Conference Speakers

Stewart Allen
Senior Associate, Claro Partners, Spain

Stewart Allen is a consultant with the insight and strategy consultancy Claro Partners. He has worked on numerous projects including social media behaviour, consumer research and most recently the future of urban life and the city.

Previous to this he was a Postdoctoral researcher with the Max Planck Institute in Berlin, Germany. He received his Ph.D in 2013 from the University of Edinburgh in social anthropology.

Rafi Azim-Khan
Partner, Pillsbury, UK

Rafi Azim-Khan is Head of Data Privacy, Europe and Head of Marketing Law at Pillsbury Winthrop Shaw Pittman LLP. He has been listed in Chambers Global and UK Directories for his e-commerce expertise and was named one of the UK’s “digital dozen” e-commerce and data protection specialists by Legal 500’s Insider Guides. He is recognized as an expert by Who’s Who Legal: Data 2018. He has also been ranked as a leader in Chambers Directory for his IP and Marketing Law work every year since 1995, particularly for digital marketing, social media, the launch of new products internationally or entering new markets/countries and dealing with claims, competitors and regulators. On the data side, Rafi has advised clients, ranging from GE and GM through to Silicon Valley startups, on the full range of data protection, cyber-security and e-commerce issues, including the GDPR, BCRs and data transfers, Big Data use and e-Privacy Regulations. He has co-authored 5 books including Regulation of the Internet, the IPA’s Ad Law, The Encyclopaedia of E-Commerce Law, and E-Business: The Practical Guide.

Roger Baker
Managing Consultant, GDPR Implementation, Zephira, UK

Roger’s specialises in the hands-on practicalities of implementing Data Protection and GDPR compliance, its risk control framework, third parties and associated data management.

He combines business and IT skills as a change manager with global and national clients in financial services, oil and outsourcing, with the emphasis on practical regulatory compliance. He has spent the last 7 years with clients such as Shell, HSBC and Capita's Private Sector Division. A former advisor to UK House of Commons Select Committee on Science & Technology, he established the British Computer Society’s Financial Services Specialist Group, and has contributed to the Society’s publications. He is an active member of the Editorial Review Board of a Privacy Law Journal, ensuring the practicalities of IT are clearly understood by potential contributors.

Kabir Barday
Chief Executive, OneTrust, USA

Kabir is CEO of OneTrust, the leading technology company helping organizations globally operationalize data privacy compliance and Privacy by Design. Prior to OneTrust, Kabir was director of product management at AirWatch, where his work was awarded IAPP's most innovative privacy technology.

Colin Bennett
Professor, Department of Political Science, University of Victoria, Canada

Colin Bennett received his Bachelor's and Master's degrees from the University of Wales, and his Ph.D from the University of Illinois at Urbana-Champaign. Since 1986 he has taught in the Department of Political Science at the University of Victoria, where he is now Professor. He has enjoyed Visiting Professorships at Harvard’s Kennedy School of Government, the Center for the Study of Law and Society at University of California, Berkeley, the School of Law, University of New South Wales, the Law, Science, Technology and Society Centre at the Vrije Universiteit in Brussels and at the University of Toronto.

His research has focused on the comparative analysis of surveillance technologies and privacy protection policies at the domestic and international levels. In addition to numerous scholarly and newspaper articles, he has written or edited seven books, including “The Governance of Privacy” (MIT Press, 2006, with Charles Raab) and “The Privacy Advocates: Resisting the Spread of Surveillance” (MIT Press, 2008), and policy reports on privacy protection for Canadian and international agencies. He was co-investigator of a large Major Collaborative Research Initiative grant entitled “The New Transparency: Surveillance and Social Sorting” which culminated in the report: “Transparent Lives: Surveillance in Canada.” Through a new SSHRC Partnership Grant on “Big Data Surveillance”, he is currently researching the capture and use of personal data by political parties in Western democracies.

Henry Bennett
Head of Legal, Babylon Health, UK

Henry is Head of Legal at Babylon, a digital healthcare company. Henry’s practice area covers corporate, commercial, and data protection. Henry started his career at Slaughter and May and worked in the corporate and commercial team, and prior to that studied undergraduate law and a masters in law at the University of Cambridge.

Kamini Bharvada
Senior Data Privacy Counsel, Aviva Group and Privacy Eagle Ltd, UK

Kamini provides broad global data protection / GDPR consultancy services to several clients and is currently working as Senior Data Privacy Legal Counsel at the Aviva Group advising on all aspects of GDPR implementation from a practical, operational and legal perspective. Kamini’s other current clients include Genpact (where she advises on "go to market" projects involving provision of GDPR related services) and Reuters (where she writes data privacy related precedents/articles for Practical Law).

Previously Kamini worked for Accenture for 10 years as European Data Privacy Counsel where she was heavily involved in the re-structuring of Accenture’s global Data Privacy Officer network as well as other projects including negotiation of complex contracts, advising on innovative technology programs and carrying out privacy impact assessments on the latest technological products and services utilising internet of things, big data and analytics. Before Accenture, she was at Morgan Stanley and Faegre Baker Daniels.

Kamini holds a European Law degree and IAPP specialised data privacy qualifications (CIPP/E; CIPP/US; CIPM; CIPT) and is a past board member of the IAPP Education Advisory Board.

John Bowman
Senior Principal, Promontory, UK

John is a Senior Principal in Promontory's privacy and data protection team. John advises clients on all aspects of compliance with data protection laws and regulations. He is a specialist on the European Union’s General Data Protection Regulation (GDPR). Prior to joining Promontory, John worked at the U.K. Ministry of Justice where he was the government’s lead negotiator on the GDPR. This work involved leading the U.K. delegation to the Council of the European Union’s DAPIX expert working group in Brussels, developing the government’s policy position on the GDPR, engaging with a wide range of stakeholders and advocates, and regularly briefing ministers.

John also represented the U.K. at the European Commission's Article 31 Committee, which is responsible for determining the adequacy of non-EU data-protection regimes. He earlier represented the U.K. government in negotiations on reviewing The Hague Conventions on International Child Abduction and led the government’s outreach to domestic Muslim communities on issues related to family law. John also carried out a comprehensive review of the U.K.’s claims management regulatory regime for the Ministry of Justice. John is a regular speaker on data protection matters and has had articles published by Privacy Laws and Business, Bloomberg BNA, IAPP and the European Data Protection Law Review.

