Time to get organised in the UK - or the Great Escape?

28 September 2016

DLA Piper, Birmingham

Overview

This conference will provide businesses and the public sector in the United Kingdom with a clear path of how you should adapt your business operations to the heavier legal duties which will result from the European Union Data Protection Regulation.

It will give you the information and tools that you need to comply with the law which will apply across the European Economic Area.

The conference will feature speakers from the Information Commissioner's Office, DLA Piper and Privacy Laws & Business. Frank Madden, Legal Adviser - Data Protection, Fujitsu, will share with us the ways in which they are preparing for the Regulation. How will your organisation adapt? Each session will be followed by time allocated to discussion.

What are the changes and what do you need to do? The conference will focus on the UK but will provide, as an underlying theme, an insight into the continuing importance of the EU-wide dimension, regardless of how the government manages the Brexit negotiations.

By the end of the day, you will have gained practical advice on what to do next. Sessions will include:

  1. What are individuals' additional rights? As the purpose of the EU Data Protection Regulation is to provide and protect individuals' rights, one session will identify their new stronger rights, some enhanced versions of current rights while others are completely new in the UK.
  2. The ICO approach to data protection in the current climate Iain Bourne, DataProtection Policy Delivery Group Manager,Information Commissioner's Office (ICO) will explain to us the Commissioner's priorities in helping ensure that public and private sector organisations are complying with UK law which reflects elements of theEU DPRegulation. The tools available to the ICO include warning letters, audits, investigations in response to complaints, prosecutions and fines. How should you respond to such regulatory actions?
  3. Discussion in small groups How are you planning tointegrate new legal requirements intoyour business processes? Action points to be covered by a panel of the speakers include your mandatory record-keeping responsibilities and how you should revise your documentation. To communicate the complexities of the new legal requirements you will need to create training programmes which communicate to relevant staff what they, in particular, need to know. While you revise your Data Protection Act audit methodology, you will, of course, be thinking of how you would cope if the ICO investigation or audit team come to visit you.
  4. International transfers: Many organisations which focus mainly on the UK need to process personal data in other countries outside the European Economic Area (EEA). This could be because you have clients, employees, self-employed staff or associates or suppliers outside the EEA, or outsource certain functions, or you use cloud services. Which aspects of the law is changing? How will theEU-US Privacy Shield work in practice?How can you stay on the safe side without incurring legal difficulties?
  5. Collecting and using personal data: Collecting and using personal data, whether on paper, e-mail, websites or social media remain a minefield. What is the difference between "unambiguous consent" and "explicit consent"? How clear do you need to be in explaining how you will use your clients' and prospects' data? What does a "right to object" mean in practice? How often do you need to review and update your privacy notices?
  6. Information security and breach notification requirements The person responsible for implementing data protection law within your organisation needs to coordinate with the person(s) taking responsibility for data security. While both will be aware of the risk of the loss or theft of personal data, one has to take responsibility to inform the ICO in terms of what and when. In which ways will data processors now have enhanced responsibilities? What is the reporting situation regarding hacking? When is the Computer Misuse Act relevant? When do you need to inform the police?

The day will round off with insights into how to keep up to date with new developments.

This event qualifies for 6 CPD hours.