GDPR - Making it real

Monday 12 June 2017

Time: 9.30am - 4.30pm

BCS, 1st Floor, The Davidson Building, 5 Southampton Street, London, WC2E 7HA | Map


This was a co-hosted, joint event between DAMA-UK and BCS DMSG.


May 25th, 2018 will be when GDPR comes into force and forms a significant shift in how personally identifiable information should be managed in future. This event focused on pragmatic guidance to help ensure organisations are compliant by the time the law comes into force.

A range of speakers will cover key topics:

  • The Regulator’s viewpoint
  • Generic timeline for implementation
  • The legal perspective
  • An academic viewpoint
  • Case studies
  • Practitioner advice
  • Panel debates


Talk Speaker Slides/Presentation
GDPR - The Regulator’s Viewpoint Peter Brown, Senior Technology Officer, Information Commissioner’s Office Presentation Slides
What does GDPR mean for IT?  Jill Dovey, Associate Solicitor, Muckle LLP - Steve Williams, Executive Transformation Consultant, Waterstons Presentation Slides
The GDPR Timeline Stephen Bailey, Head of Cyber Security Consulting, NCC Group Presentation Slides
Where should you be right now? Dennis Slattery, CDO, EDM Works Presentation Slides
GDPR: Keep Calm and Think John Stuart-Clarke, Senior Data Governance Manager, Aviva Presentation Slides
Impact of EU GDPR on Data Privacy in Data Science Projects Brendan Tierney, Dublin Institute of Technology Presentation Slides

GDPR: A practical approach to Data Preparation Paul Malyon - Experian Presentation Slides
Digital Disruption and Consumer Trust - Resolving The Challenge of GDPR Richard Veryard, Consultant, Retail Reply Video
NG GDPR case study - The Story So Far... Glen Truman, National Grid Presentation Slides


The timings for the afternoon event were as follows:

Joint event between DAMA-UK & BCS DMSG. Only certain information (your name, email, employer name & membership status of DAMA and the BCS) will be shared between DAMA-UK & BCS for statistical/analytical purposes only.


