Data Protection Practical Compliance Conference

10th Annual

Data Protection

Practical

Compliance Conference

This event can be used to qualify for

10.5

CPD

points

“ Super Conference.

Each presentation

was interesting and

informative. ”

Paul Newe

IS Security Operations

Manager

Electricity Supply Board

“ The Conference provided

an excellent forum for

providing realistic practical

advice, in a totally

non-legalistic way!”

Robert Streeter

Data Protection

Compliance Manager

Sky

“ Very good Conference,

materials and speakers!”

Catherine Gill

Administrative Officer

County Wexford VEC

“ Well presented and

structured day – I am

looking forward to next

year.”

Caroline Lang

Digital Research and

Customer Relations

Executive

The Irish Times

19th & 20th November, 2015

Dublin, Ireland

In association with

Sponsored by:

Keynote Speakers:

Helen Dixon - Data Protection Commissioner

PRESENTATIONS

- Day 1

Thursday 19th November 2015

Chairs: Rob Corbet & Robert Clark, Arthur Cox

Keynote Speakers

Helen Dixon - Data Protection Commissioner

Dara Murphy - Minister for European Affairs & Data Protection

Keynote: First Year in Office – Challenges and Solutions

Helen Dixon

– Data Protection Commissioner

Keynote: Data Protection at the Governmental Level – the Past Year

Dara Murphy

– Minister for European Affairs and Data Protection

The Practical Challenges of Dealing with the Data Controller/Data Processor Relationship

Gráinne Mannion

– Allied Irish Banks

The New Law: Current Landscape and Likely Next Steps

Rob Corbet

– Arthur Cox

The Future Role of the Data Protection Officer

James Leaton Gray

– The Privacy Practice

International Transfers – the New Law

Ashley Roughton

– Independent Barrister

Managing Data Protection within HR Departments

Colin Rooney

– Arthur Cox

Using Big Data to Bring Value to Customers

Making Sense of the New Data Protection

Regulation

Claire O’Brien

- Arthur Cox

The proposed EU Data Protection Regulation has been debated for more than 3 years, and the final text is imminent. Making sense of the various proposals, as well as their likely affect on your organisation, can be challenging. This Workshop explains the key changes that you may need to prepare for, including:

• expanded territorial scope and key definitions

• individual rights: the new and the old, and how businesses can prepare to handle these rights

• expanded regulator powers – including the new power to fine, and when it is likely to be used

• narrowing ‘consent’ and ‘legitimate interests’ as grounds for data processing

• transparency and accountability • the role of the DPO

• Privacy by Design and Privacy Impact Assessments • breach notification

• the changing role of data processors

Prevention and Cure: Implementing Lessons

Learned from Recent Data Breaches

Olivia Mullooly

- Arthur Cox

Data breaches have rarely been out of the national and international news in 2014 and 2015. In the US, the second half of last year saw major breaches at Home Depot, UPS, Staples and JP Morgan. It’s vital that organisations learn the lessons from others’ failures by implementing appropriate measures. This interactive session includes:

• a review of recent significant breaches • analysis of what lessons can be learned

• how to spot areas at particular risk of breach in your own organisation

• best practice guidance on responding to a data breach • the changes the new Data Protection Regulation will bring to

the handling of breaches

International Data Transfers – What’s the

Best Solution for Your Organisation?

Ashley Roughton

- Barrister

International data transfers pose complex legal compliance issues. The transfer tools are well known, but organisations often struggle to create practical solutions that work. In this Workshop you will learn how to determine the best solutions for your organisation, including:

• how to identify relevant data flows

• how to assess them in the context of data protection compliance

• how to appropriately accommodate other participants in the chain of data processing

• how to choose the most effective solutions • how to satisfy the regulators

Understanding the Relationship Between

the Freedom of Information Act 2014 and

Data Protection Legislation in Ireland

Joanne Neary

- Arthur Cox

In light of the intrinsically close relationship between the Freedom of Information Act 2014 and the Data Protection Acts 1988 and 2003, this Workshop details key features of the Freedom of Information Act 2014 including:

