GDPR Employee Data Conference for Employers: An Essential Update
Danubius Hotel Regents Park , 18 Lodge Road, St. John's Wood, London NW8 7JT
THIS EVENT HAS NOW PASSED. CLICK HERE TO SEE FULL LIST OF UPCOMING EVENTS ON OUR HOMEPAGE
The implementation of the GDPR in May 2018 has forced employers to rethink how they process and store data, and in some cases, to transform workplace culture in order to comply. A recent survey indicated that 12 months on, one in three UK companies were still not fully GDPR compliant.
Registration fee: £395 + VAT
All dates and locations:
Wednesday 16th October - London
Employees and other staff members are increasingly aware of their Data Protection rights, and the numbers of staff, consultants and agency workers requesting SARs is increasing. Does your HR function have the knowledge and policy to manage this? Most organisations still need to learn how to minimise the costs and difficulties of managing SARs.
The ICO is recording a huge rise in complaints, and the punitive measures for non-compliance are serious. Alongside sizable fines, there is also the risk of prosecution and damage to your organisation’s reputation and shareholder value.
This event, building on several year’s delivery of successful GDPR preparation events, draws on unparalleled expertise and experience in this tricky area to deliver a comprehensive programme to ensure your staff can spot potential data protection issues and implement solutions before the problem grows.
Attendees will learn how to avoid costly employment disputes and take steps to protect your organisation through a thorough review, preparation and implementation of workable policies.
This critical update follows 12 GDPR planning and preparation conferences for employers, and 8 workshops across the UK featuring the most respected practitioners and lawyers in this space.
What you will learn:
- Key policy changes and a comprehensive checklist of potentially vulnerable areas
- A thorough understanding of content, processing, transfer and disposal: have you done enough?
- How to implement a data protection assessment
- Clarification of difficult areas such as special categories, agency workers and consultants
- Lessons from the latest cases and rulings: enforcement and compensation
- Key technical measures to implement
- How to plan for and respond to a data breach
- A comprehensive policy and practice checklist you can implement in your own organisation
Past GDPR Conference delegates said:
“Speakers were very knowledgeable, was well delivered and the sessions were engaging.”- Dept of Work & Pensions
“Speakers were informative, professional, very engaging and tailored it well to the audience.”- Office for National Statistics
“Excellent”- Skipton Building Society & Imperial Brands
Which functions will benefit from attending
- HR, Pay roll, HR Operations and Admin, Security and Compliance, HR Information Services Management
Hear from
Schedule
Coffee and registration
CHAIR’S INTRODUCTION AND ESTABLISHING LEARNING OBJECTIVES AND OUTCOMES
Rowenna Fielding
Senior Data Protection Lead , Protecture Ltd
Rowenna works as a Data Protection Lead for Protecture (protecture.org.uk). Being hugely enthusiastic about data protection, she is also on the executive committee of the National Association of Data Protection and Freedom of Information Officers (NADPO) as well as being a member of a variety of professional associations related to privacy, information security and records management. Rowenna holds the ISEB Certificate in Data Protection and the IDM GDPR Award.
CRUCIAL POLICY CHANGES AND UPDATES: A CHECKLIST
Rowenna Fielding
Senior Data Protection Lead , Protecture Ltd
Rowenna works as a Data Protection Lead for Protecture (protecture.org.uk). Being hugely enthusiastic about data protection, she is also on the executive committee of the National Association of Data Protection and Freedom of Information Officers (NADPO) as well as being a member of a variety of professional associations related to privacy, information security and records management. Rowenna holds the ISEB Certificate in Data Protection and the IDM GDPR Award.
