Event: 2nd Annual Data Protection Conference

The Future of Data Protection: Making it work in Practice

About the conference

The stage has been set for significant changes to data protection legislation in the EU. On 25 January 2012, the European Commission released draft amendments to the European data protection framework. If these remain intact through the legislative process, the impact on organisations within and outside the EU will be substantial.

  • Data processors will be on the same legal footing as data controllers.
  • Fines will increase dramatically (proposed to be set at up to 2% of annual worldwide turnover).
  • Organisations will need to adapt their processes to deal with concepts such as the 'right to be forgotten'.
  • Mandatory breach notification.

As the draft regulation reaches debate in the European Parliament, Practical Law's Future of data protection conference provides a timely opportunity to examine what impact the reforms will have on the data protection landscape. It will offer you an insight as to how the new legislation will work in practice and how it should be implemented across your organisation.

Speakers to date include:

  • Philippe Renaudière, Data Protection Officer, European Commission
  • Iain Bourne, Group Manager, Data Protection, ICO
  • Patricia Poku, Head of Data Protection, London 2012
  • Vivienne Artz, Managing Director & General Counsel, Citi
  • James Leaton Gray, Head of Information Policy & Compliance, BBC
  • Simon Hania, Program Manager Data Protection & Privacy , TomTom
  • Steve Wright Global Privacy Officer, Unilever
  • Philipp Raether, Executive Director - Global Lead for Data Protection, UBS
  • Stephen Deadman, Group Privacy Officer and Head of Legal, Vodafone
  • Kathryn Whelan, EMEA Privacy, Intel

Topics include:

  • A comparison of the regulation and the directive across different jurisdictions.
  • Determining the impact that faces EU data controllers face when trying to achieve compliance with different regimes in EU member states
  • Clarifying the role of Data Protection Authorities (DPAs) in accountability and enforcement.
  • Steps to put in place for an effective security breach plan.
  • How do company systems comply with the risks of the 'right to be forgotten'?
  • Effectively managing data flow in a compliant fashion using Binding Corporate Rules.
  • Understanding your data responsibilities in the Cloud.


Philippe Renaudière

Philippe Renaudière

Data Protection Officer, European Commission (EC)

Philippe Renaudière is Data Protection Officer at the European Commission since May 2006. He is responsible for the good implementation of the data protection regulation by the European Commission. He is administratively attached to the Commission's Secretariat General, but enjoys a complete independence in the exercise of his mission. His previous assignment with the Commission was head of the Data Protection Unit in DG Freedom, Security and Justice, a position which he occupied from 2001 to 2006. In this capacity, he was responsible, inter alia, of the first implementation report of Directive 95/46 and of the action programme attached to it, and he led the secretariat of the Art 29 Working Party. During the last 5 years, he represented the Commission in numerous European and International Data Protection Conferences, Seminars and Workshops. Philippe is a Belgian lawyer and has been with the Commission since 1987. He worked successively in the areas of Environment, Transport, Competition –he was a member of the Cabinet of Karel Van Miert, and Internal Market, where he was the Head of the unit in charge of the External Dimension of the Internal Market.

Prior to joining the Commission, Philippe Renaudière was in-house counsel with Tractebel in Brussels.

He gained his undergraduate law degree from the Université Libre de Bruxelles in 1976, a master's degree in economic law in 1978 and a special diploma in industrial legislation in 1984. He also gained a MA in International Relations (CERIS/Université de Paris XI) in 2004.

Iain Bourne

Iain Bourne

Group Manager – Policy Delivery, The Information Commissioner's Office (ICO)

Iain joined the Information Commissioner's office in 1996. During his time with the Commissioner he has dealt with a wide range of areas, including health service compliance, new technologies, international issues and privacy at work. Iain worked for a couple of years on the freedom of information side of the ICO. During the last few years Iain has headed up the ICO's work on information sharing, privacy notices, personal information online and anonymisation. He is currently very involved in the ICO's work on the EC's proposal for a new data protection regulation.