• the interaction of FOI and data protection laws • the definition of “Public Bodies” under the 2014 Act • FOI timelines and procedure

• freedom of information requests v. data subject access requests

• personal information and other exemptions under the 2014 Act • appeals to the Office of the Information Commissioner

Social Media and Data Protection -

Opportunities and Risks

Chris Bollard

- Arthur Cox

The ability to instantly share information with a wide audience through Social Medial tools comes with significant legal risks, including misuse of personal data. Organisations can lose control of information as staff set up accounts – e.g. Facebook, Twitter, LinkedIn - to instantly network and communicate, often with little oversight from their employers. This session describes the information law risks associated with the use of social media, and provides clear guidance to address those risks, including: • determining who is responsible for social media content • essential considerations when using social media to

communicate with customers, contacts or the public • factors to consider when using social media to find out and

use information (marketing to customers, or investigating or making decisions about members of staff)

• risks when providing a social media service or facility, which may be bespoke or may use a standard platform (such as Facebook)

• tips on how to set social media strategies to achieve the objectives of the organisation whilst minimising the legal risks

Creating Data Protection Policies

Annemarie O'Beirne

- Deloitte

Although it is not a current legal requirement to have policies (it will be a requirement under the new Data Protection Regulation), the use of policies is becoming indispensible for data protection compliance. Organisations greatly benefit from having in place policies for general data protection responsibilities. This Workshop shows how organisations can use policies to make information management more efficient and effective, covering: • why you need data protection polices: legal and practical

issues

• the ODPC and other guidance on drafting policies

• using policies to educate and control the release of information and to keep information secure

• how to keep policies up to date

• when and how to make policies enforceable

A

E

F

B

C

WORKSHOPS

- Day 2

Friday 20th November 2015

Morning Workshops ( 10.00 am - 12.45 pm ) Afternoon Workshops ( 2.00 pm - 4.45 pm )

D

BIOGRAPHIES

Helen Dixon

was appointed as Data Protection Commissioner for Ireland in September 2014. She had previously held the role of Irish Registrar of Companies from November 2009. Prior to that, she held senior civil service roles in the Department of Jobs, Enterprise and Innovation in the areas of economic migration policy and, formerly, science, technology and innovation policy. She was delighted to have been awarded an honorary fellowship of the Institute of Chartered Secretaries and Administrators (ICSA) in 2014.

Dara Murphy

is the Minister for European Affairs and Data Protection. He was previously the Vice Chair of the Dáil Committee on European Union Affairs and a Member of the Dáil Committee on Finance and Public Expenditure and Reform. He also served as the Chair of the Internal Fine Gael Committee on European Affairs, Foreign Affairs & Trade. He was elected to the Dáil in March 2011. Previously, he was appointed by Taoiseach John Bruton to be his representative on the National Economic & Social Council in 1995-1998.

Ashley Roughton

is a Barrister in independent practice specialising in data protection. He was counsel in many of the leading data protection cases of the past decade including Smith v Lloyds TSB and Johnson v Medical Defence Union, and he regularly advises both individuals and data controllers in relation to proceedings before the Court and the Tribunal. He also advises in relation to compliance, data sharing and cross border transfers. He is a Member of the Practitioner Certificate in Data Protection Examination Board.

Chris Bollard

is an associate in the Technology & Life Sciences team in Arthur Cox. Chris advises on data protection law as well as intellectual property, technology and e-commerce matters. Chris has extensive experience advising data rich companies on a range of data protection issues, including data processing agreements, data transfers and disclosures, data breaches and data access requests. Chris has published articles on the topic of data protection (especially as it applies to cloud computing) and contributes to the Arthur Cox technology blog TechBrief.

Claire O’Brien

joined the Technology and Innovation Group at Arthur Cox in January 2014. Having in-house experience in the legal department of a multi-national search engine, she advises on intellectual property, data protection, information technology law and e-commerce issues generally. She has a particular interest in corporate financing for technology companies and betting and gaming law.

Colin Rooney

is an Partner in Arthur Cox’s Technology & Innovation Group. His practice has a strong emphasis on data protection, freedom of information and information management issues. He also advises on intellectual property, e-business, information technology and confidentiality matters. Colin has particular expertise in advising on data protection matters in the human resources sector, including on matters such as: compliance with data protection obligations; managing data security; processing of sensitive personal data; handling of data subject access requests.

