GDPR - Making it real

Monday 12 June 2017

Time: 9.30am - 4.30pm

BCS, 1st Floor, The Davidson Building, 5 Southampton Street, London, WC2E 7HA | Map


Book Online

This is a co-hosted, joint event between DAMA-UK and BCS DMSG.


May 25th, 2018 will be when GDPR comes into force and forms a significant shift in how personally identifiable information should be managed in future. This event will focus on pragmatic guidance to help ensure organisations are compliant by the time the law comes into force.

A range of speakers will cover key topics:

  • The Regulator’s viewpoint
  • Generic timeline for implementation
  • The legal perspective
  • An academic viewpoint
  • Case studies
  • Practitioner advice
  • Panel debates

The timings for the afternoon event are as follows:

Joint event between DAMA-UK & BCS DMSG. Only certain information (your name, email, employer name & membership status of DAMA and the BCS) will be shared between DAMA-UK & BCS for statistical/analytical purposes only.


  • 09:30 - Registration
  • 10:00 - GDPR - The Regulator’s Viewpoint - Peter Brown, Senior Technology Officer, Information Commissioner’s Office
  • 10:30 - What does GDPR mean for IT? - Jill Dovey, Associate Solicitor, Muckle LLP - Steve Williams, Executive Transformation Consultant, Waterstons
    A practical overview of key points from GDPR and how to start your journey to compliance. This session gives you practical IT and data compliance examples and advice on preserving your organisation’s reputation and avoiding any nasty penalties.
  • 11:00 - Break
  • 11:15 - The GDPR Timeline - Stephen Bailey, Head of Cyber Security Consulting, NCC Group
    With 12 months to go before GDPR becomes UK law, company owners and managers will want confidence that they are on-track to meet the demands of the new legislation. Stephen Bailey will describe a preparation timeline and provide guidance from his wealth of experience to help attendees to position themselves on their roadmap to compliance.
  • 11:45 -Where should you be right now?... - Dennis Slattery, CDO, EDM Works
    GDPR exists because of a breakdown of trust between individuals and the organisations that hold their data. Data misuse, theft or negligence were becoming commonplace so the law was amended. Rebuilding trust and achieving GDPR compliance requires a lot of work. In this session Dennis will discuss the practicalities of preparing for GDPR, covering aspects such as:
    • How to engage key stakeholders and get sufficient funding to ensure compliance by 25th May 2018?
    • What does your target look like? Is it just meeting the requirements of GDPR or are there broader objectives?
    • Do you really know and understand the data that you store, e.g. purpose and owners’ consent?
    • Are all breaches detectable, let alone reportable?
    • Who is accountable for what data? (and what does accountability mean?)
    • Is your remit is wide enough (to identify and influence all programmes that process personal data)?
    • How to maintain momentum through to 25th May 2018 and beyond..
  • 12:15 - Panel Debate
  • 12:30 - Lunch
  • 13:30 - Case Study - John Stuart-Clarke, Global GDPR Manager, Aviva
  • 14:00 - Impact of EU GDPR on Data Privacy in Data Science Projects - Brendan Tierney, Birmingham City University
    The digital landscape has changed substantially since the 1998 Data Protection Act: the internet has been adopted on a mass scale; big data analytics is being used to inform strategic level business decisions and there is a surge in cybercrime. This presentation discusses the legislation on Data Protection, Privacy and Security and discusses the key points of the new EU Directive on Data Protection and its impact on data privacy in data science projects
  • 14:30 - GDPR: A practical approach to Data Preparation; Paul Malyon - Experian
    GDPR represents a fundamental change for some organisations and a more gentle evolution for others. However, all organisations will need to carefully consider how they manage the data of their customers, citizens or colleagues. While many GDPR programs are already underway, Experian research shows that some are potentially unaware of the key risks posed to them by their own data. In this session, Paul Malyon (Data Strategy Manager) will explain how taking a data-centric approach to GDPR prioritisation can help organisations of all shapes and sizes spot the unknown risks and then prepare their business and data for May 2018
  • 15:00 - Break
  • 15:15 - Digital Disruption and Consumer Trust - Resolving The Challenge of GDPR - Richard Veryard, Consultant, Retail Reply
    The new European Data Protection regulations come into force in May 2018. This represents both a challenge and an opportunity for UK retailers and other consumer-facing organisations - how to establish proper privacy controls and maintain (or even enhance) consumer trust while continuing to push forward with innovation and digital disruption. In this talk, Richard will talk about GDPR initiatives currently underway in the retail sector, and share some of the lessons to date.
  • 15:45 - NG GDPR – The Story So Far… - Glen Truman, National Grid
  • 16:15 - Panel Debate
  • 16:30 - Networking

Speaker Bios

Jill Dovey
Jill Dovey is an Associate Solicitor and commercial IT expert at national law firm Muckle LLP. Jill is a regular speaker on cybersecurity and GDPR and has worked in the IT sector for over a decade, with many years at a FTSE 100 software house. Newcastle-based Jill is also hugely passionate about the local digital community and is a proud supporter of #ThisIsMINE.