Oliver Butler
Fellow by Special Election in Law, Wadham College, University of Oxford, UK

Oliver Butler is a Fellow of Wadham College, Oxford, and an Associate Research Fellow at the Bonavero Institute of Human Rights at the University of Oxford. His research interests are in information law, particularly privacy, data protection and confidentiality. His current research considers whether there are convincing justifications for regulating public authorities differently from private actors in relation to the regulation of information. He is finalising a PhD thesis on the history of the public-private divide in UK information law and his teaching interests are in constitutional and administrative law.

Oliver previously worked as a research assistant at the Law Commission on the Data Sharing Between Public Bodies Project and completed his BA in law at Emmanuel College, Cambridge, BCL at Lincoln College, Oxford and LLM at Harvard Law School.

David Cole
Managing Director and Founder, fastmap, UK

David’s 25 years’ experience in marketing includes launching the UK’s first ever newspaper reader panel and an influential period as Head of Database Marketing at The Telegraph Group. He founded fastmap in 2006 and is regularly in demand to speak at events around the world about the importance of consent as a marketing issue, as well as a legal requirement.

Peter Church
Counsel, Linklaters, UK

Peter’s practice encompasses a wide range of areas in which technology interfaces with the law including data privacy, e-commerce regulation and technology contracts. He has spent time on secondment at a number of global technology and communications companies.

He is editor of “Data Protected”, a review of data protection laws across 52 jurisdictions around the world.


Gail Crawford
Partner, Latham & Watkins, UK

Gail Crawford is a partner in the London office and Chair of the Data Privacy Committee and Co-chair of the Technology Transactions Group and the Internet and Digital Media Industry Group. Her practice focuses primarily on technology, intellectual property and commercial law and includes technology and Intellectual Property licensing agreements, joint ventures, technology procurement, outsourcing and advising on data protection, e-commerce and consumer protection legislation.

Ms. Crawford is an editor of the Latham & Watkins Global Privacy & Security Compliance Law Blog ( and has contributed to a number of publications and conferences in the area of data privacy and security.

Ms. Crawford has previously spent time working in-house on secondment to Diageo where she created the information technology and outsourcing legal function and was the legal lead on the project to transform and outsource Diageo’s finance and accounting processes on the back of the company’s SAP roll-out in more than 45 countries. She has also worked on secondment with the information technology and operations function of the Lloyds Banking Group.

Ms. Crawford is ranked as a notable practitioner for Information Technology and Data Protection by Chambers UK 2015. She is also recommended for Data Protection by The Legal 500 UK 2014 and is listed in the "Up and Coming" category for Intellectual Property by Chambers UK 2012.

Richard Cumbley
Partner, Linklaters, UK

Richard is Global Head of Linklaters’ TMT practice and has advised clients on privacy related issues for more than 20 years. He has worked on privacy projects across the globe including major data security incidents, large scale privacy litigation, appearances before regulators, contentious and large scale subject access issues, the privacy implications of new technology, online monitoring techniques (including by governments), cloud computing and “big data”.

He has recently led teams advising Thomson Reuters, BlackRock, RBS, Hewlett Packard, News International, Disney, Live Nation, UBS, KPMG, Hyatt Hotels, AstraZeneca, Sainsburys, Deloitte and the administrators of Lehmans on domestic and international data protection and information governance projects.

He is a past member of the IAPP editorial board, currently sits on Tech UK’s data advisory group and is a member of the ICC’s digital economy committee. He is listed by Chambers and Partners and Legal 500 as in the first rank of privacy and cybersecurity advisors in the UK.

Willem Debeuckelaere
Commissioner, Belgium Data Protection Authority;
Vice-Chair, European Data Protection Board, Brussels

Willem Debeuckelaere is law graduate of the University of Ghent, Belgium. He worked as a lawyer from 1977 till 1995 and was President of the Human Rights League from 1982 to 1989. He published on legal aid, constitutional and administrative law, privacy and data protection. He was Head of the Cabinet of the Belgian Minister of the Interior from 1995 till 1998. He was first nominated Judge of the Tribunal of first instance and subsequently, in 2002, counsellor of the Ghent Court of Appeal. He was Vice-President of the Belgian Commission for the Protection of Privacy from 2004 till March 2007. He has been President of this Commission since April 2007 till May 2018. He is also President of the Vlaamse Toezichtcommissie since 2010 and Vice-President of the Art. 29 Working Party since 2016.

Asi DeGani
Digital Learning Manager, Group, Kingfisher, UK

Asi leads the digital learning function in the Kingfisher group. The group has more than 78 thousand employees and 6 million customers and is currently delivering a five year transformation plan announced in January 2016. Learning is at the heart of the plan.

Asi is an accomplished organisational learning visionary. He started his career in pre-internet days and has contributed to, and influenced, the continual growth of technology-enhanced learning with both in-house and vendor roles.

Passionate about the learning industry as a whole, Asi is one of the founding trustees of the Learn Appeal charity (the e-learning industry charity).

Stewart Dresner
Chief Executive, Privacy Laws & Business, UK

Stewart Dresner graduated from the University of Lancaster in politics and marketing in 1973. He has written and researched extensively on data protection/privacy and freedom of information since 1975, when he initiated a research project on this subject at the UK Consumers Association. His research in the USA and Canada in 1976 enabled him to prepare a submission to the UK government-sponsored Lindop Committee, and write “Open Government: Lessons from America”, published in 1980.

He then joined Business International as a business journalist where he wrote on privacy laws for its publications and organised data protection law conferences in Spain, Italy, Belgium, Portugal and the United Kingdom. The company became a subsidiary of The Economist and he wrote its report on the first prosecution under the UK’s Data Protection Act 1984.

When The Economist rejected Stewart’s proposal for an international data protection law newsletter, he established Privacy Laws & Business in 1987. Its first service was the International Newsletter which has now developed into the PL&B International Report which has become the hub of a comprehensive global information service reporting on 125+ countries with data protection legislation and proposed legislation. PL&B’s services include consulting, conferences, roundtables, training, recruitment, the UK Report (which also covers the Freedom of Information Act), advice to companies and policy makers, and the Privacy Officers Network.

Stewart was a founder and first Chairman of the UK's Data Protection Forum. He has spoken on data protection/privacy law at many international conferences. The Privacy Laws & Business website, provides details of the firm’s services and useful links to privacy information worldwide.

David Erdos
University Lecturer in Law and the Open Society, WYNG Fellow in Law
Trinity Hall, University of Cambridge, UK

Dr David Erdos is University Senior Lecturer in Law and the Open Society and Deputy Director of the Centre for Intellectual Property and Information Law in the Faculty of Law at Cambridge. He is also WYNG Fellow in Law at Trinity Hall. David's current research focuses on data protection especially as it interacts with freedom of expression and freedom of the arts and sciences. Drawing on his background in both law and political science, much of his work has engaged in systematic comparative analysis of different legal jurisdictions blending qualitative, quantitative and doctrinal analysis.