Fedelma Good

is Director of Information Policy & Strategy in Barclays. Her role is to help colleagues understand their responsibilities and the relevant privacy and other regulatory requirements, not to mention the common sense and customer focussed issues, that apply when it comes to gathering,

Gráinne Mannion

is a Compliance Manager with AIB Group Compliance department, in the Conduct of Business area. Gráinne is a qualified solicitor and has extensive experience in advising on regulatory issues in the domestic market and also on a cross border basis. In previous roles Gráinne had responsibility for developing internal policies and procedures to ensure compliance with both the Data Protection Acts 1988 and 2003 and the ePrivacy Regulation 2011 while advising on and monitoring a range of data protection issues such as data disclosures, direct marketing, data subject access requests and data breaches.

James Leaton Gray

was previously the BBC’s Information Policy and Compliance Department (until early 2015). James headed overseeing the BBC’s systems for dealing with data protection. During that time James provided policy guidance and designed a privacy programme for the BBC as it develops its big data capability. Before that he worked on a variety of policy and management roles, mainly at the BBC, following a career in current affairs and political programme production. James currently provides data protection consultancy services via his own firm.

Joanne Neary

is an Associate in the Technology and Innovation Group in Arthur Cox. She has particular expertise in the areas of data protection and freedom of information and advises a range of public and private entities on these matters. She also advises on the areas of e-commerce, intellectual property and export control compliance.

Lisa Knox

is a Manager in Deloi

tt

e’s Enterprise Risk Services group with over ten years’ experience in regulation and compliance. Lisa currently works with a number of insurance, banking and payment services clients in the provision of compliance advisory services. Prior to joining Deloitte, Lisa was the Data Protection Officer for an international health insurance undertaking and was heavily involved in documentation reviews, new system design, as well as being responsible for handling all Data Protection complaints. Lisa developed a risk based Data Protection training programme for all units within the undertaking.

Olivia Mullooly

is an Associate in the Technology &

Innovation Group at Arthur Cox. Olivia advises on data protection law as well as intellectual property, technology and e-commerce matters. Olivia has extensive experience advising on a range of data protection issues, such as data processing notices and agreements, data transfers and disclosures, direct marketing, data breaches and data subject access requests.

Rob Corbet

is a Partner in Arthur Cox’s Technology &

Innovation Group. He has particular experience in data protection, advising many of Ireland’s largest companies. He is also a leading adviser in the area of sports law where he advises many significant players, both domestic and international. Rob has been widely published on IT, IP and related matters both domestically and internationally. He is a leading author and lecturer on technology law in the Law Society of Ireland. He is a member of the Editorial Board for Data Protection Ireland Journal.

Robert Clark

is a Barrister and Consultant in the Technology and Innovation Group at Arthur Cox. Robert has been published widely in the area of data protection. He has served on a number of Government bodies, most recently the Department of Justice Data Protection Review Group, and the Sales Law Review Group, of which he was the Chair. Robert holds the title of Professor

BOOKING FORM

1

2

3

For additional delegates, please copy the form, call or book online

Workshop choices:

Morning Workshops (select one): A - Making Sense of the New Data

Protection Regulation

B - Prevention and Cure: Implementing

Lessons Learned from Recent Data Breaches

C - International Data Transfers –

What’s the Best Solution for Your Organisation?

Afternoon Workshops (select one): D - Understanding the relationship

between the Freedom of Information Act 2014 and Data Protection legislation in Ireland

E - Social Media and Data Protection -

Opportunities and Risks

F - Creating Data Protection Policies Five easy ways to book:

Telephone: +353 (0)1 657 1479 Fax: +353 (0)1 633 5853 Email: Post: PDP 6-9 Trinity Street Dublin 2 Ireland Website: www.pdp.ie Payment:

❏

_{I enclose a cheque for € _________}

Please make cheque payable to “PDP”

❏

_{Please send me an invoice}

Accommodation:

Overnight accommodation is not included in the registration fee. However, accommodation can be booked separately at Radisson Blu Royal Hotel,

Golden Lane, Dublin 8, Ireland, subject

to availability. Please call the hotel direct on

+353 (0)1 898 2900. Data Protection:

To see how we use your data, please visit

www.pdp.ie/privacy_policy

We never transfer delegate’s data to third parties. We occasionally send news updates and information on courses and events.

