Call to book: 01983 861133

GDPR Employee Data Conference for Employers, One Year On: An Essential Update

Novotel London West , Hammersmith, London W6 8DR

The implementation of the GDPR in May 2018 has forced employers to rethink how they process and store data, and in some cases, to transform workplace culture in order to comply. A recent survey indicated that 12 months on, one in three UK companies are still not fully GDPR compliant.

Registration fee: £395 + VAT

All dates and locations:

Thursday 16th May - London

Wednesday 16th October - London

Employees and other staff members are increasingly aware of their Data Protection rights, and the numbers of staff, consultants and agency workers requesting SARs is increasing. Does your HR function have the knowledge and policy to manage this? Most organisations still need to learn how to minimise the costs and difficulties of managing SARs.

The ICO is recording a huge rise in complaints, and the punitive measures for non-compliance are serious. Alongside sizable fines, there is also the risk of prosecution and damage to your organisation’s reputation and shareholder value.

This event, building on several year’s delivery of successful GDPR preparation events, draws on unparalleled expertise and experience in this tricky area to deliver a comprehensive programme to ensure your staff can spot potential data protection issues and implement solutions before the problem grows.

Attendees will learn how to avoid costly employment disputes and take steps to protect your organisation through a thorough review, preparation and implementation of workable policies.

BFI ran 11 GDPR planning and preparation conferences for employers, and 8 workshops across the UK in 2017 and 2018. These events featured the most respected practitioners and lawyers in this space.

What you will learn:

  • Key policy changes and a comprehensive checklist of potentially vulnerable areas
  • A thorough understanding of content, processing, transfer and disposal: have you done enough?
  • How to implement a data protection assessment
  • Clarification of difficult areas such as special categories, agency workers and consultants
  • Lessons from the latest cases and rulings: enforcement and compensation
  • Key technical measures to implement
  • How to plan for and respond to a data breach
  • A comprehensive policy and practice checklist you can implement in your own organisation

Past GDPR conference delegates said:

“Speakers were very knowledgeable, was well delivered and the sessions were engaging.”- Dept of Work & Pensions

“Speakers were informative, professional, very engaging and tailored it well to the audience.”- Office for National Statistics

“Excellent”- Skipton Building Society & Imperial Brands

Which functions will benefit from attending

  • HR professionals, In-house lawyers, Security, Compliance, IT, Finance, Policy, Management and anyone with a basic understanding of the GDPR, seeking to grapple with the challenges it presents as related to HR employee data and processes

Hear from

Schedule

Coffee and registration

CHAIR’S INTRODUCTION AND ESTABLISHING LEARNING OBJECTIVES AND OUTCOMES

Rowenna Fielding

Rowenna Fielding

Senior Data Protection Lead
Protecture Limited

View Bio
Protecture Limited logo

Rowenna Fielding

Senior Data Protection Lead , Protecture Limited

Rowenna works as a Data Protection Lead for Protecture (protecture.org.uk). Being hugely enthusiastic about data protection, she is also on the executive committee of the National Association of Data Protection and Freedom of Information Officers (NADPO) as well as being a member of a variety of professional associations related to privacy, information security and records management. Rowenna holds the ISEB Certificate in Data Protection and the IDM GDPR Award.

CRUCIAL POLICY CHANGES AND UPDATES: A CHECKLIST

Rowenna Fielding

Rowenna Fielding

Senior Data Protection Lead
Protecture Limited

View Bio
Protecture Limited logo

Rowenna Fielding

Senior Data Protection Lead , Protecture Limited

Rowenna works as a Data Protection Lead for Protecture (protecture.org.uk). Being hugely enthusiastic about data protection, she is also on the executive committee of the National Association of Data Protection and Freedom of Information Officers (NADPO) as well as being a member of a variety of professional associations related to privacy, information security and records management. Rowenna holds the ISEB Certificate in Data Protection and the IDM GDPR Award.

  • Evaluating where your organisation should be now
  • Common mistakes and misunderstandings
  • What to expect from the ICO
  • E-privacy and regulation: the implications
  • Enforcement and the latest industry developments
  • Cases and lessons learned

DIFFICULT AREAS TO CLARIFY

James Leaton Gray

James Leaton Gray

Consultant
The Privacy Practice

View Bio
The Privacy Practice logo

James Leaton Gray

Consultant , The Privacy Practice

At the Privacy Practice James provides consultancy services in Data Protection and Privacy. A leading thinker in the policy debates in this vital arena, he is regularly invited to address conferences in the UK and internationally. He specialises in making compliance part of business operations, not a legal tick box exercise. He writes the Privacy Practice Blog shining light onto current issues in Privacy. He is also an associate of Kemp Little Consulting (KLC) a new type of consulting firm operating at the intersection of technology, law and consulting. For KLC his role is to help develop and provide privacy and data related services. For over 10 years James lead the BBC’s Information Policy and Compliance Department, in the BBC's Legal section. There he oversaw the operation of the Corporation’s systems for compliance with the Data Protection and Freedom of Information Acts. Before he left the BBC he led the development of privacy and data governance for myBBC as it developed its big data capability. Additionally he provided expert advice on media and privacy and lobbying on the proposed EU GDPR. James worked in broadcasting, mainly for the BBC, for over 30 years. He has worked on a wide variety of management roles including overseeing projects to ensure the BBC’s impartiality during elections and the introduction of staff multi-skilling in areas of BBC News. Before joining the Legal Division he was a programme maker and spent much of his time in political journalism. He edited many of the BBC’s Political and Parliamentary programmes. He has an MBA specialising in strategy.

