GDPR Update and Beyond

When: 19th Jun 2018, 09:30 - 19th Jun 2018, 17:00
Where: BCS, 1st Floor, The Davidson Building, 5 Southampton Street, London, WC2E 7HA
Town/City: London
Organiser: Co-hosted, joint event between DAMA-UK and BCS DMSG
Price: Free
Further Information: Further Information

A co-hosted, joint event between DAMA-UK and BCS DMSG.


GDPR commenced enforcement from May 25th, 2018. So what has changed since last year and what can we expect going forwards? Has the experience been negative or positive. What are the potential benefits and how have organisations positioned themselves to benefit from them?

A range of speakers will cover key topics:

  • Industry perspectives
  • An academic viewpoint
  • Impact on Health and Social Care
  • Case studies
  • Practitioner advice
  • Panel debates





GDPR: How Did We Get Here?

Julian Schwarzenbach.
Data and process Advantage Limited

As a data management professional, you cannot have failed to be aware that GDPR comes / came fully into force on the 25th May. To set the scene for today’s event, Julian will remind us of some of the past history that has got us to this point.

GDPR: And this is where we are..right?

Steve Williams.
Waterstons Ltd

GDPR compliance realities:

  • Keeping Calm (!);
  • Where most businesses are;
  • Real-life compliance best practice examples with risk management variants;
  • Moving from compliance to trust and benefits.

GDPR preparation at Lloyds Bank

Torrin Stafford.
Lloyds Bank

Lloyds Banking Group has taken a very customer centric response to GDPR. Torrin Stafford, Group Head of Data Privacy and Records Management will talk about how the groups preparations progressed, what they learnt along the way and how the group is considering the future of customer trust and transparency.




Utility perspective

Kulwinder Johal.
Severn Trent Water Limited

Water utilities are large complex organisations with many forms of customer interaction. Severn Trent's focus for embracing GDPR regulations has been on engagement across the organisation, which will continue in phase 2 of the project to embed best practice.

GDPR: How to Maintain Compliance

Philips Greaves and Hirun Tantirigama. Protiviti UK

With the May GDPR deadline met, the focus is now to shift from readiness and preparation to having a viable and effective compliance programme. This requires maintaining accurate and complete records of your data processing activities over time, including documentation of what personal data you hold, where it came from and who you share it with. The enhanced regulations also demand data processors take adequate measures to safeguard their customers’ data, with data subjects being able to enforce their rights directly against data processors. This session will explore how the adoption of data mapping in support of your Record of Processing (RoP) and having a robust vendor risk management framework can support organisations appropriately manage risk areas and blind spots as well as discover valuable business insights while meeting compliance.




Better Information
Sharing across care Settings

Keith Strahan.
NHS Digital

The National Project for Information Governance and Cyber Security for Social Care Providers (such as Care Homes) relates to and benefits from GDPR. This presentation will set the health and social context and will include real life scenarios that relate to Social Care Providers. It will highlight aspects of the journey undertaken so far; including the importance of ‘a sector led approach’. As a result, opportunities now exist for secure, confidential, reliable, timely and better information sharing between health and care settings, with benefits for all.

GDPR in HE - an Educated Guess

Mike Hall and George Turner of Roehampton University

This presentation describes the University of Roehampton’s journey, from the first rumblings of GDPR to the 25th of May. Focusing on the University as a public body, facilitating research and data sharing with government bodies and third parties




A data processor perspective

Adam Casey.
Capita Software

A major difference between the Data Protection Act and GDPR is to extend accountability to data processors as well as the data owners. This can lead to potentially unforeseen risks and compromise that must be identified and managed. This presentation runs through how the GDPR has affected the Software Division of Capita, enabling us to clean up on practices, tackle the risk, and use GDPR as a benefit, rather than hindrance.

Looking Beyond Data Privacy

Mark Humphries.

The recent revelations about Cambridge Analytica and its affiliates harvesting large volumes of data from Facebook has prompted a timely debate around data privacy. Important though this is, it is only part of the story. How that data has been used and how the various actors may be affecting political outcomes also depends on advances that have been made in neuroscience, psychology, machine learning and micro-targeting. Combined, these advances in science and technology may have changed the world in ways that we are only just beginning to understand.

Panel discussion






Joint event between DAMA-UK & BCS DMSG. Only certain information (your name, email, employer name & membership status of DAMA and the BCS) will be shared between DAMA-UK & BCS for statistical/analytical purposes only.

