GDPR, e-Privacy and Cybersecurity Masterclass, 2019


This practical, high-level masterclass will drill down into the detail of the intertwined topics of GDPR, e-privacy and cybersecurity. Delivered by a panel of expert speakers with the highest credentials in these complex areas, including the former UK government’s lead lawyer in EU negotiations on GDPR talking about data protection and e-privacy in a post-Brexit world, an in-house lawyer’s view on GDPR compliance and a highly practical and slightly scary cyber-security workshop, among many other highlights.

£375.00 ex VAT

Early Bird Price until 28th February 2019.
Full Price: £450.00  ex VAT.

In stock

Event Details

Date: 02nd April 2019 ( 09:30 – 17:00 )

Venue: Central London



Very little legislation has caused as much confusion, consternation, misinformation and outright panic as the EU’s General Data Protection Regulation which came into effect on 25 May last year. Now that the dust has settled, we can review what it all means in the light of practical experience of the new regime and how it interrelates with both e-privacy and cybersecurity.

At this major one-day conference we have gathered together some of the top experts in these complex areas, and between them they will cover such topics as:

  • Data subject rights under GDPR and the e-Privacy Regulation: an update
  • The practical implications of GDPR for in-house teams
  • Some of the key drafting issues and common negotiation points for data protection clauses we commonly see in contracts, including those for controllers in common, joint controllers and controller-processor relationships
  • Where precisely are we with the EU e-Privacy Regulation?
  • Data protection impact assessments: a highly practical workshop session will consider a scenario and use the ICO’s sample DPIA template to analyse the key issues and decide whether the proposed activity can go ahead without the need for approval
  • The relationship between protecting business confidential information, personal information and securing internet risks
  • The future of data protection in the form of the journey to code
  • Brexit, data protection and e-privacy. Whatever happens with Brexit, this session will be adapted accordingly.
  • The day will end with what is likely to be one of the highlights – a workshop on cyber security with a specialist in this high profile, controversial and highly sensitive area

The conference will appeal to:

  • Private practice solicitors who need to keep up to date with the law and practice so as to be able to advise clients
  • In-house lawyers who have to advise on the implications for the corporates they work for
  • All those who are involved with compliance with the legal and practical implications

What will delegates take away from this conference?

  • A crystal-clear and detailed explanation about the complex relationships between GDPR, e-privacy and cybersecurity
  • A concise and accurate understanding of the common misconceptions about how GDPR and the Data Protection Act 2018 work in practice, from the use and mis-use of “consent”, to the role of the data protection officer and the right to be forgotten
  • Knowledge about the extent and consequences of cyber-attacks and how best to put in place defensive systems and strategies
  • An update on the latest position on e-Privacy and how the proposed Regulation is likely to impact on such matters as direct marketing (what’s permitted and what’s not), and the processing of metadata and cookies on users machines



Registration and refreshments


Welcome from the Chair, Robert Bond, Partner, Bristows and Neil Rose, Editor of Legal Futures


Opening Address: Investigation and enforcement action: What’s happened since May 2018?

Stephen Eckersley, Director of Investigations,  Information Commissioner’s Office


An update on data subject rights under GDPR and the e-Privacy Regulation

Valerie Taylor, Data Protection Consultant and Director, Privacy Solutions Ltd

  • Summary of new rights and changes to existing rights
  • Subject access – has GDPR breathed new life into this fundamental right?
  • Dealing with requests for erasure
  • Profiling and other marketing pitfalls
  • What impact does GDPR have on the right to claim compensation?


GDPR for in-house teams in practice and approaching compliance in the post-GDPR world

Emmy Hackett, General Counsel, Chief Compliance Officer and Data Protection Officer, SHL

  • Managing additional, on-going workload
  • Systems to track additional terms/documentation and its relationship to underlying contracts
  • Training for existing and new staff, creating additional materials
  • Interface with customer service, IT and sales for DSARs or Data Deletion requests
  • Market positioning with clients and prospects –  pros and cons of claiming you are “compliant”
  • Challenges around operating in multiple languages – DPOs for various jurisdictions and Brexit.


