16th Annual Data Protection Compliance Conference


12th & 13th October 2017 - London, UK



Workshops  (Day 2 - Friday, 13th October 2017)


On the second day of the 16th Annual Data Protection Compliance Conference, Friday 13th October 2017, delegates choose two Workshops (one in the morning and one in the afternoon) that explore topics on the GDPR in-depth and work through real-life scenarios. Each Workshop is a practical analysis of specific issues realting to the New Regulation. Delegates will have the opportunity to ask questions and discover how preparations and individual issues are being dealt with at other organisations.

Each of the Workshops is run by one or more Industry Experts and considers practical and realistic case studies. The Workshops are interactive and each delegate is welcome to put questions to the Workshop leader and to discuss issues with other delegates.

Each Workshop is accredited by The Law Society with 3 CPD Points.


Timings for the Workshops Day

Morning Workshops
(9.30am - 12.45pm)
Afternoon Workshops
(2.00pm - 5.15pm) 
A. Preparing for Compulsory Breach Notifications (FULL) E.

Compulsory Documentation – What must be in place before May 2018? (FULL)


Data Protection Impact Assessments – New Requirements and Methodology (FULL)

F. Creating a GDPR Compliance Programme (FULL)

Personal Data – Preparing Organisations for the New Definition (FULL)


The New Role of DPOs (FULL)


Updated Rights and Their Implications for Organisations (FULL)


Handling Outsourcing and Data Processing Arrangements in the New Era (FULL)



Morning Workshops: 9.30 am - 12.45 pm


David DumontA.  Preparing for Compulsory Breach Notifications

(Full - places no longer available)

David Dumont - Hunton & Williams

Data security is now a key organisational risk. From May 2018, organisations will be required to notify serious data breaches to both national data protection authorities and individuals, except in a narrow range of circumstances. This session assesses the new breach notification obligations, including:

  • the types of incidents that will trigger notification
  • practical advice on how to prepare for mandatory breach notification, including incident response plans and opportunities to mitigate risk
  • implications for data processors
  • notifying regulators: what the ICO expects of organisations
  • the requirement for an internal breach register and how to maintain it
  • consequences of failing to notify


Nathalie Moreno, Lewis SilkinB.  Data Protection Impact Assessments – New Requirements and Methodology

(Full - places no longer available)

Dr Nathalie Moreno - Lewis Silkin

For the first time in European data protection law, impact assessments will be mandatory in many circumstances. This session looks at the practical implications of the new requirements, including:

  • understanding where DPIAs must be carried out
  • ways in which a DPIA can add value to your GDPR compliance programme
  • understanding regulator expectations and recommendations
  • how to go about conducting DPIAs


Damien Welfare, Cornerstone BarristersC.  Personal Data – Preparing Organisations for the New Definition

(Full - places no longer available)

Damien Welfare - Cornerstone Barristers

The definition of “personal data” is at the heart of data protection compliance, not least because information that is not personal data is not subject to data protection legal requirements. The GDPR alters and extends the definition in ways that are not always obvious to decipher. This session looks in detail at the practical implications of the new definition that will apply from May 2018, including:

  • the significance of the express inclusion of identifiers, location data and genetic information
  • the meaning of pseudonymisation and its benefits to organisations
  • the implications of the revised definition on the use of Big Data
  • the extension of sensitive personal data (known under the GDPR as ‘special categories of data’) to genetic and biometric information


    Heledd Lloyd Jones, Bird & Bird D.  Updated Rights and Their Implications for Organisations

    (Full - places no longer available)

    Heledd Lloyd-Jones – Bird & Bird

    Complying with the rights of individuals will continue to constitute an administrative burden on organisations under the new law. The GDPR both tweaks existing rights to make them more powerful, and creates new rights. The upgraded fining regime means that organisations will have a strong incentive to get things right when it comes to rights. This Workshop:

    • reviews enhancements to existing rights, such as access to personal data
    • considers the practical implications of new rights, including the right to erasure, the right to restrict personal data processing, the right to data portability and rights relating to profiling
    • explores ways in which organisations can prepare for the changes, including amending existing systems, staff training, maintaining more and different records and injecting greater transparency provisions



    Afternoon Workshops: 2.00 pm - 5.15 pm


    Peter Given, Bond DickinsonE.  Compulsory Documentation – What must be in place before May 2018?