Dr. Philipp Raether

Dr. Philipp Raether

Executive Director and Legal Counsel, UBS

Dr. Philipp Raether is an Executive Director and Legal Counsel in the IT, Contracting & Shared Services Legal Team of UBS in London. In this capacity, Philipp looks after the bank’s data protection, banking secrecy and outsourcing projects and issues globally. Before joining UBS, Philipp has worked for seven years with the law firm Freshfields specializing in IP/IT/Data Protection. Philipp has studied law in Germany, Switzerland and the US; he is admitted as a German Rechtsanwalt and as a Solicitor in England and Wales.

Stephen Deadman

Stephen Deadman

Group Privacy Officer and Head of Legal – Privacy, Security & Content Standards, Vodafone Group

Stephen is the Group Privacy Officer and Head of Legal – Privacy, Security & Content Standards at Vodafone Group, one of the world’s leading mobile communications companies. Stephen is responsible for leading Vodafone’s global privacy policy and strategy, and the development and implementation of Vodafone’s global privacy programme.

Simon Hania

Simon Hania

Program Director Privacy and Data Protection, Tom Tom

Simon Hania has been a leader at the cross roads of telecommunication and information technology, business and regulatory affairs for over 15 years. Simon currently is Program Director Privacy and Data Protection at TomTom, ensuring the company to globally meet the growing expectations of customers and the increasing regulatory demands with respect to location privacy. Previously at TomTom, Simon was responsible for Technical Operations of Service Delivery, including the HD Traffic service. Before TomTom, Simon held various positions in the telecommunications industry, the last being CTO at XS4ALL, the premier internet service provider in the Netherlands.

James Mullock

James Mullock

Partner, Osborne Clarke

James is a Partner at Osborne Clarke and leads the firm’s Privacy and Data Law group across its European and US offices.

Between 1999 and 2002 he co-wrote 3 editions of' The Data Protection Act Explained', published by the Stationery Office, one of the first authoritative guides to the UK's refreshed data protection laws. Since then he has helped numerous clients with compliance issues both in respect of Europe’s current and soon to be refreshed data laws. He sits on the editorial board of the publication 'Data Protection Law & Policy', the panel of experts of the leading data protection website www.dataguidance.com and regularly speaks on international privacy issues at conferences around the globe (including the Data Protection Regulators’ conference in Uruguay in 2012). Both Chambers and the Legal 500 identify him as a leading lawyer in the fields of Data Protection and also IT.

James trained with Osborne Clarke and became a partner in 2001. As well as privacy and freedom of information issues he advises clients on technology supply, procurement and outsourcing arrangements (in particular offshore outsourcing). He also jointly runs Osborne Clarke's India desk and is a regular visitor to that country.

Bridget Treacy

Bridget Treacy

Partner, Hunton & Williams

Bridget Treacy is the Managing Partner of Hunton & Williams’ London office and leads the UK Privacy and Information Management practice. Her practice focuses on all aspects of privacy and information governance for multinational companies, including cross border data transfers, cloud computing, behavioural targeting and data breach. Bridget is the only lawyer ranked as a “star individual” for data protection in Chambers and Partners 2012 and 2013 Guides, which describes her as a “…superb but approachable lawyer," who continues to impress sources with "her incredible amount of knowledge on the subject."

Bridget’s background in complex technology transactions (including wide-ranging experience of advising on sourcing agreements, strategic alliances and other collaborative arrangements with a technology focus) enables her to advise on the specific data protection and information governance issues that occur in outsourcing transactions. Bridget is the co-author of Intellect’s Data Security and Data Protection Guidelines for Offshoring and Outsourcing (2011).

Bridget is a frequent speaker on privacy-related issues, is editor of the specialist privacy journal “Privacy and Data Protection”, and has contributed to a number of published texts including Data Protection for Financial Firms: A Practical Guide to Managing Privacy and Information Risk (2010).

Sue Gold

Sue Gold

Partner, Osborne Clarke

Sue is a Partner at Osborne Clarke specialising in data protection law. She has considerable experience in developing strategies and procedures for European data protection compliance, providing advice on complex technology transactions, and advising on developing areas of law, including children’s privacy.

Prior to joining Osborne Clarke Sue was Principal Counsel EMEA for the Walt Disney Company in London where she became recognised as a leading expert in data protection management and data privacy. This was preceded by legal roles in the financial services sector, providing advice on technology law and data protection at the investment banking arms of UBS, Salomon Smith Barney and she also worked at NM Rothschild and The London Stock Exchange.