Bruno Gencarelli
Head of the International Data Transfers and Protection Unit
European Commission, Brussels

Bruno Gencarelli is the Head of the Data Protection Unit (DPU) within the European Commission (DG Justice and Consumers). The unit is responsible for all aspects of the Commission's policies and activities in the area of data protection: negotiation, adoption and implementation of the reform of EU data protection legislation, addressing data protection issues at international level (including through the negotiation of international agreements and the adoption of adequacy decisions), monitoring the application by Member States of EU data protection legislation, ensuring the secretariat of the Article 29 Working Party, etc. He is one of the lead negotiators of the EU-US Umbrella Agreement and of the Privacy Shield.

He previously served as a Member of the Commission's Legal Service and as an assistant (référendaire) to a judge at the European Court of Justice after having practiced law in the private sector. He holds degrees in law and political science. He is an Associate Professor in EU Competition Law at Sciences Po Paris.

Graham Greenleaf
Professor of Law & Information Systems, University of New South Wales, Australia

Professor Graham Greenleaf AM is Asia-Pacific Editor of PL&B’s International Report (since 2007), a regular contributor to it, and a speaker at PL&B's International Conference in Cambridge in 1991, 2005, 2007, 2011 and 2015. He has provided periodic full day or half day Seminars for PPL&B on Asian Data Privacy Laws since 2007.

Graham is a research Professor of Law & Information Systems at UNSW Australia. He is Senior Researcher and Founding Co-Director of the Australasian Legal information Institute (AustLII). In 2010 he was made a Member of the Order of Australia (AM) for his contributions to both free access to legal information and privacy protection. Since the 1970s his involvement in privacy policy and research has involved Australian DPAs (as an official and as consultant), the Australian Privacy Foundation (as a co-founder and Board Member 1987-2017), the Asian Privacy Scholars Network (as founder, 2010) and Privacy Law & Policy Reporter (founder and editor 1994-2006). He has provided consultancy advice to the European Commission on data privacy laws in seven countries in the Asia-Pacific. His most recent book is “Asian Data Privacy Laws: Trade and Human Rights Perspectives” (OUP, 2014).


Dyann Heward-Mills
Founder and CEO, HewardMills, UK

Dyann Heward-Mills founded HewardMills in March 2018 to provide companies with DPO support. Prior to this, Dyann was a Partner at Baker Mckenzie leading the Data Protection and Cyber Security practice group in London. She advised on a range of information law matters including data breach management, Binding Corporate Rules (BCR), Anti-Money Laundering compliance, data protection audits, cloud computing and regulatory approvals.

Dyann’s career includes Senior Privacy Counsel for GE Capital, providing global support and advice on privacy and data protection matters and at Linklaters, where, as the senior privacy and communications lawyer, she had global responsibility for data protection compliance, successfully securing BCR (the first for a law firm).

Maria Holmström Mellberg
Founder and Legal Advisor, Mellberg Advisory, Sweden

Maria Holmström Mellberg founded Mellberg Advisory in April 2018. Previously she worked at Nordea Group. Since 2015, she was in charge of the Group-wide project to implement the upcoming General Data Protection Regulation (GDPR) including the enhancement of Nordea Group’s overall privacy approach.

Before that Maria was Nordea’s Group Regulatory Coordinator for the regulatory compliance and operational risk areas and before that held various positions in Compliance and Operational Risk Management. She has broad financial industry business experience. She holds an LL.M. from Uppsala University.

Maria is active in public and regulatory affairs related work around digital, data and cyber and represents Nordea in external, national and European bodies. She is an active Board Member of the Swedish Data Protection Forum, and an external speaker and trainer at the DP Academy.

Nigel Houlden
Head of Technology, ICO, UK

Nigel Houlden is the Head of Technology Policy for the ICO. He has spent over 30 years in technology, working in various sectors: NHS, Local Government and industry. Before joining the ICO he was a senior lecturer in computing at Glyndwr University. His PhD is in the optimization and pseudo optimization of routing algorithms.

Nigel is passionate about technology, how it is used and how it can change lives. He is a member of the British Computer Society (BCS) and has held Chartered IT Professional status for 15 years. Dr Nigel Houlden PhD, BSc, MBCS, CITP

Philippe Jeanmart
Technical, Quality and Risk Senior Vice President (and co-author of the technical standard), Bureau Veritas, France

Philippe Jeanmart graduated as a Mechanical Engineer from Ecole Centrale de Paris (France 1981) and holds an Executive MBA from ICG (France 1994).

He started his career in 1982 in the aluminium and metallurgy industry for Pechiney as Project Manager and X-ray laboratory manager. In 1987 he joined Bureau Veritas as Head of the jet engine department within the Aeronautic Division, then as Department Manager for new constructions in 1991. In 1993, he was in charge of risks and safety activities at national level in the Industry Division. From 1997 to 2001 He became Technical Director of the Aeronautic & Space division. From 1993 to 2001 he was part time lead auditor within the automotive and aerospace scope for Bureau Veritas Certification for 8 years. After 3 years as Senior Business Engineer, in 2005 he became Deputy Technical Director France Zone. In 2007, he became Director of the In-Service Inspection & Verification Business Line in France and at Group level.

From June 2009 to December 2012 Philippe Jeanmart was appointed as Technical, Quality and Risk Management Director of the France Zone within the Industry & Facilities Division, at Vice President Level. From January 2013 Philippe Jeanmart has been appointed as Technical, Quality and Risk Management Director within the Industry & Facilities Division worldwide, at Senior Vice President Level. Since July 2016 he has held the post of President and Managing Director of Bureau Veritas Certification Holding. He is in charge of all accreditations and Licenses to Operate on a worldwide perspective and is in charge of specific technical development and support including GDPR and cybersecurity.


Anna Johnston
Director, Salinger Privacy, Australia

Anna Johnston is one of Australia’s most respected experts in privacy law and practice.
After serving as Deputy Privacy Commissioner for NSW, Anna founded Salinger Privacy in 2004 to offer specialist privacy training and consulting services. Salinger Privacy provides pragmatic advice on managing privacy risks to our clients, including businesses and government agencies engaged in data linkage and data analytics projects. Salinger Privacy also offers a range of publications including the free Privacy Officer’s Handbook, template policies and procedures, checklists and eBooks. In everything we do, we aim to demystify privacy law, and offer pragmatic solutions – to help our clients ensure their regulatory compliance, and maintain the trust of their customers.