❏

_{Tick this box if you do not wish}

to receive this information

Fees and terms

Whole Conference (Speakers’ Presentations Day plus two Workshops) €995 Speakers’ Presentations Day plus one Workshop €845 Speakers’ Presentations Day only €695

Two Workshops only €595

One Workshop only €445

Additional delegates: 10% discount for second and 15% discount for third and subsequent delegates booked

atthe same time and from the same organisation. Discounts will be applied to the delegate/s with the least expensive booking.

Terms: This booking is made subject to the terms and conditions available at www.pdp.ie/conference/terms

Please let us know if any delegates have special requirements. A vegetarian option is available for lunch.

q q q

q q q

Please fill in the form below and fax or post it to book your place/s:

Delegate’s Details:

Name Organisation Position Email Telephone Address

❏

Speakers’ Presentations Day

Workshops - Morning: A B C Afternoon: D E F Name

Position Email

❏

_{Speakers’ Presentations Day}

Workshops - Morning: A B C Afternoon: D E F Name

Position Email

❏

_{Speakers’ Presentations Day}

Workshops - Morning: A B C Afternoon: D E F

Invoice Details (if different from above):

Subscribe to Privacy & Data Protection Journal:

To add a subscription to your Conference order, tick one of the boxes below. Prices are for one year

❏

_{Hard copy subscription - €355 (no VAT)}

❏

_{Electronic + hard copy subscription - €375 + VAT (€461.25)}

❏

_{Electronic only - €450 + VAT (€553.50)}

q q q

q q q

Testimonials

“ Very informative and

enjoyable. The handouts are

very good.”

Stephen Nolan

Privacy Lead

Microsoft

“ Very enjoyable and well

run conference.”

David Whelon

Corporate Information Security

Manager

Bord Gáis Éireann

“ Practical information on

handling subject access

requests was particularly

useful.”

Ann Smith

Senior Finance Executive

Chartered Accountants Ireland

“ Particularly useful was the

guidance on formulation and

structure of data protection

policies.”

Dan McDonnell

Section Head - Community and

Student Services

Co Carlow VEC

“ Content was excellent. ”

Philip Higgins

Business Warehousing

Development Officer

ESB Energy Solutions

“ Presentations were very

useful and informative.”

Niall McDonnell

County Secretary

Wexford County Council

“ Excellent.”

Laura Doherty

Compliance Consultant

Zurich Insuranc

“ Excellent day! The

presentations provided

practical advice that will be

useful in my day to day job.”

Jason Palmer

Head of Compliance and Risk

AXA Life Europe Ltd

“ Very informative and

practical.”

Deirdre Hyland

Head of Information

Management Services

Mater Misericordiae

University Hospital Ltd

“ Very worthwhile – excellent!”

John Connaughton

Training Services Executive

Irish Sea Fisheries Board

“ Facilities and conference

material excellent.”

Orna-Richella Maquire

Principal Assistant

The Revenue Commissioners

“ The Conference was very

practically based – therefore

very useful.”

Tara Glynn

Company Secretary

ACC Bank plc

“ A good list of speakers who

presented well.”

Michael O’Malley

Senior Corporate Lawyer

Danske Bank

“ Good content and excellent

speakers. Great venue.”

Kate Colleary

Solicitor

O’Donnell Sweeney

“ Very helpful practical

approach.”

Irena Sharapova

Solicitor

Kerry Group

“ Very useful materials.”

Valerie Ryder

Administrative Assistant

University of Limerick

“ Excellent content and focus

on best practice.”

Conor Savage

Online Operations Executive

Paddy Power

Practitioner Certificate in Data Protection

“I can now speak with authority and confidence on the subject of Data Protection within my organisation and with those working in the field.”