This webinar discusses the challenges organisations continue to face in meeting their data protection obligations during the COVID pandemic, examines how organisations have reacted and adapted to the crisis and looks at what needs to be done in respect of reviewing systems and processes to ensure acceptable levels of compliance in ‘new normal’.
In an unprecedented period for all organisations the challenge of meeting good standards in data protection laws and regulation has been acutely challenging. Protecting privacy is made more complicated by both the processes and the consequences of the fight against COVID. This has been explicitly acknowledged by the Information Commissioner’s Office when stating that organisations are trying to operate during uncertain and challenging times and that the ICO will adjust its regulatory approach accordingly.
What does this all mean in practice and what should compliance look like now and as the country takes steps towards emerging from pandemic? The discussion will focus on the lessons learned, both positive and negative. It will examine the two phases of the privacy challenge – reacting to the crisis and systems and processes post-crisis. In responding to COVID what has been necessary when acting with speed, what has been the minimum to do, how and why has light touch risk assessment been necessary and how has ‘privacy by design’ been reflected? Post-crisis how can what is necessary and proportionate be effectively achieved?
Jenny Brotchie will outline how the ICO views privacy protection during pandemic and what it expects as we emerge toward more normal practice. David Goodbrand will discuss the challenge of remaining compliant during pandemic and preparing for what’s next. Tim Musson will reflect on what is necessary in conducting a deep dive review of privacy compliance to examine processes during pandemic and to adjust those processes to post-pandemic.
Key points
Senior Lecturer in Public Sector Finance and Chief Advisor of Studies
Adam Smith Business School, University of Glasgow and Secretary, BAFA Scotland
Regional Manager, Scotland
Information Commissioner’s Office
Partner
Burness Paull
Managing Director
Computer Law Training Ltd
Lynn Bradley
Senior Lecturer in Public Sector Finance and Chief Advisor of Studies
Adam Smith Business School, University of Glasgow and Secretary, BAFA Scotland
Lynn Bradley is an accountant with more than 30 years’ experience of working in the Scottish public and private sectors. She was formerly the Head of Finance for West Dunbartonshire Council, where her responsibilities included local tax collection. More recently, she was Director of Corporate Programmes & Performance with Audit Scotland. She is a former chair of CIPFA in Scotland and a former chair of the Local Authority Accounts Scotland Advisory Committee. She is currently a University teacher in the Adam Smith Business School at Glasgow University, where she specialises in audit, risk and control.
Jenny Brotchie
Regional Manager, Scotland
Information Commissioner’s Office
Jenny has been with the ICO Scotland team since 2018. In that time she has worked with a wide range of stakeholders from across the private, public and third sector providing advice and guidance on a issues and policy proposals ranging from law enforcement processing to data sharing with the third sector. She has a particular interest in ensuring that the processing of personal data benefits the most vulnerable in society.
Prior to joining the ICO Jenny worked at the Carnegie UK Trust managing a variety of policy advocacy and research projects including those centred on public service reform and evidence based policy and practice. She has also held a number of third sector roles focused on sustainability.
A biologist by training Jenny has spent time in molecular biology research labs and has always had a love of data!
David Goodbrand
Partner
Burness Paull
David is a partner in the Burness Paull Technology & Commercial team. As a lawyer he specialises in advising clients on outsourcing arrangements, IT projects, IP licensing, complex commercial contracts, fintech and the use of information.
Tim Musson BA
Managing Director
Computer Law Training Ltd
After many years’ experience as a lecturer in diverse areas of computing in the Scottish university sector and completing a programme of study for Master of Laws degree (LLM) in IT and Telecoms Law, Tim founded Computer Law Training Ltd. He has been supporting businesses, charities and institutions in areas of information security and data protection (GDPR) as well as providing Data Protection training and CPD for lawyers, accountants and similar professions.
Until recently Tim was Convener of the Law Society of Scotland’s Privacy Law Committee, which deals with issues around data protection and other aspects of privacy, responding to consultations on new legislation proposed by the Scottish Parliament, the UK Parliament, the European Parliament and other bodies. He held this position for over 6 years. He was also a member of the Law Society of Scotland’s Technology Law and Practice Committee. He is a Certified Information Privacy Professional/Europe (CIPP/E), a Certified Information Privacy Technologist (CIPT) and is certified by APMG International to deliver the ‘Certified GDPR Practitioner‘ course.
Tim can be contacted: tim@computerlaw.org.uk
Book delegate places or purchase video recording.