Anna’s pro bono roles have included serving as Chair of the Australian Privacy Foundation, an advisor to the Australian Law Reform Commission, a Board Member of iappANZ, and various editorial roles for privacy journals. She is currently an Advisory Board Member for the EU’s STAR project, to develop training on behalf of European Data Protection Authorities.

Anna writes the influential Salinger Privacy blog, and tweets at @SalingerPrivacy. Anna holds a first class honours degree in Law, a Masters of Public Policy with honours, a Graduate Certificate in Management, a Graduate Diploma of Legal Practice, and a Bachelor of Arts.
She was admitted as a Solicitor of the Supreme Court of NSW in 1996. However since she no longer practices as a solicitor, she won’t mind your lawyer jokes at all.


Judith Jones
Group Manager, Central Government Team,ICO, UK

Judith Jones is Group Manager for central government engagement in the Parliament and Government Affairs Department at the Information Commissioner’s Office. She is responsible for managing the ICO’s strategic relationships with government departments and their arm’s length bodies. The main focus of her work over the last year has been coordinating the ICO’s engagement with government on the Data Protection Act 2018.

Her current priority is working with government departments on the implementation of the new data protection reforms and ensuring information rights and privacy safeguards are fully considered in the government’s delivery of better use of data as allowed by the Digital Economy Act 2017. She represents the ICO as an observer on the Cabinet Office’s Privacy and Consumer Advisory Group.

Prior to joining the ICO in 2007, Judith was a Senior Policy Adviser at the Department of Trade and Industry and previously at the Cabinet Office and Department for Education and Employment.

Mark Keddie
Global Data Protection Officer, Dentsu Aegis Network, UK

Mark Keddie is the Global Data Protection Officer for Dentsu Aegis Network. With operations in over 145 countries Mark has overall responsibility for Dentsu Aegis Network’s global data privacy strategy and compliance programme.

Mark has been active in privacy since developing a professional interest as a Chartered Marketer working in the global energy sector. In his capacity for managing relationships with regulatory authorities and professional bodies, he has held Chair positions in industry privacy groups including the American Petroleum Institute, the European Privacy Officers’ Network and was a founding member of the European Privacy Officers’ Forum. He is currently a member of the IAPP European Advisory Board.

Mark has spoken at a wide variety of external events in Europe and America and has also contributed to in-house and external publications. His interest in privacy has allowed Mark to develop wider professional experience in ethics and compliance governance including fraud and anti-bribery & corruption.

In addition to an MSc, Mark holds various academic and professional qualifications including privacy, IT and fraud investigation. His outside interests include ultra-running.

Lars Kjolbye
Partner, Latham & Watkins, Belgium

Lars Kjølbye is a partner in Latham & Watkins' Brussels office. He focuses his practice on complex cases in all areas of EU competition law, including abuse of dominance, restrictive practices, merger control, and state aid. He has advised clients on a number of landmark matters in recent years including Microsoft’s acquisition of LinkedIn. Mr. Kjølbye has extensive experience in a wide range of industries, including consumer products, electronics and software, energy, pharmaceuticals, telecommunications, and transport.

Prior to private practice, Mr. Kjølbye spent ten years at the European Commission's (EC) Competition Directorate General where he held several prominent positions. As head of the Energy and Environment Unit he led the completion of the energy sector inquiry and prosecuted several major abuse of dominance cases, including the first EU case involving market manipulation. He was also involved in drafting Regulation 1/2003, which established a new procedural framework for applying Articles 101 and 102 TFEU and the accompanying guidelines and notices. Mr. Kjølbye also served as a référendaire at the European Court of Justice.

Georgina Kon
Partner, Linklaters, UK

Georgie regularly advises household names in a wide range of sectors on all aspects of information governance and privacy.

She is a key member of Linklaters’ Global Data Protection Working Group and has advised extensively on recent developments, including GDPR and Brexit.

Leena Kuusniemi
Senior Legal Counsel, Leegal, Finland

Leena Kuusniemi is an experienced Legal Adviser for technology companies. Before founding Leegal Oy in Finland, she has worked in legal departments of Rovio Entertainment (Senior Legal Counsel in Finland HQ) and Nokia Corporation (Director Legal&IP in Finland HQ, Vancouver, Copenhagen) supporting strategic technology licensing, mobile advertising and global regulatory and privacy matters.
Leena is a member of several industry working groups including online industry GDPR task-force that she co-founded with Rovio CTO, and Unicef working group (Children’s rights in online services).

In addition, she is a member of Helsinki University Legal Tech Lab advisory board, Finnish IT Law Association and IAPP. She is Special Adviser for the Digital and Technology unit for Fipra Network (Brussels) and has also participated in several EU Commission working groups related to technology industry initiatives.

Leena has lectured widely in conferences and training programmes such as Finnish Internet Forum, IIC, Nordic Privacy Arena, IAPP, Nordic Game Conference and she is a permanent lecturer in Data Protection Officer certification programs organised by the University of Maastricht’s European Centre on Privacy and Cybersecurity.

Leena has a legal qualification degree from University of Helsinki and LL.M. (Law and Information Technology) from the University of Stockholm.

Paul Lavery
Partner, McCann FitzGerald, Ireland

Paul is a partner and the head of the Technology & Innovation Group in McCann FitzGerald and advises on a wide range of data protection, data security, information technology, outsourcing and confidentiality issues. He writes and lectures widely on these and other topics.
Paul is the author of “Commercial Secrets: The Action for Breach of Confidence in Ireland”. The book has been quoted with approval in judgments of the Irish High Court and Supreme Court.

Paul has provided specialist advice in the complex and evolving area of privacy and data protection law for over 21 years and is considered an expert in the field in Ireland. He advises clients on all aspects of data privacy compliance, including appropriate notices and policies, records of processing activities, the legal basis for processing, access requests, marketing obligations, international data transfers and appropriate processing exemptions. He has also been involved in a number of “market firsts” in Ireland including the first case in Ireland on the meaning of personal data, the first case in Ireland on processing causing distress and the first set of Binding Corporate Rules to be approved with the Irish Data Protection Commissioner as lead regulator.

Paul is also advising a number of clients on their preparation for and on-going compliance with the General Data Protection Regulation and the Irish Data Protection Act 2018.

Paul’s clients in the area of privacy and data protection include public and private sector bodies including government departments, state agencies, semi-state companies, leading IT companies, telecommunication service providers, financial institutions, professional bodies, pharmaceutical and insurance companies.

James Leaton Gray
Director, Deloitte and The Privacy Practice, UK

James is a Director in the Deloitte privacy group where he provides bespoke consultancy services in Data Protection and Privacy for a variety of companies and sectors. These range from financial services and retail, through to media and digital services. James specialises in privacy implementation advice, GDPR readiness reviews and strategic data policy guidance. He also designs integrated privacy programmes, for example for the BBC’s personalisation and big data capability. He is well known as a leading thinker and trainer in this space and as an in demand speaker at privacy conferences both in the UK and internationally.

