Roundtables for exchanging ideas on planning and managing
a GDPR compliance programme
BT, London, 23 November 2016, 14.00h.-17.30h.
BP, London, 19 January 2017, 14.00h.-17.30h.
Google, London, 23 March 2017, 14.00h.-17.30h.
This series of three afternoon roundtables for peer group exchange will focus on managing the EU General Data Protection Regulation (GDPR) compliance process. Regulators and policy makers will not be invited to these roundtables.
Whatever happens with Brexit, your organisation will continue to trade with some of the 30 countries in the European Economic Area and you need to ensure that your organisation is complying with the GDPR.
The emphasis will be on sharing experience to help you organise and manage the process rather than giving legal advice on the impact of the GDPR.
The roundtables will be hosted by companies and take place in London in November 2016 and January and March 2017. Hosts will report on progress in their organisations. In addition, you should expect to discuss your plans with the group. Everyone learns and benefits from this participatory process.
The first roundtable will be hosted by Mark Keddie, Chief Privacy Officer, BT Group on 23 November at its office near St. Pauls in central London.
The second roundtable will be hosted by Ellis Parry, Global Lead - Data Privacy, BP Legal, BP Oil International Ltd on 19 January 2017 at its office in Canary Wharf, London
The third roundtable will be hosted by William Malcolm, Privacy Counsel, Google, on 23 March 2017 at its office in London.
Each group will be limited to 25 people to facilitate discussion in a relaxed atmosphere.
A summary will be prepared after each session by Privacy Laws & Business on a non-attributable basis for distribution to the group.
The programme is below but everyone who registers will be able to suggest amendments within the scope of each session to help ensure that the programme is closely aligned with your needs.
Please feel welcomed to e-mail firstname.lastname@example.org with
a) your offer to share your experience of what you are doing, or planning to do, on one or more of the points in the programme, and
b) your suggestions for amending the programme.
Each session qualifies for 3 CPD hours. Every Privacy Laws & Business event qualifies for accredited CPD hours for the purposes of the England and Wales Solicitors Regulation Authority’s requirements. Please quote AQJ/PLBU when applying for the points with the SRA.
The fee will be £200 + VAT per session with the option of signing up for all three sessions for £500 + VAT. Different people from your organisation may attend different sessions.
Register by e-mailing Glenn Daif-Burns, General Manager, Privacy Laws & Business, at email@example.com
An invoice will be sent to everyone who registers. You will need to pay in advance to attend these sessions.
Roundtable 1: Planning
BT, London, 23 November 2016
1. Data mapping
2. Constructing a plan to ensure consistency across your organisation and assessing the human and financial resources you need to achieve it, for example, defining the role of Data Protection Officer, agreeing where the role would fit in your organisation, and proposing a budget and timeline
3. Cultivating potential allies, for example, Chief Financial Officer, Head of Internal Audit, Chief Information Officer, Head of Information Security, Head of Risk
4. Gaining time and attention from your board/top management in terms appropriate for your corporate culture, for example, data breach management, risk of fines
5. Making your case to obtain and secure more resources from top management, for example, corporate and personal liability of directors, reputation management
Roundtable 2: Execution
BP, London, 19 January 2017
6. Reviewing and adapting privacy policies
7. Revising subject access request policy and procedures
8. Preparing and conducting Data Protection Impact Assessments
9. Adapting data retention policies
10. Location strategy for a data centre
Roundtable 3: Reviewing progress
Google, London, 23 March 2017
11. Adapting your policies and procedures with the help of other departments and external resources if necessary
12. Planning and conducting audits and reviewing results
13. Planning and conducting training and reviewing results
14. Keeping track of your project plan
15. You have reached your destination?