Refreshments break


Negotiating GDPR compliant clauses in technology and outsourcing contracts

Sam de Silva, Partner, CMS Cameron McKenna Nabarro Olswang LLP

  • The different types of data protection clauses we commonly see in contracts, including those for controllers in common, joint controllers and controller-processor relationships
  • Some of the key drafting issues and common negotiation points for data protection clauses
  • Use of the standard contractual clauses (model clauses) in contracts
  • The potential consequences of a “no deal” Brexit on data protection clauses


E-privacy regulation

Robert Bond, Partner, Bristows

  • What is the current draft?
  • Likely impact on Telcos and OTT providers
  • Impact on businesses and consumers
  • Implications for electronic marketing


Questions on morning session




Data protection impact assessments workshop session

Keith Markham, Solicitor

One of the key requirements of the General Data Protection Regulation and the Data Protection Act 2018 is the requirement for organisations to carry out data protection impact assessments (DPIAs) in certain circumstances. Under the previous rules, there was no such compulsory requirement and therefore many organisations will not have any previous experience of what a DPIA entails. Failing to carry out a DPIA when required to do so could lead to enforcement action.

During this workshop, participants will be asked to consider a scenario and use the ICO’s sample DPIA template to analyse the key issues and decide whether the proposed activity can go ahead without the need for approval by the ICO. Key issues discussed will include:

  • Identifying the need
  • Describing the processing
  • Assessing necessity and proportionality
  • Identifying risk
  • Mitigating risk
  • Liaising with the ICO


Trade secrets and cybersecurity

Robert Bond, Partner, Bristows

  • NIS Directive and the focus on securing internet risks
  • BYOD and social media risks in the workplace
  • The need to revise Acceptable Use policies and review protection of intellectual property
  • The relationship between protecting business confidential information and personal information
  • Monitoring in the workplace and PropTech


The Journey to Code – the future of data protection

Stewart Room, Partner, Joint Global Head of Data Protection and Global Legal Services Leader, PricewaterhouseCoopers LLP

The legal and regulatory framework for Data Protection was born of a fear in the late 1960s that new technologies and data processing techniques could harm rights and freedoms, particularly through propaganda and surveillance. This fear demanded a principles-based reaction, whereby the technologies, data and processing activities themselves would provide controls to mitigate the risks.

Fast forward to 2019, to a world of technological and data-driven innovations that was hard to imagine when concepts of data protection were first formulated 50 years ago: AI, Augmented Reality, robotics, biometrics, Big Data and Massive Cloud. Are we now any nearer to the goal of delivering Data Protection Outcomes in the technology, data and processing layers of our organisations? Or are we stuck in a time when our investments are focused mainly on the paper and organisational layers? Has the GDPR moved the dial, or will real change be dependent upon adverse scrutiny homing-in on a technological and data deficit, or another driver to change of values?

In this session, Stewart Room, PwC’s Data Protection Leader, will explain why we are on The Journey to Code and will set out the implications for organisational readiness.


Refreshments break


Brexit : data protection and e-privacy

Eleonor Duhs, Director (Barrister), Field Fisher

Depending on the position on Brexit, this talk will cover one of the following in relation to data protection and e-privacy:

  • The withdrawal agreement, the transition period and the UK-EU future relationship;
  • Consequences following a no deal UK exit from the EU; or
  • Brexit postponed – what next and how to deal with the ongoing uncertainty.


Cybersecurity workshop session


Questions on afternoon session


Closing remarks


Chairman: Robert Bond, Bristows

Robert Bond is a Partner with Bristows LLP and is a solicitor, notary public and a certified compliance and ethics professional. He has nearly 40 years’ experience as a legal expert and author in the fields of e-commerce, computer games, media and publishing, data protection, information security and cyber risks. Robert has specialised in data protection and information security law since 1983. He is a director of the UK Safer Internet Centre and South West Grid for Learning, a board member and secretary of the Society for Corporate Compliance and Ethics, chairman of the Governance Board of the Data Protection Network, a founder member of the UN Global Pulse Privacy Advisory Group and an ambassador for Privacy by Design. He is named in the National Law Journal’s list of 50 governance, risk and compliance trailblazers, listed in the top 10 in “Who’s Who of Information Technology Lawyers 2014” and in “Who’s Who Legal TMT 2017“, “Best Lawyers in UK in the practice area of Information Technology Law 2017“.


Stephen Eckersley, Information Commissioner’s Office 

Stephen Eckersley is the Director of Investigations at the Information Commissioner’s Office (ICO) and has responsibility for leading a number of teams in the Investigations Directorate. In his role he has led high-profile and ground-breaking investigations into cyber-security incidents, including Talk-Talk, Equifax, Uber and Yahoo! and more recently the investigation into the Facebook/Cambridge Analytica case. Prior to joining the ICO in 2011 he served 30 years with Greater Manchester Police achieving the rank of Detective Chief Inspector and led numerous complex homicide and other major crime investigations.


