Data protection requirements for all organisations in the UK and Scotland are governed by law setting out what needs to be complied with and how. However, the new Data (Use and Access) Bill is moving swiftly through Parliament and will conclude during 2025. This Bill contains a range of changes with implications for all data practitioners and data protection officers, impacting on when, how and why compliance is needed. Do you know what data practitioners and organisations need to understand about what will be in the new Act, what changes and responses will be required and what the impact will be of the other wider drivers of change in the data environment?
The Bill proposes a range of changes to the data regulatory regime and is intended to modernise how data is used and accessed across public and private sectors. The legislation aims to create a framework which balances innovation with privacy. Its objectives include streamlining access to data for innovation, protecting personal data and encouraging public trust. Key features of the Bill include the introduction of data intermediaries, the creation of a trust framework and new provisions regarding data sharing for public interest. The Bill also introducues a range of changes for data protection and privacy legislation ranging from data subject access requests through to fines and penalties and, perhaps, enhanced enforcement powers for the Information Commissioner’s Office.
This regulatory change takes place, as ever, in the context of serious ongoing data protection challenges. These range from widespread inadvertent disclosures through to WhatsApp data lapses following its widespread use during and since pandemic. Physical breaches continue to manifest with a range of organisations seeing personal data exposed. Training is critical in data management and, in most cases, failing to train underpins breach occurrences. The pace and volume of data sharing, driven by responses to externalities such as AI and changes in work patterns and locations continues to increase dramatically. The huge value of data as the life blood of both public services delivery and private sector competition, with the scale of associated data management required, increases the compliance burden.
While change is coming, the roles of data professionals are the main constants in the field. Always needed and always accountable, these post holders in every organisation are the critical point at which good data protection and information governance practice either works or fails. The law and guidance states what should happen. The ICO is the body that takes action after failure. However it is the data practitioner professionals at the live point of data management and protection who are the key element that needs to be properly resourced, trained, upskilled and valued in their organisations.
This conference examines what the new data legislation will mean and will require, the impact on the role of data protection professionals, data protection officers and other relevant staff in the field and the broader pressures and drivers of change for data management. It will focus on three themes:
Topics to be discussed
Who should attend
This conference is intended for all those working in the data protection/management and information governance fields and is for both organisations and individuals alike. It is relevant to public, private and third sector organisations which hold, process, manage or share personal data and is for data practitioner professionals, accountable persons, data protection officers and also for those in executive and non-executive roles with a responsibility for legal compliance, reputation management, corporate accountability or strategic leadership.
Head of Scottish Affairs (Acting)
Information Commissioner’s Office
Founder, Owner, and Executive Chair
Data Privacy Advisory Service
Data Protection Officer and Freedom of Information Adviser
RGDP (Really Good Data Protection)
Legal Director (Technology and Commercial)
Burness Paull LLP
Senior Lecturer
University of Otago
09:25 Chair's opening remarks
Dr Sean Whittaker, Senior Lecturer, University of Otago
seanswhittaker otago
Session 1: New data protection laws – implications for professionals and compliance
09:30 Keynote speaker
Jenny Brotchie, Head of Scottish Affairs (Acting), Information Commissioner's Office
ICOnews
09:45 Question and answer session
09:55 The new Data (Use and Access) Bill, GDPR and the data regulatory agenda ahead
Jo McLean, Legal Director (Technology and Commercial), Burness Paull LLP
10:15 Question and answer session
10:25 Comfort break
Session 2: Data protection practitioners – where organisational data compliance succeeds or fails
10:40 Scottish data protection professionals – current challenges and implications of the new law
10:55 The organisational importance of investing in data protection practitioner skills and experience
11:10 Question and answer session
11:25 Comfort break
Session 3: Current and emerging issues, prospective challenges and thinking beyond legislation and compliance
11:40 Organisations and their data professionals – why centering them matters
Nigel Gooding, Founder, Owner, and Executive Chair, Data Privacy Advisory Service
11:55 Regulating and complying in a world where data is stored and shared everywhere
Trish Knight, Data Protection Officer and Freedom of Information Adviser, RGDP (Really Good Data Protection)
12:10 Question and answer session
12:25 Chair's closing remarks
Dr Sean Whittaker, Senior Lecturer, University of Otago
seanswhittaker otago
Jenny Brotchie
Head of Scottish Affairs (Acting)
Information Commissioner’s Office
Jenny has been with the ICO Scotland team since 2018. In that time she has worked with a wide range of stakeholders from across the private, public and third sector providing advice and guidance on a issues and policy proposals ranging from law enforcement processing to data sharing with the third sector. She has a particular interest in ensuring that the processing of personal data benefits the most vulnerable in society.