Sue sits on the European advisory board for the IAPP (International Association of Privacy Professionals), is a member of the SCL committee for the privacy and data protection group, and is a past chair of the CBI and UNICE groups on data protection. Sue is a regular speaker at international conferences on data protection and data privacy covering some of the more complex and cutting-edge issues.

Judith Rauhofer

Judith Rauhofer

Editor, IPIT & Communications, Practical Law

Judith Rauhofer is a former solicitor. She qualified as a solicitor in 1999, having previously qualified as a Rechtsanwalt in Germany. She practised for four years at Lewis Silkin, specialising in data protection, e-commerce and general commercial law, before joining Practical Law IPIT & Communications in 2001. She also works as a Research Fellow for Law, Information and Converging Technologies at the University of Central Lancashire, where her research focus is on data protection law, a field in which she has published articles and presented papers at conferences and workshops.

Nick Mathys

Nick Mathys

Senior Associate, White & Black Legal LLP

Nick is a Senior Associate in the Commercial & Technology team of White & Black Legal LLP where he specialises in advising on commercial and transactional matters within the technology sector. Much of his commercial work focuses on the cloud computing sector and the data protection issues arising from the cross-border provision of cloud-based services, particularly for Japanese and US cloud service providers.

Prior to joining White & Black in July 2012, Nick started his legal career with the IP/IT team of Baker & McKenzie in London before joining the Corporate/TMT team of Herbert Smith’s Tokyo office in August 2007. Nick is fluent in Japanese and during the five years he worked at Herbert Smith Tokyo he advised a range of multinational Japanese technology, telecoms and gaming companies on data protection and other commercial and regulatory issues applicable to the supply of cloud-based IT, communications and gaming services around the world.

Rosemary Jay

Rosemary Jay

Senior Attorney, Hunton & Williams

Rosemary Jay is a senior attorney at Hunton & Williams. She joined from Pinsent Masons LLP where she was head of the Information Law Practice. Prior to that she was the head of the Legal Office of the Data Protection Registrar (now the Information Commissioner) for 12 years. She has practiced in privacy law for nearly 25 years and is recognized as one of the top lawyers in the area of data protection in the UK, with Chambers and Partners recognizing her in "Band 1" in data protection in 2012 and 2013. She advises on high-level privacy, data protection and confidentiality issues. Her practice covers all areas of information law. She has extensive experience advising on the UK Freedom of Information regime and also advises on interception, surveillance and monitoring under the Investigation of Regulatory Powers Act. Her clients include public bodies, multinationals and private organizations. She has advised non-EU states on the adoption and drafting of privacy laws.

Rosemary is author of Sweet & Maxwell's Data Protection Law & Practice, a contributing editor to The White Book on data protection and an editor of the Encyclopedia of Data Protection and Privacy. She has worked with the Council of Europe and the European Commission on privacy issues in Europe and the Commonwealth Secretariat in West Africa. Rosemary speaks frequently and is a regular contributor to journals, conferences and workshops, as well as participating on a number of advisory committees in the area of privacy and data protection. She has a particular interest in training and the development of effective training materials, and worked with the Scottish government to develop training materials on the introduction of access law in Scotland.

John Bowman

John Bowman

Head of EU and International Data Protection Policy, Ministry of Justice

John Bowman was appointed Head of EU and International Data Protection Policy at the Ministry of Justice (MoJ) in November 2011. He is the lead negotiator for the UK on the proposed EU Data Protection Regulation and Directive. John joined the Lord Chancellor's Department in 1989 and has worked in a wide variety of policy roles for MoJ covering such diverse subjects as Sharia law, claims management regulation and international child abduction. John has a degree in American Studies from the University of Essex. When not attempting to address the challenges of the regulating the digital world as part of his day job, John enjoys such analogue activities as film photography, vinyl collecting and multi-track tape recording.