Eleonor Duhs, Field Fisher

Eleonor is a Director in Fieldfisher’s privacy, security and information law team.  She was the UK government’s lead lawyer in EU negotiations on the General Data Protection Regulation (GDPR). Eleonor has extensive, in-depth knowledge of the GDPR, having represented the UK in meetings in Brussels. She drafted text for inclusion in the legislation, and worked with the European Commission, representatives from other EU member states, regulators and stakeholders to develop the regime. She also has extensive experience of advising the UK government on data protection and information law issues, including compliance and risk in high profile projects.


Emmy Hackett, SHL

Emmy Hackett is General Counsel, Chief Compliance Officer and Data Protection Officer for SHL, based in London. SHL is a 40+ year old global people insights company providing scientifically rigorous assessments across the employee journey from recruitment through development. The enactment of the General Data Protection Regulation and Brexit are two major projects that she leads at SHL, in addition to overseeing commercial legal support and procurement. Prior to joining SHL, she was the Deputy General Counsel for International at V.C.E., a joint venture between Cisco and EMC, bringing converged computing infrastructure to the market. Emmy previously worked for a US law firm engaged in copyright, trademarks and other intellectual property matters


Keith Markham, Solicitor and Trainer

Keith Markham qualified as a solicitor in 2001 and now works as a freelance training consultant. Initially working in private practice, in 2004 he moved in-house at the BGL Group, a major insurance intermediary. During his time there Keith advised extensively on all areas of data protection. In 2007, Keith joined BPP Professional Education, and worked there as both an in-house lawyer dealing with data protection and commercial contracts and also as a presenter of training courses before ultimately deciding to specialise in delivering training and becoming a freelance training consultant in 2009. Drawing on his considerable experience Keith has designed and delivered a wide variety of training on topics relating to data protection and commercial law to lawyers and non-lawyers alike. He is also currently involved in a number of GDPR compliance projects.


Stewart Room, PwC UK

Stewart Room, CIPP/E, is a Partner at PwC UK. He is the global leader of the cyber security and data protection legal services practice, the joint global leader of the multi-disciplinary data protection practice, and the UK data protection practice leader. He has more than 25 years of experience as a barrister and solicitor, focusing for the majority of this time on data, technology and communications. Stewart specialises in the field of data protection, information management and cyber security, including programme design and delivery, the commercial exploitation of data, the security of data, regulatory investigations and litigation arising from the misuse of data. He is rated as a leading individual in data protection by legal directory Chambers UK. He is the President of the National Association of Data Protection Officers and the editor of the Cyber Security Practitioner journal. He has written a number of textbooks on information law and is regularly quoted in the press. He is a past winner of the Financial Times Innovative Lawyer of the Year award.


Sam de Silva, CMS Cameron McKenna Nabarro Olswang LLP

Dr Sam De Silva is a Partner in the London office of CMS Cameron McKenna Nabarro Olswang LLP. Sam specialises in data privacy and cyber-security issues and in advising on complex and strategic IT and telecommunication projects. Sam is both the UK solicitor representative on the EU Commission’s Expert Group on Cloud Computing Contracts and on the IT Law Committee of the Bars and Law Societies of Europe. Sam is also on the Data Law Committee of the City of London Law Society and is a former chair of the Law Society’s Technology and Law Committee. Sam is the co-convenor of an international Working Group developing a new ISO Standard on the management of legal risk. He is recognised as a leading individual for IT and data protection in Legal 500 and Chambers & Partners directories. Sam is also named in Who’s Who of Data Privacy and Protection 2018, the Who’s Who of Data Security 2018 and the Who’s Who of Information Technology 2018 as one of the world’s leading lawyers in those areas of law. In addition Sam has been listed in Who’s Who Legal: Thought Leaders – Global Elite 2018.


Valerie Taylor, Privacy Solutions Ltd

Valerie is qualified solicitor and seasoned professional, well known in the field of data protection. Having qualified as a solicitor at Clifford Chance, she moved to the Royal Mail Group where she was the principal legal advisor on data protection. She has worked as an independent data protection consultant since 2002, and was one of the first lawyers to move into DP consultancy. She advises organisations of all kinds on data protection and related legislation. Her work includes strategic planning and risk management, compliance programme design and implementation, audits and gap analysis, producing policies and procedures, and devising and running training and awareness campaigns.



Central London

Venue to be confirmed