- Evaluating where your organisation should be now
- Common mistakes and misunderstandings
- What to expect from the ICO
- E-privacy and regulation: the implications
- Enforcement and the latest industry developments
- Cases and lessons learned
DIFFICULT AREAS TO CLARIFY
James Leaton Gray
Consultant , The Privacy Practice
At the Privacy Practice James provides consultancy services in Data Protection and Privacy. A leading thinker in the policy debates in this vital arena, he is regularly invited to address conferences in the UK and internationally. He specialises in making compliance part of business operations, not a legal tick box exercise. He writes the Privacy Practice Blog shining light onto current issues in Privacy. He is also an associate of Kemp Little Consulting (KLC) a new type of consulting firm operating at the intersection of technology, law and consulting. For KLC his role is to help develop and provide privacy and data related services. For over 10 years James lead the BBC’s Information Policy and Compliance Department, in the BBC's Legal section. There he oversaw the operation of the Corporation’s systems for compliance with the Data Protection and Freedom of Information Acts. Before he left the BBC he led the development of privacy and data governance for myBBC as it developed its big data capability. Additionally he provided expert advice on media and privacy and lobbying on the proposed EU GDPR. James worked in broadcasting, mainly for the BBC, for over 30 years. He has worked on a wide variety of management roles including overseeing projects to ensure the BBC’s impartiality during elections and the introduction of staff multi-skilling in areas of BBC News. Before joining the Legal Division he was a programme maker and spent much of his time in political journalism. He edited many of the BBC’s Political and Parliamentary programmes. He has an MBA specialising in strategy.
- ‘Special categories’ of personal data
- Criminal convictions
- Age verification for online services to children
- Establishing Appropriate Policy Documents: procedures for complying, policy on retention and erasure of data – stand-alone vs combined documents
- Consultants and agency workers
Morning coffee and networking
DATA SUBJECT ACCESS REQUESTS (DSAR'S)'
Olivia Sinfield
Associate Director , Osborne Clarke
Olivia has more than fifteen years’ experience of advising employers and senior executives in the full range of contentious and non- contentious issues arising during the employment life cycle. Olivia re-joined the Osborne Clarke London employment team in 2016 having worked for a niche employment law practice for the previous seven years. This has provided her with an additional perspective having advised both employers and employees. Prior to that, she worked for five years at Osborne Clarke joining from another international law firm. Olivia has extensive experience in advocacy in the Employment Tribunal having represented Respondents and Claimants at preliminary and full hearings. She has also participated in the Judicial Shadowing Scheme. Olivia is experienced in dealing with a wide range of employment issues but has particular experience in: • HR data protection and privacy issues; • Employment Tribunal litigation including bonus claims; • Restrictive covenants and injunctions; • Restructuring and collective redundancies; • Business critical issues including board disputes, change management and discrimination claims. Olivia has a particular interest, and experience, in providing legal and HR training to HR departments and managers in a broad spectrum of employment issues. Olivia prides herself on giving practical and accessible, user friendly, ‘no nonsense’ pragmatic and commercial advice. Olivia is a member of the Employment Lawyers’ Association and a regular media contributor in respect of HR data protection issues and considerations.
- What's new since the GDPR and DPA 2018?
- How should you react to a SAR and when can you say no?
- What constitutes an ‘complex request’?
- When can you extend the response time?
- What are the repercussions? Staff training; policy amends; streamlining systems; record-keeping; form of responses.
- Top tips for dealing
YOUR DATA MAP’S MISSING PIECE: WHY THIRD-PARTY RISK MANAGEMENT IS KEY
Dave Horton
Solutions Engineering Manager, CISSP, CIPP/E, CIPM, , OneTrust
Dave Horton serves as a Solution Engineering Manager at OneTrust – the #1 most widely used privacy, security and third-party risk technology platform. An experienced professional with 14 years in enterprise data protection and security engineering, solution architecture and implementation for some of the most secure and scalable companies in the world. A frequency speaker at industry events, he provides deep insight into regulatory issues and practical approaches to compliance. Dave is a Certified Information Systems Security Professional, Certified Information Privacy Professional (CIPP/E and CIPM) and holds a 1st class honours degree in Computing Systems.
- Breakdown the importance of incorporating an additional layer of vendor risk detail to your data map
- Utilize third-party vendor risk management to maintain oversight and add business context to your data map
- Takeaway tips for keeping your data map evergreen and up-to-date
OUTSTANDING QUESTIONS AND WRAP UP
Lunch and networking
OTHER RIGHTS
Gayle McFarlane
Partner , Eversheds Sutherland
Gayle is a technology partner at Eversheds Sutherland, specialising in all things data. She has a wealth of experience in working and building relationships with in-house teams, corporate counsel, procurement and compliance teams. Gayle’s approach to data reflects its value to both those to whom it relates, and the businesses who process it. She helps organisations protect, control – and even leverage and disclose – data within the complex compliance and ethical regimes which apply, considering personal data protection, rights, freedom of information and data and infrastructure security (including cyber threats). She has a particular interest in new technologies and novel uses of data (particularly the growing industry around biometrics) and supports clients in undertaking data protection impact assessments when implementing new systems. She takes a commercial and pragmatic approach to complex legal situations, making sure that business objectives are achieved, and relationships and rights maintained, as well as developing a culture of compliance and assuaging risk.