Steve Wright

Steve Wright

Global Privacy Officer, Unilever

Steve Wright is the global privacy officer who has responsibility for overseeing the privacy for Unilever PLC. By using his solid risk and IT security understanding, 18 years of practical IT risk and business experience, coupled with his holistic knowledge of process and control frameworks – Steve is bring to bear his collective experience in implementing a global privacy framework. Having once served as a IT Security Director for a large professional services organization, and held interim high profile delivery roles, he knows first-hand the challenges and demands of Privacy, Cybercrime, Identity Theft, Computer Hacking, Data Leakage, Access Mgmt, Encryption, Cyber-terrorism, Fraud, Consumer and Staff Awareness and the complex legal, regulatory and contractual requirements of today's multi-connected and globally trading digital environments.

Kathryn Whelan

Kathryn Whelan

EMEA Privacy, Intel

Kathryn Whelan joined Intel's Privacy Office in 2005. Her role includes oversight and contribution to Intel's global privacy program serving the needs of customers, employees and product design. She participates or speaks at various privacy-related groups and events on a regular basis.

Kathryn has a BA (Hons) in European Languages from the University of Wales, Aberystwyth, UK. She holds the IAPP CIPP/US, CIPP/IT and CIPP/E as well as a Certificate in Information Security Management Principles from the ISEB (Information Systems Examination Board – UK).

Patricia Poku

Patricia Poku

Head of Data Protection, London 2012

Patricia Poku offers a unique blend of executive acumen, global teamwork with strong operational and front line experience in processing the full lifecycle of personal data from creation to destruction. She has over 15 years specialist experience in information management.

When she finally closes up shop in current role as Head of Data Protection at the London 2012 Olympic Games, Patricia will have spent 18 months in total protecting the personal data of citizens from around the world as it streamed in at a rapid pace from Olympic departments, including marketing, volunteer coordination and ticketing.

With a reputation for implementing the requirements of other legislation such as the Freedom of Information Act 2000 and the Reuse of Public Sector Information Act 2005 for large organisations, Patricia has been instrumental in making significant contribution in the roll out of new information systems in the public and private sectors.

In her role as the Principal Information Governance Officer in the London Borough of Newham, Patricia also served as the Authority's Caldicott Guardian with responsibility for information protection and confidentiality of social services and NHS data in which she led in developing the compliance framework, improving transparency, visibility and bringing data protection and confidentiality issues to the forefront of Senior Management Team discussions. She represented the Local Authority on various committees including the Pan North-East London Committee for information Sharing and the Pan London Forum for Data Protection.

In the last UK population census, Patricia was appointed by the Office of National Statistics to manage the collection of personal and sensitive data in the London Borough of Havering.

Patricia's career includes a 7 years background in housing as a caseworker at the initial point of collection and processing of sensitive personal data.

Patricia holds a Master of Business Administration, majoring in Project Management and Consultancy. She is a Prince2 (Projects in Controlled in Environments) practitioner and a member of various Privacy and Information Governance groups.

Patricia is a wife and mother of 4 daughters. She is an active fundraiser for the Macmillan Cancer and Practical Action Charities. She enjoys reading, travelling and has a passion to improve the lives of the poor and vulnerable in society.

James Leaton

James Leaton Gray

James Leaton Gray heads the BBC's Information Policy and Compliance Department, in the Legal section of the BBC’s Finance & Business Group. He oversees the operation of the Corporation’s systems for compliance with the Data Protection and Freedom of Information Acts, amongst others. His team are involved in many high profile cases in this rapidly evolving area of the law.

James has been working in broadcasting, mainly for the BBC, for over 30 years. He has worked on a wide variety of management roles including overseeing projects to ensure the BBC's impartiality during elections and the introduction of staff multi-skilling in areas of BBC News. Before joining the legal arena he was a programme maker and spent much of his time in political journalism. He edited many of the BBC's Political and Parliamentary programmes including Today/Yesterday in Parliament, The Week in Westminster, Westminster Live, and the documentary series Scrutiny.

He was one of the first staff members to be invited to take part in the BBC’s MBA programme. He is a former Chairman of the Strategic Planning Society and former Trustee of the Radio Academy, he is also a member of the Royal Television Society. He is on the editorial board of Data Protection Law & Policy and is a Member of the Examination Board for the Practitioner Certificate in Freedom of Information.