  • ‘Special categories’ of personal data
  • Criminal convictions
  • Age verification for online services to children
  • Establishing Appropriate Policy Documents: procedures for complying, policy on retention and erasure of data – stand-alone vs combined documents
  • Consultants and agency workers

DATA SUBJECT ACCESS REQUESTS (DSAR's)

Olivia Sinfield

Olivia Sinfield

Associate Director
Osborne Clarke

View Bio
Osborne Clarke logo

Olivia Sinfield

Associate Director , Osborne Clarke

Olivia has more than fifteen years’ experience of advising employers and senior executives in the full range of contentious and non- contentious issues arising during the employment life cycle. Olivia re-joined the Osborne Clarke London employment team in 2016 having worked for a niche employment law practice for the previous seven years. This has provided her with an additional perspective having advised both employers and employees. Prior to that, she worked for five years at Osborne Clarke joining from another international law firm. Olivia has extensive experience in advocacy in the Employment Tribunal having represented Respondents and Claimants at preliminary and full hearings. She has also participated in the Judicial Shadowing Scheme. Olivia is experienced in dealing with a wide range of employment issues but has particular experience in: • HR data protection and privacy issues; • Employment Tribunal litigation including bonus claims; • Restrictive covenants and injunctions; • Restructuring and collective redundancies; • Business critical issues including board disputes, change management and discrimination claims. Olivia has a particular interest, and experience, in providing legal and HR training to HR departments and managers in a broad spectrum of employment issues. Olivia prides herself on giving practical and accessible, user friendly, ‘no nonsense’ pragmatic and commercial advice. Olivia is a member of the Employment Lawyers’ Association and a regular media contributor in respect of HR data protection issues and considerations.

  • What's new since the GDPR and DPA 2018?
  • How should you react to a SAR and when can you say no?
  • What constitutes an ‘complex request’?
  • When can you extend the response time?
  • What are the repercussions? Staff training; policy amends; streamlining systems; record-keeping; form of responses.
  • Top tips for dealing

Morning coffee and networking

OTHER RIGHTS

Gayle McFarlane

Gayle McFarlane

Partner
Eversheds Sutherland

View Bio
Eversheds Sutherland logo

Gayle McFarlane

Partner , Eversheds Sutherland

I am an experienced commercial lawyer, with well over a decade of experience in working and building relationships with corporate counsel, procurement and compliance teams. I have a particular interest in all things technology and data related – e-commerce, software development, IT outsourcing, data protection, freedom of information, data security and all things digital. I have a keen interest in technology - in its use to ease the burden of compliance responsibilities, but also in its application in business, and advises clients on their technology licensing and development, and, particularly pertinent regarding licence compliance issues, the use of open source software. From conducting data protection audits, overseeing the development of compliant CRM solutions, advising businesses on how to integrate their data and the public sector on when they are able to exploit their data, and working both to achieve the disclosure of data, and protect it when disclosure would have been detrimental under the Freedom of Information Act, there are very few aspects of the legislation she haven't scrutinised.

  • The ‘right to be forgotten’: latest case law and guidance
  • The cost of non-compliance
  • Disciplinary warnings and records: clarifying the law
  • Personal data erasure, rectification, portability
  • Updating: grounds for objecting to processing: where do you stand?

DATA PROTECTION IMPACT ASSESSMENTS

  • What is it and how does it differ from Privacy Impact Assessments
  • Scope and timing of implementing a DPIA

OUTSTANDING QUESTIONS AND WRAP UP

Lunch and networking

TECHNICAL MEASURES

Kat Gibson

Kat Gibson

Legal Director
DLA Piper

View Bio
DLA Piper logo

Kat Gibson

Legal Director , DLA Piper

Katherine is an employment practitioner in DLA Piper's London office. She advises employers across all sectors, including Banking, Transport and Life Sciences. Katherine worked in-house for a number of years before returning to private practice. She advises employers across both domestic and international employment matters and data privacy issues. She is experienced across all types of employment work, including litigation, transactional support and business protection. In addition, Katherine regularly advises clients on the data protection aspects of employment, including employee monitoring and cross-border data transfers. Katherine provides strategic and commercially aligned advice, assisting clients to achieve their objectives and manage risk.

