Data protection requirements for all organisations in the UK and Scotland are governed by law setting out what needs to be complied with and how. However, the new Data (Use and Access) Bill is moving swiftly through Parliament and will conclude during 2025. This Bill contains a range of changes with implications for all data practitioners and data protection officers, impacting on when, how and why compliance is needed. Do you know what data practitioners and organisations need to understand about what will be in the new Act, what changes and responses will be required and what the impact will be of the other wider drivers of change in the data environment?
The Bill proposes a range of changes to the data regulatory regime and is intended to modernise how data is used and accessed across public and private sectors. The legislation aims to create a framework which balances innovation with privacy. Its objectives include streamlining access to data for innovation, protecting personal data and encouraging public trust. Key features of the Bill include the introduction of data intermediaries, the creation of a trust framework and new provisions regarding data sharing for public interest. The Bill also introducues a range of changes for data protection and privacy legislation ranging from data subject access requests through to fines and penalties and, perhaps, enhanced enforcement powers for the Information Commissioner’s Office.
This regulatory change takes place, as ever, in the context of serious ongoing data protection challenges. These range from widespread inadvertent disclosures through to WhatsApp data lapses following its widespread use during and since pandemic. Physical breaches continue to manifest with a range of organisations seeing personal data exposed. Training is critical in data management and, in most cases, failing to train underpins breach occurrences. The pace and volume of data sharing, driven by responses to externalities such as AI and changes in work patterns and locations continues to increase dramatically. The huge value of data as the life blood of both public services delivery and private sector competition, with the scale of associated data management required, increases the compliance burden.
While change is coming, the roles of data professionals are the main constants in the field. Always needed and always accountable, these post holders in every organisation are the critical point at which good data protection and information governance practice either works or fails. The law and guidance states what should happen. The ICO is the body that takes action after failure. However it is the data practitioner professionals at the live point of data management and protection who are the key element that needs to be properly resourced, trained, upskilled and valued in their organisations.
This conference examines what the new data legislation will mean and will require, the impact on the role of data protection professionals, data protection officers and other relevant staff in the field and the broader pressures and drivers of change for data management. It will focus on three themes:
Topics to be discussed
Who should attend
This conference is intended for all those working in the data protection/management and information governance fields and is for both organisations and individuals alike. It is relevant to public, private and third sector organisations which hold, process, manage or share personal data and is for data practitioner professionals, accountable persons, data protection officers and also for those in executive and non-executive roles with a responsibility for legal compliance, reputation management, corporate accountability or strategic leadership.
Head of Scottish Affairs (Acting)
Information Commissioner’s Office
Founder, Owner, and Executive Chair
Data Privacy Advisory Service
Data Protection Officer and Freedom of Information Adviser
RGDP (Really Good Data Protection)
Legal Director (Technology and Commercial)
Burness Paull LLP
Senior Lecturer
University of Otago
Jenny Brotchie
Head of Scottish Affairs (Acting)
Information Commissioner’s Office
Jenny has been with the ICO Scotland team since 2018. In that time she has worked with a wide range of stakeholders from across the private, public and third sector providing advice and guidance on a issues and policy proposals ranging from law enforcement processing to data sharing with the third sector. She has a particular interest in ensuring that the processing of personal data benefits the most vulnerable in society.
Prior to joining the ICO Jenny worked at the Carnegie UK Trust managing a variety of policy advocacy and research projects including those centred on public service reform and evidence based policy and practice. She has also held a number of third sector roles focused on sustainability.
A biologist by training Jenny has spent time in molecular biology research labs and has always had a love of data!
Nigel Gooding
Founder, Owner, and Executive Chair
Data Privacy Advisory Service
Nigel is founder of the Data Privacy Advisory Service, and he plays a vital part in our success. Due to his extensive experience, Nigel is recognised as a leading expert in the industry.
A hugely experienced Data Protection Officer (DPO), Nigel has held a number of senior roles in private and public sector. These include a national board role with NHS Direct as Chief Operating Officer, along with a recent DPO role at South Western Ambulance NHS.
Nigel is the DPO at Macmillan Cancer support, Bristol Airport and several other organisations. He has also worked in a number of local authorities, and was DPO at Teignbridge and Watford Council.
He is also the External Examiner, Master of Laws (LLM) Cyber, Information,Technology and Innovation Law degree at Robert Watson University in Aberdeen.
He also has experience in working and liaising with the ICO and other EU supervisory authorities. Nigel has worked with clients in multiple jurisdictions, including those outside the EU and the GDPR adequacy arrangements. He was also the strategic Data Protection Subject Matter Expert advising the Government of Jersey in Health, Social Care and Children’s Service including Safeguarding and Education.
Nigel has also recently led the development of a Global Data Strategy with one of the largest companies in the world. This covers legislative compliance, data and information governance and data value.
Nigel holds Master’s degrees in Data Protection and Information Governance, Information Rights Law with a speciality in Children’s and Young Person’s data sharing, Freedom of Information, and Environmental Information regulations law. He also holds practitioner level qualifications, wrote the first UK DPO CPD Accredited Training Course, and is the lead trainer for the DVLA.
Nigel is also the External Examiner, Master of Laws (LLM) Cyber, Information,Technology and Innovation Law degree at Robert Watson University in Aberdeen
Trish Knight
Data Protection Officer and Freedom of Information Adviser
RGDP (Really Good Data Protection)
Trish has worked in a wide range of public, private sector blue chip and smaller companies and has over 10 years’ experience information governance and information security. She has a Masters in Business Administration, is a Fellow of the Chartered Institute of Management, and is a certified Data Protection practitioner. Her blend of experience and strong communication skills means she is able to quickly get to know a business and give excellent support for data protection needs.
Jo McLean
Legal Director (Technology and Commercial)
Burness Paull LLP
Jo is a data protection lawyer with 10 years’ experience advising on a variety of matters, ranging from bespoke privacy notices and policies, conducting global data protection audits and reporting at board level on findings, to managing multi-jurisdictional data security breaches and contentious data subject access requests. Jo also provides strategic advice on the complex interactions between data protection and broader digital regulatory areas such as ePrivacy, online safety, digital markets, e-commerce and AI.
Jo has particular experience in the retail and consumer and financial services sectors.
Clients appreciate Jo’s exceptional knowledge and approachable manner.
Jo is a member of the Law Society of Scotland’s Privacy Law sub-committee, and she is a member of the International Association of Privacy Professionals.
Sean Whittaker (Dr)
Senior Lecturer
University of Otago
Sean graduated with a First Class LLB (Hons) in Scots Law and an LLM in Environmental Law (with Distinction) at the University of Dundee in Scotland, supported by the Carnegie Trust for the Universities of Scotland. He was then awarded his PhD in Environmental Law at University College Cork in Ireland, supervised by Professor Áine Ryall and funded by the Irish Research Council Postgraduate Scholarship Programme.
Before being appointed as a Senior Lecturer at the University of Otago, Sean lectured at the University of Dundee. He was also the Executive Director of the Centre for Freedom of Information, based at the University of Dundee.
Book delegate places or purchase video recording.