James also works as the lead director at The Privacy Practice and Lead Privacy Consultant at Kemp Little LLP. Before joining Deloitte he headed the BBC’s Information Policy and Compliance Department for over 10 years. There he oversaw the corporation’s systems for compliance with the Data Protection and Freedom of Information Acts. Before that he worked on a variety of policy and management roles in the BBC following a career in current affairs and political programmes production.

Laura Linkomies
Editor, Privacy Laws & Business Reports, UK

Laura Linkomies is Editor of Privacy Laws & Business International and UK Reports, and PL&B e-news service. Laura oversees the whole editorial process from researching, commissioning and managing freelancers to writing about a wide range of legislative and management issues within privacy, data protection and freedom of information. She also assists in conference planning and public relations, and provides secretariat services for the PL&B European Privacy Officers’ Network.
Laura first joined PL&B as Associate Editor for the International Report in 1997 and launched the UK Report in 2000. Before joining PL&B, she worked at the UK Information Commissioner's Office as a European Secretariat Officer facilitating co-operation with European Union national Data Protection Commissioners. Laura has also worked as freelance business content writer for Sweet & Maxwell, and written for several publications in Finland.
Laura holds a Masters degree in Political Science and Journalism from the University of Tampere, Finland, and an Advanced Certificate in Marketing from the Chartered Institute of Marketing. She is fluent in English and Finnish, and has a working knowledge of Swedish, Italian and German.

Diana Lopez
Country Privacy Advisor, UK/Ireland, GSK, UK

Diana has over 8 years’ experience in data privacy in global and in-country roles across a range of FTSE 100 companies, including Unilever and BP. She is currently GSK’s UK & Ireland Country Privacy Advisor tasked with driving the privacy agenda at the heart of all business operations in these two markets. Her current role includes providing advice to senior business stakeholders on privacy issues, having strategic oversight of complexities between global and local processes, and collaborating with compliance teams to ensure the right controls are in place.

Diana has privacy experience across a range of business functions, from global marketing to HR. Most recently she co-led the development of Unilever’s GDPR plan.

Simon McDougall
Managing Director, Promontory, UK

Simon McDougall is a Managing Director in Promontory’s London office, and leads Promontory’s global privacy and data protection practice. He is a Chartered Accountant and until 2010, led Deloitte’s UK Privacy & Data Protection and Payments Regulation teams.
He specialises in privacy and data protection, information governance and regulatory investigations.

Simon has led engagements with some of the world’s largest financial institutions, technology firms, retailers and life sciences firms. He has developed rationalised privacy risk management models, built enterprise-wide privacy programs and managed in-depth data protection audits. He spent six months seconded as the Head of Privacy and Records Management for the retail half of a large international bank.

Simon serves on the IAPP Board of Directors and the IAPP European Advisory Board. He has previously served on the UK Data Protection Forum executive, the BSI Data Protection Editorial Board, the DataGuidance Panel of Experts, the President of the Law Society’s Surveillance Working Group, and a range of other consultative and advisory groups. He was the co-author of a paper to the Leveson Inquiry, addressing privacy and press regulation.

Peter F. McLaughlin
Partner, Burns & Levinson LLP, USA

After having been Assistant GC (Privacy & Security) and the global privacy officer for a multinational as far back as 2005, Peter McLaughlin advises clients with respect to a broad range of technology transactions, privacy and security issues. These predominantly touch:
1) the domestic and international handling of personal data; 2) the development and assessment of legally defensible cybersecurity programs, and post-incident responses with management of forensic teams; and 3) innovative uses of information and technology, such as digital health and life sciences, wearables, electronic marketing, Internet of Things, cloud services, autonomous vehicles, facial recognition, and analytics. He represents clients across industry sectors with respect to rules governing personal information; responding to regulators from the Federal Trade Commission, the U.S. Department of Health and Human Services and state attorneys general; and supporting post-enforcement compliance obligations.
Mr. McLaughlin is a graduate of Columbia University, Georgetown University Law, and is a frequent contributor and speaker.

Richard Merrygold
Director of Group Data Protection, HomeServe, UK

An experienced Data Protection practitioner, Richard has spent the last 9 years working across healthcare, pharmaceutical, technology and financial service sectors. A firm believer in engaging on an operational level in addition to key stakeholders in Compliance and Legal he takes pride in building sustainable privacy frameworks, providing real world, workable solutions to a wide range of privacy related challenges.
Richard is currently responsible for privacy compliance across the UK and European businesses covering operations in the UK, France, Italy and Spain, focusing on developing and implementing a group-wide privacy framework in preparation for the General Data Protection Regulation.

Christopher Millard
Professor of Privacy and Information Law, Queen Mary, University of London, UK

Christopher Millard is Professor of Privacy and Information Law and head of the Cloud Legal Project in the Centre for Commercial Law Studies, Queen Mary University of London. He is also a Research Associate at the Oxford Internet Institute and is Of Counsel to the law firm Bristows. He has over 30 years’ experience in technology law, both in academia and legal practice.

His first book, “Legal Protection of Computer Programs and Data” (Sweet & Maxwell, 1985), was one of the earliest international comparative law works in the field and he has since published widely on legal and regulatory issues relating to information technology, communications, privacy, e-commerce, and Internet law. Since 2008 his main research focus has been cloud computing. He is co-author of “Cloud Computing Law” (Oxford University Press, 2013) and is a founding editor of the “International Journal of Law and IT” and of “International Data Privacy Law”.

Christopher is a Fellow and former Chairman of the Society for Computers & Law, a Fellow of the Royal Society of Arts, a past-President of the International Federation of Computer Law Associations, and a past-Chair of the Technology Law Committee of the International Bar Association. He was a member of the OECD’s Steering Group on Contractual Solutions for Transborder Data Flows (2000-01) and since 2002 he has been a member of the International Chamber of Commerce’s Task Force on Privacy and Personal Data Protection.
Before he joined Bristows in 2008, Christopher was head of the global privacy practice at Linklaters and prior to that he was a partner at Clifford Chance. He has twice been designated Internet and eCommerce Lawyer of the Year by the International Who's Who of Business Lawyers.

