BFI : logo

GDPR Planning & Preparation Conference for Employers (8th Edition) London - SOLD OUT - Rerunning Manchester 22.2.18 and London 15.3.18

Date Thursday 08 February 2018
Venue London - Danubius Hotel Regents Park, London NW8 7JT
 

This event has just sold out for the 8th time however we are happy to confirm there are two further opportunties to attend:

22nd February - Manchester

15th March - London

 

AGENDA

0900 Coffee & Registration

0930 Chair’s welcome
Rowenna Fielding

Data Protection Lead
Protecture Limited

0935 OPENING ADDRESS
• Summary and clear understanding of mandatory changes
• What is the scope of the change and how is it likely to impact business?
• What are your obligations?
• Analysing your current position: how and why
• Raising awareness and communicating the complexity and challenges internally and externally
James Leaton Gray
Director
The Privacy Practice

1005 LEGAL
• Definitions of core GDPR principles and terms
• Guidance: GDPR law, ICO, ISO 27001, DPIA
• Cross border data transfers
• Member states: overview of differing local laws that may impact your organisation
• Data processor/ Data controller
• Accountability
• Liability: fines, scale and processor responsibilities
o The need for data-mapping/ record keeping/privacy policies/ 3rd party processes audit: the risks of not doing these
• DPO
o Do you need one?
o Defining roles and responsibilities
o Identifying and mitigating potential conflicts of interest (The importance of a good hire)
Adam Rose
Partner
Mishcon de Reya

1045 Coffee

1105  CASE STUDY: THE ACCENTURE STORY
• Cultivating a culture of Privacy
• Training initiatives: Hackerland revealed
• How can GDPR become an opportunity rather than a compliance process? From data to insight to growth & truly human
• From customer trust to even greater employee trust
Diana Barea
Managing Director
Accenture Strategy

1145     CASE STUDY: RNLI’S PLANNING AND AUDIT APPROACH
• Auditing your current processes: establishing scope and content of the assessment
• Defining the actions to focus on to optimise time and resources
• Conducting an impact assessment: checks and potential implications to your organisation
• Identifying and mitigating the optimum areas of privacy risk: component parts and the best order in which to tackle them
• Auditing your 3rd party data processes
• Review, prepare, plan: action plan to identify and establish project group and management
• Management buy-in: responsibility and scope
• Practical solutions and approaches
Thomas Payne
Data Analyst
RNLI

1225 HR
• Training programmes: who, how, what and when?
• Privacy notice inclusions
• Consent issues
• Right to be forgotten: the implications
Kat Gibson
Employment and Data Protection Solicitor
DLA Piper

1305 Lunch and Networking

1405 CASE STUDY: IMPERIAL BRANDS PROCESS AND POLICY APPROACH
• The importance of a privacy policy
• Understanding the scope: identifying all your processes and documents
• Identifying other business areas to involve and tips to ensure top-down buy-in
• Crucial IT systems changes to plan for
• Cyber security: importance and implications
• Identifying and establishing new security level requirements across the organisation
• 3rd party data: processes and policy
• The dynamics of outsourced relationships: outsourced contract requirements and obligations
• How to change supplier contracts with minimum cost and disruption
• The process register
• Evidence to demonstrate compliance
• Working with other businesses: key areas to concentrate on
Nigel Watson
Project Governance Manager and GDPR Project Manager
Imperial Brands

1445 CASE STUDY: VODAFONE'S GLOBAL GDPR PROGRAMME
• Getting top down buy-in for a global transformation programme
• Management and structures
• HRs crucial role in compliance
Amanda Chandler
Global Privacy Manager
Vodafone Group Services Limited

1525 Afternoon tea

1545 SECURITY – PERSONAL DATA LOSS, MISUSE AND THEFT
•  GDPR security requirements – recap and overview
• Insider threats
•  Third party vendor/service provider risks
• Breach reporting obligations, timelines and penalties
•  What needs to be reported?
• What are the exceptions to this rule? E.g. encryption
•  Case study examples
Annabelle Gold-Caution
Technology and Privacy Lawyer
Fieldfisher

1625 PANEL – EXTENSIVE Q&A OPPORTUNITY

Nigel Watson, Project Governance Manager and GDPR Project Manager, Imperial Brands

Annabelle Gold-Caution, Technology and Privacy Lawyer, Fieldfisher

Amanda Chandler, Global Privacy Manager, Vodafone Group Services Limited

1655-1700 Closing remarks and end of Conference