About the speakers:

Julian Schwarzenbach

Julian is a data evangelist who is passionate about improving how organisations exploit data. He finds it endlessly fascinating how people behave in relation to data, in particular the many different ways that well-intentioned staff can create data problems that take much effort to resolve. He is also in the process of writing a book on data quality management, so is looking for good examples of data disasters.

In his ‘day job’ as an information management consultant he provides support to a range of major enterprises to improve how they specify, acquire and manage data. Through his work as Chair of the BCS Data Management Specialist Group he helps run a number of data focused events. He also is involved in development of a range of industry standards relating to data, particularly in the built environment.

Steve Williams

Steve Williams heads the Mergers and Acquisitions and Higher Education practices at Waterstons Ltd, a business and IT consultancy with offices in London, Durham and Glasgow. An experienced CIO, he’s spoken and published on risk management and using technology in education. His approach is business-like and pragmatic.

Torrin Stafford

Torrin is the head of Data Privacy and Records management for the Lloyds Banking Group. Lloyds Banking Group is one of the largest data controllers in the UK with over 32 million customers and employing 82k colleagues. An experienced and certified privacy professional, Torrin leads data protection, privacy and records management for the group. Torrin is responsible for embedding the group’s GDPR compliant policy.

Kulwinder Johal

Kulwinder Johal is the Data Governance Lead for Severn Trent. An experienced programme manager and certified privacy professional, Kulwinder leads the group-wide GDPR Project and has provided understanding and implementation of the requirements, including risk management.

Philip Greaves

Philip is a Director within the Protiviti Technology Consulting, Security and Privacy practice. Philip has experience of working across a large variety of technology risk, security, privacy and compliance change programmes for large multi-national organisations. He has led a variety of global GDPR engagements, covering data mapping, GDPR gap assessment, programme assurance, remediation activities and vendor risk management.

Hirun Tantirigama

Hirun is an Associate Director within the Protiviti Technology Consulting, Security and Privacy practice. He has experience in providing technology, risk and regulatory advisory services across a variety of clients and industries, particularly, financial services and large multinational corporations. This includes experience in GDPR compliance (including data mapping), operational and cyber resilience (e.g. BCP/DR, recovery and resolution planning), ERM services and programme assurance.

Mike Hall

Mike Hall is the Director of Campus Operations and CIO at the University of Roehampton.
Mike comes from a senior technology management background specialising in organisational restructuring for improved efficiency and customer service. He has worked for the University for the last 12 years where he has established and developed the IT, Library, Estates and FM teams. Current priorities include migration of the University's server estate to Azure and GDPR. Prior to working at the University of Roehampton, Mike worked at Thomson Scientific (formally Thomson Reuters) in charge of IT infrastructure and product delivery.

George Turner

George Turner is the Deputy University Secretary at the University of Roehampton. His remit includes matters relating to the University’s governance, including data protection, and various student facing provisions, including: complaints, appeals and misconduct.

George has worked at Roehampton since September 2017. Previously he worked at Brunel University London and the University of Derby. He has a PhD in musicology from the University of Sheffield.

Keith Strahan

Keith is a Registered Social Worker working for NHS Digital. He has substantial experience working across community, hospital, mental health and primary care settings. In his career, he has devised, led and implemented award winning large-scale transfer of care projects between health and social care. Currently he is progressing a national project to help improve secure information sharing with social care providers, including the instigating of sector-led, Information Governance and Cyber Security Guidance. Keith is a Founding Fellow of the Faculty of Clinical Informatics. In May 2018 he was elected to the Faculty's Council, to represent Social Care.

Adam Casey

Adam is the Divisional Information Security Officer for Capita Software Division, which is formed from a number of different business units, providing support and services to a multitude of industries and customers. Adam has led the Divisional GDPR Programme over the last two years, enabling the Division to understand their requirements, identify and manage the risks, as well as advise on the opportunities and benefits the Regulation has brought. His qualifications include: CCP Senior SIRA, ISSM, and ISO27001 lead auditor.

Mark Humphries

Mark Humphries is Chair of DAMA UK and a Managing Consultant at Civica Digital where he designs and implement practical data management strategies that work for Civica’s clients. For over 25 years Mark has been improving business performance through the better use of data across multiple sectors including telco, utilities, energy and transport. Mark is a DAMA CDMP Master and in 2010 he was a finalist in the Dutch/Belgian Data Quality Award based on the Data Quality program that he led as Data Manager for a Belgian energy supplier.