  • 09:30 - Registration
  • 10:00 - GDPR - The Regulator’s Viewpoint - Peter Brown, Senior Technology Officer, Information Commissioner’s Office
  • 10:30 - What does GDPR mean for IT? - Jill Dovey, Associate Solicitor, Muckle LLP - Steve Williams, Executive Transformation Consultant, Waterstons
    A practical overview of key points from GDPR and how to start your journey to compliance. This session gives you practical IT and data compliance examples and advice on preserving your organisation’s reputation and avoiding any nasty penalties.
  • 11:00 - Break
  • 11:15 - The GDPR Timeline - Stephen Bailey, Head of Cyber Security Consulting, NCC Group
    With 12 months to go before GDPR becomes UK law, company owners and managers will want confidence that they are on-track to meet the demands of the new legislation. Stephen Bailey will describe a preparation timeline and provide guidance from his wealth of experience to help attendees to position themselves on their roadmap to compliance.
  • 11:45 -Where should you be right now?... - Dennis Slattery, CDO, EDM Works
    GDPR exists because of a breakdown of trust between individuals and the organisations that hold their data. Data misuse, theft or negligence were becoming commonplace so the law was amended. Rebuilding trust and achieving GDPR compliance requires a lot of work. In this session Dennis will discuss the practicalities of preparing for GDPR, covering aspects such as:
    • How to engage key stakeholders and get sufficient funding to ensure compliance by 25th May 2018?
    • What does your target look like? Is it just meeting the requirements of GDPR or are there broader objectives?
    • Do you really know and understand the data that you store, e.g. purpose and owners’ consent?
    • Are all breaches detectable, let alone reportable?
    • Who is accountable for what data? (and what does accountability mean?)
    • Is your remit is wide enough (to identify and influence all programmes that process personal data)?
    • How to maintain momentum through to 25th May 2018 and beyond..
  • 12:15 - Panel Debate
  • 12:30 - Lunch
  • 13:30 - GDPR: Keep Calm and Think - John Stuart-Clarke, Senior Data Governance Manager, Aviva
    The risks and potential sanctions GDPR exposes organisations too are eye-wateringly attention-grabbing, triggering a variety of responses from repackaging security products as GDPR Swiss army knives, to blind panic at the prospect of a fine that could be big enough to take a company out of business. As ever, the best path to take is one between the edges of the extremes - providing it’s not the one on which GDPR is just another acronym passing you by. In amongst the scare-mongering, confusion and general ignorance are the oases of calm we all need to gravitate towards if we’re going to survive until 25th May 2018 and beyond.
     Authoritative first-hand experience is a wonderful thing but when a change as significant as GDPR presents itself, it’s often in scant supply. Recent political events have taught us that in the absence of expertise anything can happen. So what to do?  Despite the hype, most organisations already have the skills, knowledge and expertise they need to successfully prepare for GDPR. And what they don’t have is almost entirely freely available to them. To be successful, we just need to “Keep Calm and Think”.
  • 14:00 - Impact of EU GDPR on Data Privacy in Data Science Projects - Brendan Tierney, Dublin Institute of Technology
    The digital landscape has changed substantially since the 1998 Data Protection Act: the internet has been adopted on a mass scale; big data analytics is being used to inform strategic level business decisions and there is a surge in cybercrime. This presentation discusses the legislation on Data Protection, Privacy and Security and discusses the key points of the new EU Directive on Data Protection and its impact on data privacy in data science projects
  • 14:30 - GDPR: A practical approach to Data Preparation; Paul Malyon - Experian
    GDPR represents a fundamental change for some organisations and a more gentle evolution for others. However, all organisations will need to carefully consider how they manage the data of their customers, citizens or colleagues. While many GDPR programs are already underway, Experian research shows that some are potentially unaware of the key risks posed to them by their own data. In this session, Paul Malyon (Data Strategy Manager) will explain how taking a data-centric approach to GDPR prioritisation can help organisations of all shapes and sizes spot the unknown risks and then prepare their business and data for May 2018
  • 15:00 - Break
  • 15:15 - Digital Disruption and Consumer Trust - Resolving The Challenge of GDPR - Richard Veryard, Consultant, Retail Reply
    The new European Data Protection regulations come into force in May 2018. This represents both a challenge and an opportunity for UK retailers and other consumer-facing organisations - how to establish proper privacy controls and maintain (or even enhance) consumer trust while continuing to push forward with innovation and digital disruption. In this talk, Richard will talk about GDPR initiatives currently underway in the retail sector, and share some of the lessons to date.
  • 15:45 - NG GDPR case study - The Story So Far...  Glen Truman, National Grid
    Stories about the difficulties of implementing GDPR and the huge financial and reputational consequences of getting it wrong seem to have created fear and tension in some circles. Executives are sitting up and taking notice and some even contemplating spending large sums of money to get external advice and support to mitigate the risks associated with this legislative change. Whilst this may be a prudent and appropriate approach for some organisations, there is an alternative.
    A range of valuable information is available from credible, professional sources, such as the Information Commissioners Office and the IAPP, which give pragmatic advice and guidance that helps to de-mystify GDPR. It also can provide a solid basis for developing a structured approach for a readiness programme that suits any organisation. This session demonstrates how National Grid have used such advice and guidance to prepare for GDPR.
  • 16:15 - Panel Debate
  • 16:30 - Networking

Speaker Bios

Jill Dovey
Jill Dovey is an Associate Solicitor and commercial IT expert at national law firm Muckle LLP. Jill is a regular speaker on cybersecurity and GDPR and has worked in the IT sector for over a decade, with many years at a FTSE 100 software house. Newcastle-based Jill is also hugely passionate about the local digital community and is a proud supporter of #ThisIsMINE.