Vivienne Artz

Vivienne Artz

Vivienne Artz is a Managing Director and Head of International for the IP and O&T Law Group in the General Counsel's Office in London.

The International team, with lawyers in London, Hong Kong, Singapore and Japan, is responsible for all intellectual property, technology, e-commerce, general commercial/procurement/outsourcing, data privacy, banking secrecy and data security, electronic trading and order routing, and market data legal issues, across all business areas in the EMEA and APAC regions.

Prior to joining Citigroup in 2000, Vivienne worked in private practice in London.

Vivienne chairs the AFME Data Protection Working Group and is an active participant on the E-Commerce Group and the Data Protection Groups at the BBA and CBI, as well as a Steering Committee member for the Technology Discussion Group. Vivienne is co-chair of the Citi Women Network in the UK, and leads the Legal Diversity Committee for EMEA.

Vivienne Artz

Nick Hyner

Nick Hyner is EMEA Services Legal Counsel at Dell and his responsibilities include all legal and compliance aspects of Dell’s cloud computing business. His experience encompasses a variety of Dell’s customer and partner negotiations for Dell’s cloud offerings in the private and public sectors. Also, as a member of Dell’s European cloud subject matter team, Nick advises on the legal, regulatory and risk considerations for Dell as it develops its cloud services portfolio across various sectors for multiple offerings both independently and with alliance partners. Earlier in his career, Nick worked in the private equity and technology venture capital industries - both as a lawyer at Clifford Chance and a corporate finance adviser for Cobalt Corporate Finance.

Diana MacLean

Diana MacLean

Global Privacy Training and Awareness Lead, and BCR Programme Manager, BP

Diana MacLean is the Global Privacy Training and Awareness Lead, and BCR Programme Manager at BP. Diana joined BP in 2008 to design the training and internal communications strategy for BP's Binding Corporate Rules programme. This included creation of face to face training materials, e-learning course development, stakeholder and management communications, and managing the strategy and materials for BP's internal BCR signing process. Diana also managed BP's BCR post approval process-where required by European Data Protection Authorities-and continues to work with the various BP entities and DPA's to ensure on going compliance with BP’s BCR.

From 2004-2008, Diana worked for Microsoft in the Global Marketing Operations group, where she was the EMEA training and privacy project manager for a global rollout of standardised marketing systems, processes, and privacy compliance initiatives. In this role, she was also the privacy approver for all EMEA marketing campaigns, responsible on a daily basis for ensuring appropriate handling of customer data gathered as part of European online contests/promotions, email marketing, and events.

Prior to this Diana worked at Reuters, a global training company, Cable and Wireless, and also taught high school computer classes in New York. Diana holds the CIPP/E certification and has an MA from New York University in International Education, and a BA from Michigan State University in International Relations and Telecommunications.

Phil Riman

Phil Riman

Phil Riman, Managing Partner and Founding member, White and Black

Phil is the Managing Partner and a founding member of White & Black and has worked for technology clients for over 18 years. He has particular expertise in IT and IT services and regularly advises on the provision of cloud-based services and investments in the cloud and e-commerce sectors.

During the late 90's and early years of the new millennium Phil worked for 3i in both the UK and US as part of 3i's venture / technology team. In 2003, he returned to private practice as Head of corporate, technology and finance for a major regional law firm before forming White & Black in 2007.

Phil has since advised a number of IT and other high-tech companies on their contractual and corporate affairs including in relation to data protection and information security matters. With particular knowledge of the software industry, Phil also regularly advises on licensing, escrow arrangements and other IT related agreements.


Time Details
8.30am - 9.15am Registration
9.15am - 9.30am Welcome and Introductions
9.30am - 10.15am

Panel session: A comparison of existing and future data protection law

  • Comparing the existing data protection regime and the draft EU regulation, highlighting key points for compliance.
  • Determining key preparatory steps for all organisations operating in the EU before the regulation is implemented.
  • Discussing the practical implications of these reforms and potential challenges arising from the draft regulation.
  • What will happen to US companies and organisations based outside of the EEA who do not comply with EU law?
  • Current issues likely to be addressed as part of the reform – how is the UK responding to these changes?