Karolina Mojzesowicz
Deputy Head, Data Protection Unit,European Commission,Brussels

Karolina Mojzesowicz is the Deputy Head of Unit of the unit responsible for data protection at the European Commission (DG Justice and Consumers). She was one of the Commission's representatives in the inter-institutional negotiations with Parliament and Council on the General Data Protection Regulation (GDPR). She is now responsible for its implementation in the EU. Mrs Mojzesowicz previously served as a member of the European Commission's Legal Service, focusing on EU Competition law and International Trade law. In that capacity, she represented the Commission in numerous cases before the European Courts and before the WTO panels and Appellate Body. Mrs Mojzesowicz studied law in Poland, the Netherlands and Germany where she obtained her PhD in 2001.

Jade Nester
Senior Policy Manager, GSMA, UK

Jade Nester is a Senior Policy Manager at the GSMA, a trade association representing the interests of mobile network operators worldwide. Previously, she was at Promontory, where she advised clients on compliance with privacy and data protection laws and regulations.
Between 2006 and 2014, Jade held a number of roles within the U.S. government, including Senior Advisor for Internet Policy at the National Telecommunications and Information Administration (NTIA) within the Commerce Department and Director, Internet Policy at the State Department.

During the Obama Administration, Jade co-chaired a White House National Science and Technology Council working group responsible for U.S. policy on commercial cross-border privacy issues, including U.S. views on the GDPR. She also participated in the U.S.-EU Safe Harbor Consultation. In 2010, Jade served as the head of the U.S. delegation to the OECD Working Party on Information Security and Privacy.

In addition to global privacy frameworks, Jade has deep knowledge of issues related to Internet intermediary liability, copyright, cybersecurity, and Internet governance. She holds the CIPP/E/G and CIPM certifications, and is a Certified Information Systems Security Professional (CISSP).

Thomas Otter
Global Vice President Product Management, SAP, Germany

Thomas is currently on an academic sabbatical from SAP, working on a PhD about enterprise software and compliance at the Karlsruhe Institute of Technology in Germany. Prior to this, Thomas co-led the global product management team at SAP SuccessFactors, the largest human resource management cloud business by revenue and market share globally. Thomas joined SuccessFactors in 2013 to direct the product strategy for the Core HR system Employee Central, which, under his leadership, became the market’s fastest growing cloud-based Core HR solution. Prior to joining SAP SuccessFactors, Thomas was with Gartner in senior research roles covering the HR and IT industry.

Thomas grew up in South Africa, has worked in the US and the UK, and now lives in Heidelberg, Germany. He holds an LLM in Computer Law, a PDM in HR Management and a BA (Hons) in Political Science.

Ellis Parry
Global Privacy Lead, BP, UK

Ellis Parry started his career as a solicitor in private practice, after gaining his MBA, before joining AstraZeneca pharmaceuticals in 2001 as a specialist IT lawyer. Parry became AstraZeneca's Global Privacy Officer in 2005, leaving to join BP as its Global Lead for Data Privacy in 2010.
At BP Parry is responsible for designing BP's global data privacy governance strategy, including GDPR change activities and the maintenance of BP's Binding Corporate Rules. Parry is a contributing author to Sweet & Maxwell’s “Data Protection Law and Practice” 4th ed and the 2017 companion “Guide to the General Data Protection Regulation” 1st ed.

Andelka Phillips
Ussher Assistant Professor in Information Technology Law
Trinity College Dublin, The University of Dublin, Ireland

Dr Andelka M. Phillips is the Ussher Assistant Professor in Information Technology Law in the Law School at Trinity College Dublin, where she is also the convenor of the Technology, Law and Society Research Group. She is also a Research Associate with the University of Oxford’s Centre for Health, Law and Emerging Technologies (HeLEX) Centre.

Her recent research has focused on the regulation of direct-to-consumer genetic tests and she is currently working on a book, entitled “Buying Your Self on the Internet: Wrap Contracts and Personal Genomics” to be published by Edinburgh University Press as part of its Future Law series. She is also co-editing with Professor Jonathan Herring and Dr Thana Campos “Philosophical Foundations of Medical Law”, which will be published as part of Oxford University Press' Philosophical Foundations of Law series.

Her research interests lie in the areas of Information Technology Law and Medical and Health Law. She is engaged in research on wide range of topics, but she is particularly interested in the societal impact of new and emerging technologies, as well as governance of future spaces, such as developments in Artificial Intelligence and Internet of Things (especially wearable technology).

Giles Pratt
Partner, Freshfields Bruckhaus Deringer, UK

Giles is a partner in Freshfields’ IP/IT group. He specialises in IP and data privacy laws and leads Freshfields’ London data practice, advising on the full range of legal issues relating to data, including IP protection, data privacy and cybersecurity matters, particularly in the context of deals, crises, investigations and new data uses and analytics.
Giles co-heads, and is a regular contributor to, the Freshfields Digital initiative, and regularly advises on data issues in the context of new technologies, such as connected cars, Industrial Internet of Things and new data analytics tools.
Giles is ranked in Chambers ("He is commercially astute, has an excellent knowledge of the law and very good judgement", "Clients appreciate the clarity, intellectual rigour and enthusiastic work ethic he brings to his instructions"), Legal 500 ("responsive and commercially astute"), in the Managing IP Handbook (“In terms of leading individuals…[one client] described...Giles Pratt as ‘very responsive’, adding: ‘He’s always thinking of all the angles rather than just the black letter of the law’”).


Florence Raynal
Head, European and International Affairs Department, CNIL, France

Florence Raynal began her career in 2000 within the Law Firm Donahue & Partners LLP in New York, where she participated for 3 years in international projects on privacy and labour laws. When coming back to France, she worked as Senior Manager at Ernst & Young Law Firm for 4 years where she advised on privacy matters at both national and European level.
She was internally appointed Data Protection Officer (Correspondant Informatique et Libertés) of Ernst & Young France and coordinated the firm’s privacy compliance for the 26 countries of the Continental Western European Area. In 2008, she was appointed Head of the International and European Affairs Department of the CNIL.

She has assisted the former CNIL Chair Mr. Alex Türk and current Chair Ms. Isabelle Falque- Pierrotin in their chairmanship of the Article 29 Working Party. In that regard, she has been dealing with the management of the WP29’s plenary and external representation, which also involves participating in defining the WP29’s position on all implicated subjects.

Florence has aided the CNIL’s International Affairs Commissioner on related matters. The International and European Affairs Department of the CNIL is in charge of developing and improving transfers mechanisms such as: the Standard Contractual Clauses, the US Safe Harbor, country adequacy assessments and Binding Corporate Rules. Florence has been particularly involved in the development of the European BCR referential adopted by the WP29; as well as, in its promotion, instruction and the WP29’s implementation of the coordination procedure. In addition, she initiated discussions with other regional cooperation systems such as the APEC privacy working group and the French speaking data protection authorities network (AFAPDP) with the idea to build a bridge between BCRs and other existing tools such as APEC Cross Border Privacy Rules.

