GDPR Update and Beyond

Date: Tuesday 19 June 2018

A co-hosted, joint event between DAMA-UK and BCS DMSG.

Details:

GDPR commenced enforcement from May 25th, 2018. So what has changed since last year and what can we expect going forwards? Has the experience been negative or positive. What are the potential benefits and how have organisations positioned themselves to benefit from them?

Presentations

Talk

Speaker

Synopsis

GDPR: How Did We Get Here?

Video

Julian Schwarzenbach.
Data and process Advantage Limited

As a data management professional, you cannot have failed to be aware that GDPR comes / came fully into force on the 25th May. To set the scene for today’s event, Julian will remind us of some of the past history that has got us to this point.

GDPR: And this is where we are..right?

Video

Steve Williams.
Waterstons Ltd

GDPR compliance realities:

  • Keeping Calm (!);
  • Where most businesses are;
  • Real-life compliance best practice examples with risk management variants;
  • Moving from compliance to trust and benefits.

GDPR preparation at Lloyds Bank

Permission to publish video not given

Torrin Stafford.
Lloyds Bank

Lloyds Banking Group has taken a very customer centric response to GDPR. Torrin Stafford, Group Head of Data Privacy and Records Management will talk about how the groups preparations progressed, what they learnt along the way and how the group is considering the future of customer trust and transparency.

GDPR: The power of engagement in Severn Trent

Video

Kulwinder Johal.
Severn Trent Water Limited

Water utilities are large complex organisations with many forms of customer interaction. Severn Trent's focus for embracing GDPR regulations has been on engagement across the organisation, which will continue in phase 2 of the project to embed best practice.

GDPR: How to Maintain Compliance

Video

Philips Greaves and Hirun Tantirigama. Protiviti UK

With the May GDPR deadline met, the focus is now to shift from readiness and preparation to having a viable and effective compliance programme. This requires maintaining accurate and complete records of your data processing activities over time, including documentation of what personal data you hold, where it came from and who you share it with. The enhanced regulations also demand data processors take adequate measures to safeguard their customers’ data, with data subjects being able to enforce their rights directly against data processors. This session will explore how the adoption of data mapping in support of your Record of Processing (RoP) and having a robust vendor risk management framework can support organisations appropriately manage risk areas and blind spots as well as discover valuable business insights while meeting compliance.

Better Information
Sharing across care Settings

Permission to publish video not given

Keith Strahan.
NHS Digital

The National Project for Information Governance and Cyber Security for Social Care Providers (such as Care Homes) relates to and benefits from GDPR. This presentation will set the health and social context and will include real life scenarios that relate to Social Care Providers. It will highlight aspects of the journey undertaken so far; including the importance of ‘a sector led approach’. As a result, opportunities now exist for secure, confidential, reliable, timely and better information sharing between health and care settings, with benefits for all.

GDPR in HE - an Educated Guess

Video

Mike Hall and George Turner of Roehampton University

This presentation describes the University of Roehampton’s journey, from the first rumblings of GDPR to the 25th of May. Focusing on the University as a public body, facilitating research and data sharing with government bodies and third parties

A data processor perspective

Video

Adam Casey.
Capita Software

A major difference between the Data Protection Act and GDPR is to extend accountability to data processors as well as the data owners. This can lead to potentially unforeseen risks and compromise that must be identified and managed. This presentation runs through how the GDPR has affected the Software Division of Capita, enabling us to clean up on practices, tackle the risk, and use GDPR as a benefit, rather than hindrance.

Looking Beyond Data Privacy

Video

Mark Humphries.
Civica

The recent revelations about Cambridge Analytica and its affiliates harvesting large volumes of data from Facebook has prompted a timely debate around data privacy. Important though this is, it is only part of the story. How that data has been used and how the various actors may be affecting political outcomes also depends on advances that have been made in neuroscience, psychology, machine learning and micro-targeting. Combined, these advances in science and technology may have changed the world in ways that we are only just beginning to understand.

Joint event between DAMA-UK & BCS DMSG.

About the speakers:

Philip Greaves
Philip is a Director within the Protiviti Technology Consulting, Security and Privacy practice. Philip has experience of working across a large variety of technology risk, security, privacy and compliance change programmes for large multi-national organisations. He has led a variety of global GDPR engagements, covering data mapping, GDPR gap assessment, programme assurance, remediation activities and vendor risk management.

Hirun Tantirigama
Hirun is an Associate Director within the Protiviti Technology Consulting, Security and Privacy practice. He has experience in providing technology, risk and regulatory advisory services across a variety of clients and industries, particularly, financial services and large multinational corporations. This includes experience in GDPR compliance (including data mapping), operational and cyber resilience (e.g. BCP/DR, recovery and resolution planning), ERM services and programme assurance.

Mike Hall
Mike Hall is the Director of Campus Operations and CIO at the University of Roehampton. Mike comes from a senior technology management background specialising in organisational restructuring for improved efficiency and customer service. He has worked for the University for the last 12 years where he has established and developed the IT, Library, Estates and FM teams. Current priorities include migration of the University's server estate to Azure and GDPR. Prior to working at the University of Roehampton, Mike worked at Thomson Scientific (formally Thomson Reuters) in charge of IT infrastructure and product delivery.

George Turner
George Turner is the Deputy University Secretary at the University of Roehampton. His remit includes matters relating to the University’s governance, including data protection, and various student facing provisions, including: complaints, appeals and misconduct. George has worked at Roehampton since September 2017. Previously he worked at Brunel University London and the University of Derby. He has a PhD in musicology from the University of Sheffield.

Keith Strahan
Keith is a Registered Social Worker working for NHS Digital. He has substantial experience working across community, hospital, mental health and primary care settings. In his career, he has devised, led and implemented award winning large-scale transfer of care projects between health and social care. Currently he is progressing a national project to help improve secure information sharing with social care providers, including the instigating of sector-led, Information Governance and Cyber Security Guidance. Keith is a Founding Fellow of the Faculty of Clinical Informatics. In May 2018 he was elected to the Faculty's Council, to represent Social Care.

Adam Casey
Adam is the Divisional Information Security Officer for Capita Software Division, which is formed from a number of different business units, providing support and services to a multitude of industries and customers. Adam has led the Divisional GDPR Programme over the last two years, enabling the Division to understand their requirements, identify and manage the risks, as well as advise on the opportunities and benefits the Regulation has brought. His qualifications include: CCP Senior SIRA, ISSM, and ISO27001 lead auditor.

Mark Humphries
Mark Humphries is Chair of DAMA UK and a Managing Consultant at Civica Digital where he designs and implement practical data management strategies that work for Civica’s clients. For over 25 years Mark has been improving business performance through the better use of data across multiple sectors including telco, utilities, energy and transport. Mark is a DAMA CDMP Master and in 2010 he was a finalist in the Dutch/Belgian Data Quality Award based on the Data Quality program that he led as Data Manager for a Belgian energy supplier.