Philippe Renaudière, Data Protection Officer, European Commission
Iain Bourne, Group Manager – Policy Delivery, The Information Commissioner's Office (ICO)
Phil Riman, Partner, White & Black Legal

10.15am - 11.15am

Panel session: Preparing for the EU regulation - getting your data compliance programme in order

  • Understanding the importance of investing in Privacy and Making the regulation work for you.
  • Securing buy-in (from IT, marketing and HR) across the board for accepting policies, provisions and projects and to drive the consumer relationship.
  • Responsibilities of data controllers and extending the law to data processors.
  • Staff awareness and training.
  • Conducting an audit and data mapping trail and determining the quality and accuracy of data.
  • Dealing with differences in legislation, across the organisation, by consolidating multiple policies.
  • Managing customers terms and conditions.

Stephen Deadman, Group Privacy Officer and Head of Legal, Vodafone
Patricia Poku, Head of Data Protection, London 2012
Bridget Treacy, Partner, Hunton & Williams
Simon Hania, program Director Privacy and Data Protection, TomTom
Judith Rauhofer, Editor, IPIT & Communications Practical Law Company

11.15am - 11.45pm Coffee break
11.45am - 12.10pm

Improvement of the rights of the data subject

This will be an opportunity to ask questions and answers to our esteemed panel.

Find out more about:

  • Enhanced rights
  • Data Portability
  • Transparency
  • Information and access to data
  • Rectification and erasure
  • Data mining and profiling

Judith Rauhofer, Editor, IPIT & Communications Practical Law Company
John Bowman, Head of EU and International Data Protection Policy, Ministry of Justice

12.10am - 12.50pm

Panel session: Clarifying the role of Data Protection Authorities (DPAs) in accountability and enforcement.

In place of the general notification obligations, the Commission is proposing a range of additional measures intended to make organisations more accountable.

This session will cover:

  • The changing role of the data protection officer: is this role simply confined to the legal department?
  • How could this impact on SMEs?
  • How can individuals' rights be enforced?
  • How will the 'one-stop-shop' work for organisations in multiple jurisdictions?

Iain Bourne, Group Manager – Policy Delivery, The Information Commissioner's Office (ICO)
Rosemary Jay, Senior Attorney, Hunton & Williams
John Bowman, Head of EU and International Data Protection Policy, Ministry of Justice

12.50am - 1.30pm

Steps for an effective security breach preparation and Response Plan in the UK and across Europe

This session will help you prepare for, plan and implement your response in the event of a data security breach.

  • What is expected from an organisation to prepare for a security breach?
  • Preventing data loss by developing a security breach management plan.
  • Action to be taken following the discovery of a breach of personal data security.
  • Maintaining a well managed process and how it will impact industry.

James Mullock, Partner, Osborne Clarke
Philipp Raether, Executive Director - Global Lead for Data Protection, UBS

1.30pm - 2.30pm Buffet lunch
2.30pm - 3.20pm

Streamed sessions

Delegates will be able to choose one workshop from each session below. The number of workshops may vary on the day depending on interest levels and further research.

Workshop A: Delivering best practice to embrace the concept 'Privacy by Design'

Organisations do not always consider or address privacy concerns throughout their systems' life cycle. Performing privacy impact assessments, managing privacy risks and promoting greater transparency can address this. This session will enable you to better understand the concept of privacy by design.

  • How will it impact on us?
  • Building structures and process to accommodate privacy by design.
  • Prioritising privacy impact assessments.

Kathryn Whelan, Privacy Analyst (EMEA), Intel Corporation
James Leaton Gray, Head of Information and Policy Compliance, BBC

Workshop B: Harmonisation - Enabling data controllers to achieve compliance with different regimes in EU member states

This session will examine the indirect way in which the EU imposes obligations on other countries to put in place data protection laws by requiring "adequacy" before any EU personal data can be transferred there or in order to offer services to the EU from non-EU countries.

  • How far will non-EU data controllers have to comply with the Regulation?
  • The data controller who wishes to transfer data outside the EEA.
  • Overcoming challenges of requiring 'adequacy' before EU personal data is transferred.
  • What mechanisms, outside of the EU, will need to be put in place to ensure these standards are adhered to.
  • Outlining the steps the data controller should undertake in transferring data outside the EEA.