Leading the International department has implied the participation in all reforms on international regulations. This includes participating actively in the on-going reform of the EU framework, the modernisation of the Convention 108, the revision of the OECD privacy guidelines and the evolution of the International Conference of Privacy Commissioners. The International Department ensures that the CNIL is well represented in all international fora dealing with privacy, and is aware of international key privacy activities as well as collaborating closely with its global counterparts.

Andrea Reiner
Senior Counsel, Arm Limited, UK

Andrea Reiner is Senior Counsel at Arm Limited. She advises on the data protection for Arm’s IOT group, which is building cloud-based device management service for creating and deploying low-power, connected and secure IoT devices at scale.

Andrea originally qualified in New York and Massachusetts, and is also a Solicitor in England and Wales. Andrea has a longstanding interest in privacy issues and does her best to keep up with developments in the US and UK.

Jatinder Singh
EPSRC Research Fellow, Computer Laboratory, University of Cambridge, UK

Dr Jat Singh is an EPSRC Research Fellow at the Department of Computer Science & Technology, University of Cambridge. His focus is the intersection of technology and law/regulation, considering issues such as security, privacy, transparency and accountability as it relates to emerging technology. He leads the newly formed “Compliant and Accountable Systems” research group at Cambridge, and is a member of the Microsoft Cloud Computing Research Centre, a tech-legal collaboration with the Law School at Queen Mary, University of London.

Jat is also active in the tech-policy space, serving on the UK’s Financial Conduct Authority’s Advisory Council on Analytics, and for several years on the Secretariat of the E-Infrastructure Leadership Council, UK Government. He holds a PhD from the University of Cambridge, has several years of commercial software engineering and technical consulting experience in the judicial and healthcare domains, as well as some training in law.

David Smith
Special Advisor, Allen & Overy, UK

David retired from his role as Deputy Data Protection Commissioner in November 2015 and joined A&O as special adviser on data protection on 1 January 2016.

David was instrumental in shaping the UK position on the General Data Protection Regulation. He was widely quoted giving the ICO view on regulatory developments – e.g. Safe harbour and the Google decision on the right to be forgotten. He also represented the ICO in the Article 29 Working Party of European Supervisory Authorities set up under the Data Protection Directive. The Article 29 Working Party is a highly influential group of national regulators across Europe who issue opinions on compliance. David was also involved at the highest level of the ICO’s enforcement regime.

His wealth of experience and knowledge of data protection policy and enforcement bolsters Allen & Overy’s existing data protection team in London at a time of significant regulatory change and growing client demand for advice and support in this fast moving area. During his time as Deputy Commissioner, David saw first-hand how this area of law has evolved and the impact it can have on businesses and ordinary citizens.

Myria Solorzano
Senior Associate, Claro Partners, Spain

Myria is a strategic designer with a background in information design. Her educational and professional experience has shown her the value of visual representation of complex systems as a tool to understand and generate solutions.

She leads the development and delivery of the Global Service Jam in Barcelona. At Claro, she helps clients from different industries improve their design thinking capabilities.

Elisabeth Stafford
Senior Policy Advisor - EU Data Protection,
Department for Digital, Culture, Media and Sport, UK

Elisabeth Stafford is Head of EU Data Flows at the Department for Digital, Culture, Media, and Sport (DCMS). She has led the negotiating team for the UK in the reform of the ePrivacy Directive and the recast of Regulation 45/2001, setting data protection rules for the EU institutions. Previously, she was one of the negotiators on the GDPR and the Law Enforcement Directive for both the UK, and for the European Commission. She has also worked in private office in the Ministry of Justice, leading on human rights and EU dossiers for the Minister of State.

She holds a degree in Philosophy, Politics, and Economics from the University of Oxford, and a masters in International Relations from the University of Aberdeen.

Ben Steward
Digital Disruptor Lead, Deloitte Digital, UK


Rob Sumroy
Partner, Slaughter and May, UK

Rob is a partner in the IP/Technology group and co-heads the firm’s Data Protection and Privacy hub. He advises clients on all things ‘data’, including Big Data, digital initiatives, cyber security, data breaches, direct marketing, the Internet of Things, mobile-commerce and e-commerce, emerging technologies (such as Artificial Intelligence) and the cloud. He regularly assists clients with the technology, data and IP input to their emerging digital strategies.

Rob is currently advising clients on their preparation for the General Data Protection Regulation. He is a Co-Contributing Editor of “The International Comparative Legal Guide to: Fintech 2017”, a practical cross-border insight into Fintech law across 34 jurisdictions. He is ranked Band 1 by Chamber UK 2017 for both Information Technology and Outsourcing.

Dale Sunderland
Deputy Commissioner, Data Protection Commission, Ireland

Dale Sunderland was appointed Deputy Commissioner for Data Protection in May 2016. Dale has responsibility for the Multinational Supervision and Technology, and Policy and Engagement functions of the Irish Data Protection Commission. Previously Head of Communications at Ireland’s Department of Justice and Equality, Dale has also held various positions at that department working on immigration and international criminal justice and policing policy, corporate governance and international and parliamentary affairs. He holds graduate and postgraduate honours qualifications in Business Studies and Public Management.

Caroline Tahon
Senior Director, Legal Project Manager, SAP SuccessFactors, France

Caroline's perpetual quest is how to link legal and technology together for the greater good of both. After copyright, patents, mergers and acquisitions, she now helps organizations unravel the complex world of data protection and privacy regulations. She hopes she brings some sense of humour to boring presentations and high stake meetings.

Graduated from Paris XI, Madrid- Complutense, thanks to EU -Erasmus, and a LLM from Santa Clara University (US).

Valerie Taylor
Consultant, Privacy Laws & Business, UK

Valerie qualified as a solicitor in 1994 with Clifford Chance, the London based international law firm, and throughout her legal career has specialised in data protection as well as IT and intellectual property law.

After leaving Clifford Chance, Valerie worked for several years in the in-house legal team at Royal Mail Group plc where she was the principal data protection adviser.
Valerie has been working with Privacy Laws & Business since 2002. She gives advice to large and small businesses in the public and private sector on all aspects of data protection and related legislation, including DP strategy, project management, policies and procedures, training and awareness and compliance monitoring.

She regularly carries out data protection health checks for organisations and advises them on a risk-based approach to compliance. She runs Data Protection training workshops for PL&B as well as in-house training sessions for clients, and is a Legal Correspondent for the Privacy Laws & Business Reports.

Helga Þórisdóttir
Commissioner, Data Protection Authority, Iceland

Helga Þórisdóttir was appointed as Data Protection Commissioner for Iceland in September 2015.