Steve Williams
Steve Williams is an Executive Transformation Consultant with business consultancy Waterstons Ltd, based in Durham and London. He heads Waterstons’ Education practice and M&A activity and works with Waterstons’ security and data governance practice across many sectors. Steve is an experienced CIO, with IT leadership roles in manufacturing, retail, government and higher education and a strong security focus.

Stephen Bailey
Stephen Bailey is the head of cyber security consulting in NCC Group’s Risk Management and Governance Practice and leads the privacy team. Uniquely, he specialises in the people risk aspects of cyber security and was one of the authors of the UK’s Centre for the Protection of National Infrastructure’s national guidance on managing people risk. He spent four years as the Head of Operational Risk for a global professional services firm and as part of this CISO-like role he was the Data Protection Officer. He is currently leading on a number of GDPR-related projects across several sectors.

Brendan Tierney
Oracle ACE Director, is an independent consultant (Oralytics) and lectures on data science, databases, and Big Data at the Dublin Institute of Technology/Dublin Technological University. He has 24+ years of experience working in the areas of data mining, data science, Big Data, and data warehousing. Brendan is a recognized data science and Big Data expert and has worked on projects in Ireland, the UK, Belgium, Holland, Norway, Spain, Canada, and the U.S. Brendan is active in the Oracle User Group community, where he is one of the leaders for the OUG in Ireland and is a Member Advocate at Board of Director level with the UKOUG. Brendan has also been editor of the UKOUG Oracle Scene magazine and is a regular speaker at conferences around the world. He is an active blogger and also writes articles for OTN, Oracle Scene, IOUG SELECT Journal, ODTUG Technical Journal, and ToadWorld. He is also on the board of directors for DAMA in Ireland. Brendan has published four books, three with Oracle Press/McGrwa-Hill (Predictive Analytics Using Oracle Data Miner, Oracle R Enterprise: Harnessing the Power of R in Oracle Database, and Real World SQL and PL/SQL: Advice from the Experts) and one with MIT Press (Essentials of Data Science). These books are available on Amazon and the Essentials of Data Science, will be available in early 2018. Web and blog: Twitter: @brendantierney

Paul Malyon
Paul is Experian Data Quality’s Data Strategy Manager. With a wealth of experience in Data Product Management, Data Strategy, Governance and Privacy; Paul is championing the benefits of strong data quality capabilities and customer-centric data policies for our clients and our business.

Outside of his time with Experian, Paul has experienced the world of Tech start-ups and had a stint at the world’s 3rd largest retailer. With a constant focus on data quality, Paul has lived and breathed the challenges faced by businesses of all shapes and sizes for over a decade.

Paul is also a leading advocate of Open Data and Transparency and was a member of the UK Government’s Open Data User Group during the Coalition government (2012-2015). Paul is a passionate speaker on how to help organisations and society get the best out of the growing deluge of digital information.

Richard Veryard
Richard is a consultant with Retail Reply, specializing in enterprise information architecture for the retail and consumer sector. He has written and presented widely on such topics as business architecture, service-oriented architecture, information management, and organizational intelligence. He is a Fellow of the BCS.

Making IT good for society

Record your CPD using the BCS Personal Development Plan today!

Please note that BCS do not issue letters of invitation.

The UK Border Agency are to be contacted for all visa enquiries

Cancellation Policy
In the event of cancellation the delegates will be told well in advance. BCS reserve the right to cancel any event. BCS is not responsible for hotel or travel costs.

Electronic Privacy
As a body for IT professionals BCS Group regularly communicates with its interested parties by email. I understand that BCS Group will not pass on my email address to other organisations.

Data Protection Act 1998
BCS Group will hold your personal data on its computer database and process it in accordance with the Act. This information may be accessed, viewed and used by the Society for administrative purposes and conducting market research. All of these purposes have been notified to the Commissioner. If you are based outside the European Economic Area (the ‘EEA’), information about you may be transferred outside the EEA in accordance with the requirements of the Act.