Prior to joining the ICO Jenny worked at the Carnegie UK Trust managing a variety of policy advocacy and research projects including those centred on public service reform and evidence based policy and practice. She has also held a number of third sector roles focused on sustainability.
A biologist by training Jenny has spent time in molecular biology research labs and has always had a love of data!
Nigel Gooding
Founder, Owner, and Executive Chair
Data Privacy Advisory Service
Nigel is founder of the Data Privacy Advisory Service, and he plays a vital part in our success. Due to his extensive experience, Nigel is recognised as a leading expert in the industry.
A hugely experienced Data Protection Officer (DPO), Nigel has held a number of senior roles in private and public sector. These include a national board role with NHS Direct as Chief Operating Officer, along with a recent DPO role at South Western Ambulance NHS.
Nigel is the DPO at Macmillan Cancer support, Bristol Airport and several other organisations. He has also worked in a number of local authorities, and was DPO at Teignbridge and Watford Council.
He is also the External Examiner, Master of Laws (LLM) Cyber, Information,Technology and Innovation Law degree at Robert Watson University in Aberdeen.
He also has experience in working and liaising with the ICO and other EU supervisory authorities. Nigel has worked with clients in multiple jurisdictions, including those outside the EU and the GDPR adequacy arrangements. He was also the strategic Data Protection Subject Matter Expert advising the Government of Jersey in Health, Social Care and Children’s Service including Safeguarding and Education.
Nigel has also recently led the development of a Global Data Strategy with one of the largest companies in the world. This covers legislative compliance, data and information governance and data value.
Nigel holds Master’s degrees in Data Protection and Information Governance, Information Rights Law with a speciality in Children’s and Young Person’s data sharing, Freedom of Information, and Environmental Information regulations law. He also holds practitioner level qualifications, wrote the first UK DPO CPD Accredited Training Course, and is the lead trainer for the DVLA.
Nigel is also the External Examiner, Master of Laws (LLM) Cyber, Information,Technology and Innovation Law degree at Robert Watson University in Aberdeen
Trish Knight
Data Protection Officer and Freedom of Information Adviser
RGDP (Really Good Data Protection)
Trish has worked in a wide range of public, private sector blue chip and smaller companies and has over 10 years’ experience information governance and information security. She has a Masters in Business Administration, is a Fellow of the Chartered Institute of Management, and is a certified Data Protection practitioner. Her blend of experience and strong communication skills means she is able to quickly get to know a business and give excellent support for data protection needs.
Jo McLean
Legal Director (Technology and Commercial)
Burness Paull LLP
Jo is a data protection lawyer with 10 years’ experience advising on a variety of matters, ranging from bespoke privacy notices and policies, conducting global data protection audits and reporting at board level on findings, to managing multi-jurisdictional data security breaches and contentious data subject access requests. Jo also provides strategic advice on the complex interactions between data protection and broader digital regulatory areas such as ePrivacy, online safety, digital markets, e-commerce and AI.
Jo has particular experience in the retail and consumer and financial services sectors.
Clients appreciate Jo’s exceptional knowledge and approachable manner.
Jo is a member of the Law Society of Scotland’s Privacy Law sub-committee, and she is a member of the International Association of Privacy Professionals.
Sean Whittaker (Dr)
Senior Lecturer
University of Otago
Sean graduated with a First Class LLB (Hons) in Scots Law and an LLM in Environmental Law (with Distinction) at the University of Dundee in Scotland, supported by the Carnegie Trust for the Universities of Scotland. He was then awarded his PhD in Environmental Law at University College Cork in Ireland, supervised by Professor Áine Ryall and funded by the Irish Research Council Postgraduate Scholarship Programme.
Before being appointed as a Senior Lecturer at the University of Otago, Sean lectured at the University of Dundee. He was also the Executive Director of the Centre for Freedom of Information, based at the University of Dundee.
This conference takes place online.
How to book
You can book to attend in 3 ways:
Conference fees
Please note – It is not permissible to share the recording. Please contact us if you wish to share it. See our terms and conditions for further information.
Payment
We do not currently accept payments online and will send you an invoice.
You have the option to pay by bank transfer or card.
Bank details will be included on the invoice.
If you wish to pay by card, please tick the appropriate box on the booking form and a member of our staff will contact you by telephone to take the payment. Alternatively you may call 0131 556 1500.
Terms and conditions
By placing this booking, you agree to the full terms and conditions found via the link at the foot of our website.
Book delegate places or purchase video recording.