  • What should you do to ensure continuing compliance?
  • Recent data breaches and how they could have been prevented
  • Common IT mistakes that could maximise your organisation’s risk of a breach

PREPARING FOR AND RESPONDING TO DATA BREACHES

Steve Wright

Steve Wright

GDPR Advisor and Interim DPO
Bank of England

View Bio
Bank of England logo

Steve Wright

GDPR Advisor and Interim DPO , Bank of England

In November 2018 I took up an interim position at the Bank of England to provide GDPR and privacy leadership. At John Lewis, I was fortunate enough to be in the unique position of reporting directly into the Group Financial Director (CFO), but answerable to the Board and Audit & Risk Committee. This empowered me to ensure that when it came to data privacy and data security compliance, I was able to set the strategy, policy, direction and the tone (rate) of change necessary to take that great British icon into its optimal position of leveraging the data it collects, whilst at the same time protecting the rights of customers and Partners, by ensuring legal and regulatory compliance, delivering and enhancing Privacy and Security capabilities - whilst ensuring Trust and Transparency remains at the heart of our fantastic Brands - Waitrose and John Lewis. I've spent more than 25 years learning in IT (the last 8 in Legal and Finance), but all the time designing, developing, managing (mainly people) and delivering transformational data governance, privacy and security programmes, but my role at John Lewis proved a great test of my skills. I believe that data (governance) lies at the heart of our society and everything is connected to this one common denominator = data. And as we know, data security and data privacy are inextricably linked - they share common objectives, threats and therefore require comprehensive safeguards (controls), legal compliance and assurances mechanisms - both for the Board,our Partners and of course our Customers. I am only human, and limited by human capacity, but I would hope you may share in some of my passions and philosophies.

  • Risk assessment strategies: where are you vulnerable?
  • Proactive strategies to minimise risk
  • Reporting requirements and procedures
  • Reputational fallout and other issues
  • Key elements of a robust incident management policy

Afternoon tea and networking

ENFORCEMENT AND COMPENSATION

Tim Rodgers

Tim Rodgers

Compliance and Information Governance Manager
Imperial College London

View Bio
Imperial College London logo

Tim Rodgers

Compliance and Information Governance Manager , Imperial College London

Tim Rodgers has been worked in ICT and information management for the last 20 years, 18 of which were spent in London local government. He has been a Data Protection Officer at two Councils and led on FOI, Records Management and Information Security Policy. He moved to Higher Education last year and leads for the ICT department at Imperial College London on GDPR, has implemented the information asset register, trains Information Asset Owners, reviews Data Privacy Impact Assessments as well as leading on information governance, risk, compliance and quality. He also chairs IG4HE, a networking group for IG professionals in London-based Higher Education institutions, and co-chairs the meetings of the JISC HE/FE Information Compliance group.

  • An update: recent cases and outcomes
  • ICO guidance on reporting breaches
  • Current enforcement examples

OUR GDPR JOURNEY

Clare Lakey

Clare Lakey

Policy and Process Manager
Imperial Brands

View Bio
Imperial Brands logo

Clare Lakey

Policy and Process Manager , Imperial Brands

Clare Lakey is an experienced international HR professional specialising in global change programmes. She is currently Policy and Process Manager for Imperial Brands PLC. Clare worked as an international business partner at Imperial, before joining their HR Transformation Team. The HR transformation involved implementing a global, cloud based HR system and standing up two shared service centres to support HR teams around the world. Clare’s role on the project comprised of implementing global policy, global processes and more recently bringing the HR operation back in-house. Clare now works on a wide range of continuous improvement HR projects, including implementing new technology and new legislation. One of her projects was to implement GDPR for HR and she continues to work closely with the legal team to ensure policies and processes are aligned to the new legislation. Clare lives with her family in Newport, South Wales.

Heidi Thompson

Heidi Thompson

Group Privacy Counsel
Imperial Brands

View Bio
Imperial Brands logo

Heidi Thompson

Group Privacy Counsel , Imperial Brands

Heidi Thompson is Group Privacy Counsel at Imperial Brands PLC, an international FTSE 100 Company based in Bristol. Heidi is a commercial lawyer and Chartered Company Secretary. Prior to Imperial, Heidi worked in large organisations and small, building experience in the practical application of data protection law. Since joining Imperial in 2013, Heidi has found herself working on an increasing number of projects with data protection implications. Almost three years ago, she took responsibility for Imperial’s GDPR Compliance Programme. As Group Privacy Counsel, Heidi now leads a virtual network of Data Protection Leads and Champions responsible for embedding data protection policy and processes across the business. Heidi lives with her family in Cheltenham.

  •  Our Plan
    • Policies and Processes
    • Communication
    • Privacy Centre
  • Our Learnings
  • Business as Usual

OUTSTANDING QUESTIONS AND WRAP UP

End of conference

Contact us to book or discuss our events & services

Phone icon 01983 861133
Email icon info@bfi.co.uk

In-house training

We can tailor this course to run in-house. Find out more

Go

Twitter

bit.ly/2vbvp8S desptite almost 50 years since the #equalpay legislation was introduced, we have this...

Reply Retweet Favourite

Exclusive offers

Get early bird offers, discounts and useful HR content straight to your inbox

By signing up you agree to our privacy policy