Data protection requirements for all organisations in the UK and Scotland are governed by law setting out what needs to be complied with and how. However, the new Data Protection and Digital Information (No2) Bill now moving through Parliament is expected to conclude in early 2024. It contains a range of changes with implications for all data practitioners and data protection officers, impacting on when, how and why compliance is needed. What do data practitioners and their organisations need to understand about the new Act, what changes and responses will be required and what are the other latest and next broader drivers of change in the data environment?
The new Act will make a range of changes to the data regulatory regime. Lower accountability burdens, implications for Data Protection Officers (including the nature and prevalence of the role), subject access requests, use of data in research, the definition of personal data, profiling and artificial intelligence and the restructuring of the Information Commissioner's Office itself all face imminent change.
All of the expected regulatory change also takes place in the context of serious ongoing data protection challenges. The data environment is littered with recent cases of protection failures. These range from widespread inadvertent disclosures in CC'd emails in various bodies through to NHS WhatsApp data lapses arising following its use during and since pandemic. Physical breaches also continue to manifest with organisations including the Ministry of Justice and NHS Fife, among others, having seen both prisoner and patient data exposed.
Training is the key to security in data management and in almost all cases training delayed – or not done – has underpinned the occurence of breaches. The pace and volume of data sharing, driven by responses to externalities such as Brexit, pandemic and Ukraine, continues to increase dramatically. Add on top, the huge rise in the value of data as the life blood of both public services delivery and private sector competition, and the scale of that data management challenge becomes vast.
Change is imminent for both the regulator and the regulated. However, the roles of data professionals are perhaps the main constants in the data field. Always needed and always accountable, these post holders in every organisation are the critical point at which good data protection and information governance practice either works or fails. The law and guidance states what should happen. The ICO is the body that takes action after failure. It is the data practitioner professionals who are at the live point of data management and protection and who are therefore the key element which needs to be properly resourced, trained, upskilled and valued in their organisations.
This conference examines what the new data legislation will mean and will require, the impact on the role of data protection professionals, data protection officers and other relevant staff in the field and the broader pressures and drivers of change for data management. It will focus on three themes:
Topics to be discussed
Who should attend
This conference is intended for all those working in the data protection/management and information governance fields and is intended for both organisations and individuals. It is relevant to public, private and third sector organisations which hold, process, manage or share personal data and is for data practitioner professionals, accountable persons, data protection officers and also for those in executive and non-executive roles with a responsibilty for legal compliance, reputation management, corporate accountability or strategic leadership.
Regional Manager, Scotland
Information Commissioner’s Office
Head of Information Assurance & Data Protection iTECS
Scottish Government
Data Protection Officer and Lecturer
University of Edinburgh
Partner
Harper Macleod LLP
Data Protection Officer
RGDP (Really Good Data Protection)
Data Protection Officer/Pod Leader
The DPO Centre
Lecturer in Law, Dundee Law School and Executive Director of the Centre for Freedom of Information
University of Dundee
Jenny Brotchie
Regional Manager, Scotland
Information Commissioner’s Office
Jenny has been with the ICO Scotland team since 2018. In that time she has worked with a wide range of stakeholders from across the private, public and third sector providing advice and guidance on a issues and policy proposals ranging from law enforcement processing to data sharing with the third sector. She has a particular interest in ensuring that the processing of personal data benefits the most vulnerable in society.
Prior to joining the ICO Jenny worked at the Carnegie UK Trust managing a variety of policy advocacy and research projects including those centred on public service reform and evidence based policy and practice. She has also held a number of third sector roles focused on sustainability.
A biologist by training Jenny has spent time in molecular biology research labs and has always had a love of data!
Helen Findlay
Head of Information Assurance & Data Protection iTECS
Scottish Government
Helen is responsible for the section which provides advice and guidance for The Scottish Government on data protection and information assurance. Her career reflects a wide range of experience in data management and protection and information governance in both the public and private sectors. Helen's section led on EU Exit data adequacy mitigation planning for the Scottish public sector and she has worked in New Zealand and Scotland.
Rena Gertz (Dr)
Data Protection Officer and Lecturer
University of Edinburgh
Dr Rena Gertz completed her law degree in Germany before moving to Scotland for a Masters Degree and PhD in law, followed by a research fellowship at Edinburgh University. Leaving academia, she worked in local government for 7 years as DP and FOI Compliance Officer, while still maintaining her relationship with Edinburgh University by lecturing on several Masters Degree programmes. In May 2017 she returned fully to Edinburgh University by taking up the role of Data Protection Officer.
Scott Kerr
Partner
Harper Macleod LLP
Scott has a wide range of experience in advising on corporate structures, including companies, partnership and joint ventures. He also advises on mergers and acquisitions and investment both for start-up and established businesses.
Scott leads the Harper Macloed's Food & Drink Group and advises a wide range of clients in that sector. He also has particular focus on the life sciences and technology fields, dealing with a number of regulatory issues, and has practical experience of the energy and renewable sectors.
He is experienced in advising clients on a range of commercial contracts, including distribution, agency and franchise contracts (both in the UK and worldwide). Accredited as a specialist in intellectual property law by the Law Society of Scotland, he also advises widely on the registration and exploitation of intellectual property rights and related contracts, including web-based documentation.
Legal 500 lists Scott as a “Recommended Lawyer” in Intellectual Property and IT & Telecoms.
Trish Knight
Data Protection Officer
RGDP (Really Good Data Protection)
Trish has worked in a wide range of public, private sector blue chip and smaller companies and has over 10 years’ experience information governance and information security. She has a Masters in Business Administration, is a Fellow of the Chartered Institute of Management, and is a certified Data Protection practitioner. Her blend of experience and strong communication skills means she is able to quickly get to know a business and give excellent support for data protection needs.
Rik Mannix
Data Protection Officer/Pod Leader
The DPO Centre
Rik is a highly qualified Data Protection Officer, with extensive experience working in Data Protection, Information Governance, and IT within the medical and healthcare sectors. He has the CDPO, CIPP/E, CIPT and CIPM qualifications, and is a Fellow of Information Privacy. Rik has worked with many organisations, advising on obligations and requirements to ensure compliance with current data protection legislation, and providing guidance on best practice.
As a subject matter expert, Rik previously formed and chaired a global Privacy Steering Group and the Data Security and Protection Committee for one of the world’s largest healthcare organisations. He is a passionate advocate for health and social care related privacy matters and his expertise includes both operational IT management and strategic leadership.
Sean Whitaker (Dr)
Lecturer in Law, Dundee Law School and Executive Director of the Centre for Freedom of Information
University of Dundee
Following Dr Sean Whittaker’s graduation from the University of Dundee LLM Programme in Environmental Law, he began his doctoral studies in University College Cork, Ireland. He was awarded his doctorate in 2018, which was titled “Legal Transplants and Regimes Governing Access to Environmental Information in England and Wales, the United States and China”.
Before being appointed as a lecturer Dr Whittaker worked as a judicial assistant in the High Court of Ireland under Judge Caroline Costello and as a post-doctoral research at the University of Dundee for the “Uncovering the Environment: The Use of Public Access to Environmental Information” project.
He is currently the Executive Director of the Centre for Freedom of Information at the University of Dundee and has a keen interest in issues relating to environmental law, the Aarhus Convention and comparative legal theory.
Book delegate places or purchase video recording.