Vivienne Artz, Managing Director & General Counsel, Citi

3.20pm - 3.50pm

Afternoon Tea

Delegates will be able to choose one of the below suggested workshops.

3.50pm - 4.40pm

Workshop A: Understanding your data responsibilities in the cloud - whilst undergoing a global transformation data programme

With more and more businesses looking to use cloud computing, the ICO is concerned that many businesses do not realise they remain responsible for how the data is looked after, even after passing it to a cloud network provider.

  • What are the implications?
  • Who are the cloud providers?
  • How will the data protection reforms affect working in the cloud?
  • What should you be looking for in your cloud provider?
  • How do cloud providers manage how data is controlled?
  • The consequences of non-compliance where cloud storage is based abroad.
  • The future of the cloud.

Steve Wright, Global Privacy Officer, Unilever
Nick Mathys, Senior Associate, White and Black Legal

Workshop B: Effectively managing data flow in a compliant fashion using Binding Corporate Rules

Binding Corporate Rules have been designed to allow multinational companies to transfer personal data from the EEA to their affiliates located outside of the EEA. This session will cover:

  • Determining how BCRs will fit into the new regulation.
  • The objectives of BCRs.
  • Potential benefits and challenges.
  • Securing authorisation for BCRs.
  • The practicalities of how this should be managed in the future for both large and smaller firms.
  • Extending binding corporate rules to cover third party.
  • What kind of security measures do you have in place?

Diana Maclean, BCR, Training & Communications Lead, BP
Robbie Downing, Of Counsel, Baker & McKenzie

4.40pm - 5.20pm

What practical issues should be considered to comply with Data Protection regulation in a market driven by mobility and social media?

  • Employees and Customers desire for mobility and complying with Data Protection Regulation ( i.e. using home devices and tablets in a working environment and providing customers mobile services).
  • What are the challenges and solutions facing Bring Your Own Device (BYOD) and realising cost benefit.
  • Use of social media for employees, by employees and interacting with customers and third parties.

Sue Gold, Partner, Osborne Clarke
Nick Hyner, EMEA Services Legal Counsel, Dell

5.20pm Closing comments from chair.
5.30pm End of conference followed by drinks.

This programme is subject to change.

We offer a range of highly tailored networking, research and branding opportunities at our events. Don't miss the opportunity to develop your brand and expand your business network through our bespoke packages. For more information on the opportunities and benefits they can bring to your business, please contact Samantha Carpenter on 020 3423 6621 or samantha.carpenter@practicallaw.com.

Delegate enquires: Please contact Richard Cooper, Delegate Sales Executive on 0203 423 6396 or richard.cooper@practicallaw.com.

Do you have a good case study or story you want to share? If so, please contact Debbie Berkovitch, Senior Conference Producer on 020 3423 6440 or debbie.berkovitch@practicallaw.com.

For further information please contact Rebecca Lock, Events and Marketing Manager on 020 7202 7423 or rebecca.lock@practicallaw.com.

Click here for terms and conditions


White & Black Legal

White and Black Legal

White & Black Legal LLP is a specialist corporate and technology law firm. We focus on advising companies on technology-related law, transactions and disputes and, as a result, many of our clients come from the high-tech sectors including information technology/cloud computing, e-commerce, communications and online gaming. Our three practice areas, all of which have a bias towards technology law, are corporate (including venture capital for which we have been independently ranked by Chambers since 2009 as one of the top 20 UK law firms), commercial & technology (including data protection and information security), and dispute resolution.

Baker & McKenzie

Baker and McKenzie

Baker & McKenzie defined the global law firm in the 20th century, and we are redefining it to meet the challenges of the global economy in the 21st .

We bring to matters the instinctively global perspective and deep market knowledge and insights of more than 4,000 locally admitted lawyers in 72 offices worldwide. We have a distinctive global way of thinking, working and behaving – "fluency" – across borders, issues and practices.

We understand the challenges of the global economy because we have been at the forefront of its evolution. Since 1949, we have advised leading corporations on the issues of today’s integrated world market. We have cultivated the culture, commercial pragmatism and technical and interpersonal skills required to deliver world-class service tailored to the preferences of world-class clients worldwide.

