BFI : logo

GDPR Planning & Preparation Conference - EVENT NOW SOLD OUT - RE-RUNNING 29/6/17 Manchester and 5/7/17 London

Date Wednesday 31 May 2017
Venue London - Danubius Hotel Regents Park, London NW8 7JT


David Smith

As one of two deputy commissioners, David was responsible for ensuring the Commissioner’s data protection policies and activities strengthened public confidence in data protection, while, at the same time,  making sure the regulatory requirements for organisations wanting to handle personal information in the right way were easy to understand and straightforward to put into practice. 

David represented the ICO in the Article 29 Working Party of European Supervisory Authorities set up under the Data Protection Directive and worked closely on the soon-to-be released General Data Protection Regulation.

His wealth of experience and knowledge about data protection policy and enforcement bolsters Allen & Overy’s existing data protection team in London, which is led by partners Jane Finlayson-Brown and Nigel Parker, at a time of significant regulatory change and growing client demand for advice and support in this fast moving area.

View full biog

Heledd Lloyd-Jones

Heledd has many years' experience of advising clients across all sectors on data protection and freedom of information issues.

Heledd is an associate in our Privacy and Data Protection Group, based in London.

She has particular expertise in the management of complex information requests, having acted for clients both in the courts and in the Information Tribunal in connection with disputed requests. She also provides non-contentious advice on general data protection compliance, data security breach management, international data transfers and contractual matters. She has a special interest in data protection challenges arising in the fields of healthcare provision, health regulation and life sciences.

Heledd regularly delivers external and internal seminars and training on data protection and privacy issues.

She has been a course director for British Computer Society accredited training in data protection law and freedom of information law since 2005.

View full biog

Katherine Gibson

Katherine is a Legal Director in the Employment Department in DLA Piper's London office.
Katherine has worked in-house for a number of years; initially working in an EMEA role for a global telecoms company and then in a UK role for a major global brand.
Katherine moved back to private practice in March 2013, after almost six years in-house.  Katherine advisers employers across both domestic and international employment and labour law matters.  
She advises employers across both domestic and international employment matters.  Katherine is experienced across all types of employment work, including litigation, transactional support and business protection (such as restrictive covenants, confidentiality agreements and litigation regarding breach of the same).
In addition, Katherine regularly advises clients on the data protection aspects of employment, including employee monitoring and cross-border data transfers.  This includes preparation for the new GDPR regime, coming into force on 25 May 2018.
Katherine aims to provide strategic and commercially aligned advice, assisting clients to achieve their objectives and manage risk.  She advises employers across all sectors, but particularly Technology, Aviation, Hospitality and Leisure (including Sport), Banking/Financial Services and Life Sciences.



View full biog

Carl Gottlieb

With 15 years’ experience in the field, Carl Gottlieb is an expert in Data Protection and Cyber Security, and is commonly referred to as “The GDPR Guy” by his consultancy clients. Carl’s consultancy company Cognition Secure provides a range of Data Protection Services and is currently engaged in a multitude of GDPR compliance projects.
Carl also hosts the GDPR dedicated blog and podcast, “The GDPR Guy” (, to help organisations comply with the General Data Protection Regulation, providing information, insights and inspiration to help on the GDPR journey.
Carl is regularly interviewed in the media on data protection matters, and appears most commonly on Sky News and LBC Radio.

View full biog

Iain Heron

Iain is an Information Architect with 20 years’ experience in IT. He is an expert communicator who places the customer at the centre when designing information architectures, placing particular care on improving user experiences.

Iain delivers Information Strategy based on whole life cycle management of information assets, and Information Governance based on broad experience of assessing and implementing legislation and standards (e.g. DPA, ISO 9000) in verticals including Financial Services, Telecoms, Public Sector, Petrochemical, and Nuclear. Iain has a deep understanding of Process and Business Architecture.

His Data Architectures (and general organisation) are underpinned by Library Science, enabling expert Classification Scheme, Metadata and Reference Data design. Iain also has extensive experience of knowledge transfer, including Training, Mentoring and Knowledge Management methods and is proactive in setting a strong personal example to elicit high standards from others.

Iain is currently leading the GDPR compliance programme at QBE.

View full biog

Paula Barrett

Paula is the international head of the privacy and information law group at Eversheds-Sutherland, and also leads on their international e-commerce work.

With a strong background in information technology law, Paula has developed extensive experience in data protection/privacy law domestically and internationally. She is currently advising on data protection compliance issues in 60+ countries around the world and our data protection practice is independently ranked by Chambers as being amongst the best in the UK.

Paula's recent experience includes advising:

-on the data protection compliance steps required to implement centralised HR and CRM system or shared service centres globally in EMEA, North & South America and Asia-Pacific.

-clients on their data security breach reporting obligations in the UK and internationally, including representing clients in their communications with the ICO and other regulators

-successfully defending clients in response to proposed enforcement action by the ICO.

on the privacy issues arising from proposed implementation of cloud computing solutions including consideration of Patriot Act, ITAR and similar issues.

Paula is noted in Chambers as "an incredible lawyer - practical, knowledgeable and able to assemble a great team." She is noted for her cross-border expertise in this field.

View full biog

Georgina Lawrence

My areas of expertise are privacy, security and information law.

I regularly provide advice to clients (from start-ups to global companies) on data protection compliance, including:

- internal data protection compliance requirements (drafting policies and assisting with the implementation of procedures);
- external data protection compliance requirements (notifying data protection authorities, negotiating with third parties and drafting data processing and data sharing agreements); and
- international transfers and required safeguards (drafting data transfer agreements, assisting with safe harbor certifications and binding corporate rules applications).

I provide advice to clients regarding suspected/actual data security breach situations, including notifications to data protection authorities, analysing the data and liaising with affected individuals.

In addition, I regularly advise clients on the steps they should take in order to carry out direct marketing, profiling and social listening in a compliant manner. I also have experience handling subject access requests for clients and requests under the Freedom of Information Act and the Environmental Information Regulations, including liaison with the Information Commissioner's Office.

View full biog