Steve Williams
Steve Williams is an Executive Transformation Consultant with business consultancy Waterstons Ltd, based in Durham and London. He heads Waterstons’ Education practice and M&A activity and works with Waterstons’ security and data governance practice across many sectors. Steve is an experienced CIO, with IT leadership roles in manufacturing, retail, government and higher education and a strong security focus.

Stephen Bailey
Stephen Bailey is the head of cyber security consulting in NCC Group’s Risk Management and Governance Practice and leads the privacy team. Uniquely, he specialises in the people risk aspects of cyber security and was one of the authors of the UK’s Centre for the Protection of National Infrastructure’s national guidance on managing people risk. He spent four years as the Head of Operational Risk for a global professional services firm and as part of this CISO-like role he was the Data Protection Officer. He is currently leading on a number of GDPR-related projects across several sectors.

John Stuart-Clarke
John is a business analyst who has managed to convince people that he is many others things over the years. Examples of his subterfuge include stints as an entrepreneur, business owner, change director, programme manager and most recently, data governance manager, working for firms of different shapes, sizes and natures. John became obsessed with GDPR almost two years ago, when he realised how different the world would be once enforcement of the regulation begins. John’s strength is that he can get people to listen to him when he is trying to tell them things they need to know and he can then help them get over the shock of realising that something needs to change and go about doing so in an orderly manner. John has certificates to attest to this skill so he must really have it.

Brendan Tierney
Oracle ACE Director, is an independent consultant (Oralytics) and lectures on data science, databases, and Big Data at the Dublin Institute of Technology/Dublin Technological University. He has 24+ years of experience working in the areas of data mining, data science, Big Data, and data warehousing. Brendan is a recognized data science and Big Data expert and has worked on projects in Ireland, the UK, Belgium, Holland, Norway, Spain, Canada, and the U.S. Brendan is active in the Oracle User Group community, where he is one of the leaders for the OUG in Ireland and is a Member Advocate at Board of Director level with the UKOUG. Brendan has also been editor of the UKOUG Oracle Scene magazine and is a regular speaker at conferences around the world. He is an active blogger and also writes articles for OTN, Oracle Scene, IOUG SELECT Journal, ODTUG Technical Journal, and ToadWorld. He is also on the board of directors for DAMA in Ireland. Brendan has published four books, three with Oracle Press/McGrwa-Hill (Predictive Analytics Using Oracle Data Miner, Oracle R Enterprise: Harnessing the Power of R in Oracle Database, and Real World SQL and PL/SQL: Advice from the Experts) and one with MIT Press (Essentials of Data Science). These books are available on Amazon and the Essentials of Data Science, will be available in early 2018. Web and blog: Twitter: @brendantierney

Paul Malyon
Paul is Experian Data Quality’s Data Strategy Manager. With a wealth of experience in Data Product Management, Data Strategy, Governance and Privacy; Paul is championing the benefits of strong data quality capabilities and customer-centric data policies for our clients and our business.

Outside of his time with Experian, Paul has experienced the world of Tech start-ups and had a stint at the world’s 3rd largest retailer. With a constant focus on data quality, Paul has lived and breathed the challenges faced by businesses of all shapes and sizes for over a decade.

Paul is also a leading advocate of Open Data and Transparency and was a member of the UK Government’s Open Data User Group during the Coalition government (2012-2015). Paul is a passionate speaker on how to help organisations and society get the best out of the growing deluge of digital information.

Richard Veryard
Richard is a consultant with Retail Reply, specializing in enterprise information architecture for the retail and consumer sector. He has written and presented widely on such topics as business architecture, service-oriented architecture, information management, and organizational intelligence. He is a Fellow of the BCS.

Glen Truman
Glen Truman is the Information, Records and Data Privacy Manager at National Grid and has been working in Information and Records Management for the past 12 years and Data Privacy for the last 15 months! He is now leading the National Grid’s programme to prepare its UK businesses for EU GDPR  and is also supporting the programme for its businesses in the USA.  Glen is an experienced programme manager with a background in business transformation, Information Services strategy and solution delivery.

Making IT good for society

Record your CPD using the BCS Personal Development Plan today!