organised”
Paul Byrne
British Airways

Greg Steel

“The conference content was excellent and thought provoking”
Kim Walker
Royal Air Force

“A very helpful conference. Took away some good ideas.”
Lesley Richardson
Financial Conduct Authority

“I found all the presentations very useful. The discussion panel was excellent... thoroughly enjoyed this conference and would not hesitate on coming back”
Scott McFarlane
National Trust for Scotland

“Good variety of relevant topics discussed throughout the day.  Speakers were engaging!”
Ellis Bryant
Saga Plc

“Great to see so many different sectors represented. Well organised!”
Jane Davy
University of Southampton

“Overall, an excellent, informative and useful day. Well worth attending"”
Colin Cluney
Department of Finance and Personnel

“All fantastic”
Leslie Waghorn
Virgin Media

“Another excellent year - very current and topical"
Stuart Gittings
Eli Lilly and Co.

“A very useful conference, a good broad range of speakers that were able to give practical advice"
David Mayers
Lisburn City Council

“All topics very relevant – most particularly the bits about social networking and security breaches.”
Jackie Evans
South Wales Fire & Rescue

“Once again a great conference, which gives me plenty to think about and implement!”
Kevin Giles
Glasgow Housing Association

“Very useful conference”
Alan White
Pitney Bowes

“Excellent. A well run event.”
David Higginson
ING Direct

“Great venue, superbly organised, very professional.”
Julie Barclay
Gambro Lundia

“Another excellent conference.”
Lynn Young
British Library

“Excellent venue, delegate packs and catering. Very focussed, practical and relevant.”
Albert Chan
Greater London Authority