    (Full - places no longer available)

    Peter Given - Bond Dickinson

    25th May 2018 is the deadline for GDPR compliance, not the starting point. From that date, additional and more extensive documentation must be in place as part of the “accountability” requirements. This Workshop looks in detail at the new requirements, and provides delegates with the knowledge and tools necessary to achieve compliance in their organisations, including:

    • what policies will need to be drafted, and the necessary content of those policies
    • how existing data protection statements and privacy notices will need to be altered and extended
    • what will need to be specified about the organisation’s security measures, and about how the organisation will respond to data breaches


    Jenai Nissim, TLT SolicitorsF.  Creating a GDPR Compliance Programme

    (Full - places no longer available)

    Jenai Nissim - TLT Solicitors

    Some organisations already have a data protection compliance programme in place. Others will see the impetus of the GDPR as a great opportunity to create one. In either case, a robust data protection compliance programme will be at the heart of demonstrating compliance with the GDPR from May 2018. This Workshop considers how to create a data protection compliance programme, including:

    • understanding the ‘accountability’ requirements under the GDPR
    • assessing what kinds of processes, procedures and organisational measures need to be in place in an organisation
    • getting engagement and buy-in from relevant senior stakeholders within the organisation
    • monitoring internal adherence with the data protection compliance programme


    Liz Fitzsimons, EvershedsG.  The New Role of DPOs

    (Full - places no longer available)

    Liz Fitzsimons - Eversheds

    For the first time, independent Data Protection Officers will be required in many organisations, with a legally defined role. Leveraging experience from the pre GDPR German DPO system, this session provides delegates with a detailed analysis of the new requirements, including:

    • the various DPO models
    • the need for DPOs to be included in key decision-making
    • required professional qualities and expertise
    • the meaning of ‘independence’
    • mandatory DPO tasks and responsibilities


    Bridget Treacy, Hunton & WilliamsH.  Handling Outsourcing and Data Processing Arrangements in the New Era

    (Full - places no longer available)

    Bridget Treacy - Hunton & Williams

    The GDPR will bring important changes to the relationship between controllers and processors, and some data protection obligations will apply directly to processors for the first time. Controllers and processors will need to review existing contractual provisions to ensure legal compliance and appropriate risk allocation under the GDPR. This Workshop analyses the practical implications of the GDPR for outsourcing and data processing relationships, including::

    • key contractual terms
    • cross border data flows
    • audit, internal compliance and data governance
    • risk management, including allocating risk via contractual provisions
    • implications for cloud computing




    Easy Ways to book

    • Book online
    • Book by telephone at +44 (0) 207 014 3399
    • Book by sending an This e-mail address is being protected from spambots. You need JavaScript enabled to view it



    Make a booking with PDP Training

    Sign up for PDP's Email Newsletter

    View conferences by:


    View the PDF
    16th Annual Data Protection Compliance brochure









    Hunton and Williams Logo






    One Trust



    PDP Journals logo



    Simon Hall

    “The updates on existing subjects were particularly useful.”
    David Pickersgill
    Johnson & Johnson

    “The networking opportunities were very good. Very useful. Will attend again.”
    John Pendleton
    Old Mutual

    “Very informative and well executed conference”
    Claire Robson
    Kent & Medway NHS Trust

    “The hotel facilities were excellent”
    Andrew Dyke
    Operation Mobilisation

    “This is a ‘must attend’ conference for anyone working in data protection compliance due to the quality of the information presented”
    Stephanie Allen
    Shop Direct Group

    “Very enjoyable day! Well worth attendance. Very good speakers.”
    Sarah Rudge

    “Great conference with diverse topics”
    Sara Ewen

    “The presentations were excellent and thought provoking”
    Catherine Bowen-Walker
    Close Brothers

    “A very well put together and well run conference”
    Helen Worthington
    Jerrold Holdings

    “This conference cannot be improved. Excellent!”
    Caroline Mair
    Registers of Scotland

    “A very useful and well organised conference”
    Alistair Browne
    British Council

    “Very useful, practical and thought provoking”
    Ben Moreland

    “The mix of speakers meant that a lot of ground was covered effectively.”
    Karen Russell
    British Arab Commercial Bank

    “As usual the Conference was very well organised”
    Paul Byrne
    British Airways

    Greg Steel

    “The conference content was excellent and thought provoking”
    Kim Walker
    Royal Air Force

    “Venue and conference organisation was once again excellent”
    Chris Roddie
    Carillion plc

    “I found all the presentations very useful. The discussion panel was excellent... thoroughly enjoyed this conference and would not hesitate on coming back”
    Scott McFarlane
    National Trust for Scotland

    “Overall, an excellent, informative and useful day. Well worth attending"”
    Colin Cluney
    Department of Finance and Personnel

    “All fantastic”
    Leslie Waghorn
    Virgin Media

    “Another excellent year - very current and topical"
    Stuart Gittings
    Eli Lilly and Co.

    “A very useful conference, a good broad range of speakers that were able to give practical advice"
    David Mayers
    Lisburn City Council

    “All topics very relevant – most particularly the bits about social networking and security breaches.”
    Jackie Evans
    South Wales Fire & Rescue

    “Once again a great conference, which gives me plenty to think about and implement!”
    Kevin Giles
    Glasgow Housing Association

    “Very useful conference”
    Alan White
    Pitney Bowes

    “Excellent. A well run event.”
    David Higginson
    ING Direct

    “Great venue, superbly organised, very professional.”
    Julie Barclay
    Gambro Lundia

    “Another excellent conference.”
    Lynn Young
    British Library

    “Excellent venue, delegate packs and catering. Very focussed, practical and relevant.”
    Albert Chan
    Greater London Authority