Ours is a passionately collaborative community of 60 nationalities. We have the deep roots and knowledge of the language and culture of business required to address the nuances of local markets worldwide. And our culture of friendship and broad scope of practice enable us to navigate complexity across issues, practices and borders with ease. Our commitment to excellence and fluency are reasons why we have more lawyers listed in more countries in Chambers Global Directory of the World's Leading Lawyers than any other global firm.



Pure's Legal division operates from our London, Hong Kong and Singapore offices, providing full-service recruitment solutions for both In-house and Private Practice requirements.

Our coverage extends throughout the UK, EMEA and Asia Pac regions, sourcing permanent and interim requirements at all levels from Newly Qualified through to General Counsel, across a broad range of sectors.

The vast majority of our legal consultants are qualified lawyers and all are experienced recruiters. The combination of their expertise and our international reach ensures that we can provide a bespoke solution for every requirement, which is reflected in our exceptional rate of assignment success.

Hunton & Williams

Hunton & Williams

Since our establishment more than a century ago, Hunton & Williams has grown to nearly 800 lawyers serving clients in 100 countries from 19 offices around the world. Hunton & Williams' Global Privacy and Data Security practice has similar international reach, with privacy lawyers located across the globe in London, Brussels, New York and Beijing. The privacy practice is known throughout the world for its deep experience, breadth of knowledge and outstanding client service. Computerworld magazine, The Legal 500 and Chambers and Partners, all have named Hunton & Williams as a top firm for privacy and data protection. In addition to our legal practice, we distinguish ourselves through our Centre for Information Policy Leadership, which boasts the active participation of nearly 40 leading multinational corporations.

Osborne Clarke

Osborne Clarke

Osborne Clarke represents organisations, governments and people all around the world. We work on deals from Mumbai to Cologne, transactions from the City to Silicon Valley and cases from Russia to China. We have over 800 lawyers working in 13 offices in the UK, Germany, Spain, Italy and North America. We know several important industry sectors inside out. And, we have particular expertise in Digital Business, Energy and Utilities, Financial Services and Real Estate and Infrastructure.

Tackling data protection, privacy and technology security issues is a priority for every business. But it's a complex area. So our legal experts take the headache out of dealing with privacy and data law issues across Europe. We offer clear, up-to-the-minute advice that is relevant to your business. And because data protection, privacy and technology security are global issues, we use our international network to make sure you get the right solution.


In house:

1 Attendee 2 Attendees 3 Attendees
£350 + VAT £650 + VAT £899 + VAT

Private Practice:

1 Attendee 2 Attendees
£550 + VAT £999 + VAT

Savings include multiple booking and early bird discounts. All discounts are subject to approval. Please note the registration fee includes access to all sessions, refreshments, lunch and access to the conference materials. It does not include travel or hotel accommodation costs. All discounts can only be claimed at the time of registration. We are happy to accept substitutions for places for the whole event but delegate passes cannot be split or shared between delegates.


To register you place at this event please complete our online booking form.

Who should attend?

In house:

  • General counsel, in-house counsel.
  • Data protection professionals including; directors, managers and officers.
  • Private practitioners covering data protection and privacy.
  • Law firms are limited to two places.

In addition to the above, those working within Marketing and HR may also find this event of interest.

Attendance at the event is subject to the Practical Law event terms and conditions.

Forum Brochure

Download the pdf

Contact us

If you would like to know more about any event, please contact the events team or call +44 20 7202 1220.

Follow us

Follow our Events on Twitter.

{ "siteName" : "PLC", "objType" : "PLCWebPage", "objID" : "1247768228508", "objName" : "data-protection-conference", "userID" : "2", "objUrl" : "http://uk.practicallaw.com/cs/Satellite/resources/events/data-protection-conference?null", "pageType" : "Other", "academicUserID" : "", "contentAccessed" : "true", "analyticsPermCookie" : "2-3b01f5d1:15af85d3d87:-640b", "analyticsSessionCookie" : "2-3b01f5d1:15af85d3d87:-640a", "statisticSensorPath" : "http://analytics.practicallaw.com/sensor/statistic" }