She was appointed as Acting Executive Director of the Icelandic Medicines Agency from 2012 – 2013. Prior to that, she has 20 years of work experience as a lawyer; From 2010 – 2012 and again from 2013 – 2015 she was the Deputy Director of the Icelandic Medicines Agency and from 2008 until 2012, and again from 2013 – 2015 she was also the Head of Legal Affairs at the same agency. She worked with the Ministry of Education from 2005 – 2008 and from 2003 – 2005 she worked for the EFTA Secretariat in Brussels, dealing with free movement of goods in the EEA Agreement. Before that she spent six years working at the Committee Department of the Icelandic Parliament, Althingi, i.e. from 1997 – 2003, where she provided legal guidance to six of then12 Standing Committees of the Parliament.

She began her career as deputy for the State´s Prosecution Office in Iceland presenting criminal cases before district courts of Reykjavík and Reykjanes. She holds a Canditat juris degree from the University of Iceland, has concluded an AMP program from the IESE Business School in Barcelona and holds a diploma in French.

David Trower
Executive Director Global Privacy, PPD, UK

David Trower joined the international clinical research organisation, PPD, as Executive Director Global Privacy in March 2010. Based in their Cambridge UK office, he is responsible for coordinating compliance with applicable data privacy legislation across all of the company’s global operations, monitoring developments in national and international law, and managing relationships with clients, regulatory authorities and professional bodies.

Previous to working at PPD, David held the position of Chief Privacy Officer EMEA for IMS Health, and prior to this a similar role at the internet service provider UUNET.

He is actively involved in professional networks in the privacy field and takes an interest in public policy in healthcare data protection.

David moved into private sector compliance from the United Kingdom ‘Office of the Data Protection Commissioner’ (now ‘Information Commissioner’), where he held the position of Strategic Policy Manager. In this role, David worked directly for the Deputy Commissioner on international data protection issues. He was responsible for liaison with other European data protection supervisory authorities and played an active role in sub-committees of both the Article 29 Working Party and the European Conference of Data Protection Commissioners. David also worked on UK policy issues arising from the development of the Internet and new technologies. He started work at the UK Office working within financial services compliance.
In his early career, David worked as a lecturer in government and political science in Manchester. He holds a professional post-graduate teaching qualification from Manchester Metropolitan University, an MA(Econ) in European Politics from the University of Manchester, and BA(Hons) in Politics from the University of Nottingham. His Masters Degree involved research into the impact on industrial relations of the creation of the European Single Market.


Eduardo Ustaran
Partner, Hogan Lovells, UK

As co-director of the global Privacy and Cybersecurity practice of Hogan Lovells, Eduardo Ustaran is internationally recognised in privacy and data protection law. He is a dually qualified English Solicitor and Spanish Abogado based in London. Eduardo is also the author of “The Future of Privacy” (DataGuidance, 2013), a ground-breaking book where he anticipates the key elements that organisations and privacy professionals will need to tackle to comply with the regulatory framework of the future. Eduardo advises some of the world's leading companies on the adoption of global privacy strategies and is closely involved in the development of the new EU data protection framework. He has been named by Revolution magazine as one of the 40 most influential people in the growth of the digital sector in the UK, and is ranked as a leading privacy and internet lawyer by prestigious international directories.

Eduardo is a former member of the Board of Directors of the IAPP, co-founder and editor of “Data Protection Law & Policy”, and a member of the panel of experts of Data Guidance. Eduardo is executive editor of “European Privacy: Law and Practice for Data Protection Professionals” (IAPP, 2011), and co-author of “Beyond Data Protection” (Springer, 2013), “E-Privacy and Online Data Protection” (Tottel Publishing, 2007), and of the Law Society’s “Data Protection Handbook” (2004). Eduardo has lectured at the University of Cambridge on data protection as part of its Masters of Bioscience Enterprise, and regularly speaks at international conferences.

Helena Verhagen
Co-Founder, Privacy Valley, Netherlands

I’m Helena Verhagen, one of the Co-Founders of Privacy Valley. After graduating from NYU School of Law, I followed the same path that many young lawyers have gone down, a career with an international law firm. A few hectic but amazingly interesting and fun years later I moved to Amsterdam. There, I continued to specialize in IT law and security, alternating between law firms and entertainment companies until in 2009 I was ready to open my own law firm focusing on clients that require expert assistance in ICT procurement and sales, privacy and security. Becoming my own boss allowed me to also direct some of my energies to some of my not so commercial big passions, the arts and personal privacy. I became a board member for several performing arts institutes and started teaching a course in personal privacy in the private wealth programme of Nyenrode Business University.

In 2014 I wanted to rethink how I could best help my clients. A lot of what I was doing was the same song and dance repeatedly. I wanted to “dump” my knowledge into a piece of software for everyone to use. My colleagues Gert Jan Kroese and Anne Holdrinet had both been running around with similar ideas in their heads, so after a few really good dinners and business plans that became more and more ambitious by the week, Privacy Valley was founded. We combine privacy tooling that incorporates over 30 years of experience with privacy advice.

Steve Wright
Data Protection & Information Security Officer, John Lewis Partnership, UK

Steve joined The John Lewis Partnership in April 2016 and is responsible for both the Information Security and Data Privacy. Both of these enable the John Lewis Partnership to protect the personal data of our customers and partners, to be compliant with data protection laws and regulations, and to provide trust and transparency - resulting in greater brand experiences across our digital, mobile and ecommerce channels.

Steve is passionate about big data and all things digital. With more than 20 years’ experience, designing, developing, managing and delivering transformational data, governance, privacy and security programmes, Steve’s vast experience as a pragmatic and charismatic leader, ideally places him as a ‘trusted advisor’ at board level on all privacy and security related matters. Steve is also a published author, a non-executive director and is regularly invited to speak at industry events, trade associations and thought leadership working groups, working towards continually finding new ways to increase trust and transparency in respect of consumer services, business functions and product vendors. Steve strongly believes that governance, cyber security and privacy are all inextricably linked as they share common objectives and principles, and therefore, require satisfactory safeguards and assurances. From a business perspective, this can be achieved by building ‘data trust and assurance’ programmes based on the fundamental principles of transparency, accountability, protection, integrity, confidentially and availability, accompanied by clear policies and delivered through comprehensive training, integrated procedures and a robust compliance regime. Having once served as a CISO, and held senior roles at, Unilever, Deloitte, PwC, Siemens and Capita, Steve has a full appreciation of what is required to get the job done in a cost effective, pragmatic and timely fashion with a natural ability to lead from the front, to coach others and to take responsibility consistently, courageously and with integrity.