- The ‘right to be forgotten’: latest case law and guidance
- The cost of non-compliance
- Disciplinary warnings and records: clarifying the law
- Personal data erasure, rectification, portability Updating: grounds for objecting to processing: where do you stand?
- Data protection impact assessments
- What is it and how does it differ from Privacy Impact Assessment?
- Scope and timing of implementing a DPIA
TECHNICAL MEASURES
Katherine Gibson
Legal Director , DLA Piper UK LLP
Katherine is an employment practitioner in DLA Piper's London office. She advises employers across all sectors, including Banking, Transport and Life Sciences. Katherine worked in-house for a number of years before returning to private practice. She advises employers across both domestic and international employment matters and data privacy issues. She is experienced across all types of employment work, including litigation, transactional support and business protection. In addition, Katherine regularly advises clients on the data protection aspects of employment, including employee monitoring and cross-border data transfers. Katherine provides strategic and commercially aligned advice, assisting clients to achieve their objectives and manage risk.
- What should you do to ensure continuing compliance?
- Recent data breaches and how they could have been prevented
- Common IT mistakes that could maximise your organisation’s risk of a breach
Afternoon tea and networking
PREPARING FOR AND RESPONDING TO DATA BREACHES
Sara Newman (CISA)
Practice Lead , Securys Ltd
Sara Newman is a Co-founder and Practice Lead at Securys, a specialist data privacy and information security consultancy based in London. Passionate about organisational change, Sara is a Certified Information Systems Auditor and a PRINCE2 and ITIL practitioner; she's held a number of senior roles including Head of Service Operations in IT outsourcing, where she managed resources, clients, project and processes; Interim COO at an event registration, ticketing and intelligence company; IT director at a top 25 accountancy firm and Operations Director at an independent cloud-focused consultancy.
Cathy Bostock
Group DPO , Anglo American
Cathy has global responsibility for Data Protection for the Anglo American Group. This involves leading a multi-functional change programme to get people from across HR, Sales & Marketing, Health & Safety, Corporate Relations and IT (amongst others) to think about and treat personal data in compliance with applicable privacy legislation and to high ethical standards. Cathy is accountable for the development and implementation of policies and procedures, mapping and remediation of personal data processing activities, training & communications, provision of data privacy advice to the business, ensuring data subject rights requests are responded to appropriately, and overseeing personal data breach response activities. Prior to joining Anglo American, Cathy worked in management consulting, providing Risk & Compliance advisory support to FTSE100 and central government clients.
- Risk assessment strategies: where are you vulnerable?
- Proactive strategies to minimise risk
- Reporting requirements and procedures
- Reputational fallout and other issues
- Key elements of a robust incident management policy
ENFORCEMENT AND COMPENSATION
Tim Rodgers
Compliance and Information Governance Manager , Imperial College London
Tim Rodgers has been worked in ICT and information management for the last 20 years, 18 of which were spent in London local government. He has been a Data Protection Officer at two Councils and led on FOI, Records Management and Information Security Policy. He moved to Higher Education last year and leads for the ICT department at Imperial College London on GDPR, has implemented the information asset register, trains Information Asset Owners, reviews Data Privacy Impact Assessments as well as leading on information governance, risk, compliance and quality. He also chairs IG4HE, a networking group for IG professionals in London-based Higher Education institutions, and co-chairs the meetings of the JISC HE/FE Information Compliance group.
- An update: recent cases and outcomes
- ICO guidance on reporting breaches
- Current enforcement examples
OUTSTANDING QUESTIONS AND WRAP UP
End of conference
Event sponsored by
OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust’s three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit OneTrust.com or connect on LinkedIn, Twitter and Facebook.
Contact us to book or discuss our events & services
01983 861133
info@bfi.co.uk