Westminster eForum

Since lockdown, we have been organising our full programme of conferences online. We will continue online until further notice, to ensure we play our part in helping our employees and delegates to remain safe during this time. We are pleased that so many key stakeholders, policymakers and other interested parties - both old friends and new delegates - are taking up the opportunity to discuss public policy issues and network at our impartial seminars. New events are coming on to our conference programme all the time. So there are plenty of opportunities for you to join us if you haven’t already, from wherever you are. For booking-related queries, or information on speaking, please email us at info@forumsupport.co.uk or contact us using one of the following numbers: +44 (0)7951044809 / +44 (0)7503591880 / +44 (0)7538736244.
For delegates already booked on, we will send you the online joining instructions (including links, event numbers and passwords) five working days before your conference. If you cannot find these in your inbox please email delegate.relations@forumsupport.co.uk

The future of the UK’s data protection frameworks

Morning, Thursday, 26th November 2020

Online Conference

***Full-scale policy conference taking place online***

This conference will consider future developments in data protection regulation and practice in the UK, including discussion on the key changes expected around the end of the Brexit transition period.

The discussion in detail:

The UK’s regulatory framework, Brexit and wider international relationships

  • remaining priorities for developing the UK’s post-Brexit data protection policy and regulatory frameworks
  • progress and next steps for a UK-EU data adequacy agreement, the impact of the UK-US data access agreement on the negotiation with the EU, and the wider future for international data exchange
  • resolving potential conflicts between EU data protection regulation and UK domestic legislation such as the Investigatory Powers Act 2016
  • the use of standard contractual clauses for data transfers by UK businesses
  • potential future divergence in the interpretation of the GDPR by UK courts from the CJEU’s interpretations and rulings
  • the impact on UK businesses and organisations of the requirement under Article 71 of the Withdrawal Agreement to comply with the GDPR as it stands on 31st December 2020, for data processing taking place in the UK but pertaining to non-UK data subjects

Compliance and key lessons learned from across the UK economy

  • the state of compliance, best practice and the experience of the data protection landscape across sectors in the UK economy, including finance, advertising, and online services
  • unresolved issues and next steps for the ongoing implementation of GDPR in the UK, including the development of sector-specific codes of conduct
  • regulatory enforcement actions under the GDPR up to now, including penalties issued in relation to instances of data breaches - and the future approach to data protection enforcement
  • increasing privacy, trust and security on online platforms - including what lessons can be learned from the recent Twitter hack

Data protection in the context of the pandemic

  • key data protection implications emerging from the COVID-19 pandemic, including the impact of more remote working and a greater reliance on technology with varying levels of data security
  • the role of data protection in supporting the UK’s economic recovery from the effects of the pandemic - including by encouraging trust in areas such as public and commercial information
  • development of contact-tracing apps, the NHS Test and Trace service, and the way that personal data is handled - as the Government shifts their contact tracing app strategy towards a decentralised approach, following recommendations by privacy experts and campaigners that this offers greater data security

Developments that are relevant to the discussion:

  • Transfer of responsibility for guiding the government’s use of data from DCMS (which retains its role in economic and societal data policy) to the Cabinet Office, aimed at maximising the benefits data can provide in policymaking and service delivery
  • a new £2.25m data protection programme, to be launched in September and rolled out by the Cabinet Office, with the aim of improving control over private data - following recommendations made in a review of personal data handling
  • issues related to Brexit:
    • the Government’s recent reiteration in Parliament that it will not seek to extend the transition period past the end of 2020
    • the European Data Protection Board raising concerns over the impact of the UK-US Bilateral Data Access Agreement concluded last year
  • restrictions for big tech companies regarding the sharing of data:
    • recent Court of Justice of the European Union ruling on the EU-US Privacy Shield agreement, with concerns that US national security laws do not adequately protect the privacy of EU citizens
    • the UK Government’s response to the judgement, reiterating its commitment to supporting UK organisations on international data transfers
  • first reports from the ICO’s regulatory sandbox - which aims to support privacy and innovation, and help companies and public bodies deliver new products and services with built-in data protections
  • the ICO’s regulatory approach during the COVID-19 crisis - which focuses on protecting public interest, facilitating responsible data sharing, and balancing privacy and innovation
  • the COVID-19 tracking app and the recent announcement that the Government is switching its focus away from relying solely on the proprietary system trialled on the Isle of Wight

The agenda:

  • Key future priorities and strategic aims for enforcement and regulation in data protection
  • Developing and implementing sectoral codes of conduct
  • Compliance, best practice and the experience of today’s data protection landscape across sectors in the UK economy
  • The impact of COVID-19 - increased remote working, greater reliance of technology, and the data protection implications of contact-tracing
  • Data protection in the UK post-Brexit - the Withdrawal Agreement, progress on an adequacy decision, and regulatory obligations for UK organisations after the end of the transition period
  • Opportunities for UK data protection policy

Policy officials attending:

Our forums are known for attracting strong interest from policymakers and stakeholders.

It is particularly the case for this conference. Places have been reserved by officials from DCMS; the Cabinet Office; the Information Commissioner's Office; BEIS; the Competition and Markets Authority; the Crown Prosecution Service; the Department for Education; the Department for International Trade; the Department for Transport; DHSC; the Food Standards Agency; the Foreign Office; Government Banking; the Government Legal Department; Government Legal Profession; HM Revenue & Customs; the Home Office; the Information Commissioner's Office; the MHCLG; the Ministry of Defence; the Ministry of Justice; Policy Lab and The Scottish Government.

This is a full-scale conference taking place online***

  • full, four-hour programme including comfort breaks - you’ll also get a full recording to refer back to
  • information-rich discussion involving key policymakers and stakeholders
  • conference materials provided in advance, including speaker biographies
  • speakers presenting via webcam, accompanied by slides if they wish, using the Cisco WebEx professional online conference platform (easy for delegates - we’ll provide full details)
  • opportunities for live delegate questions and comments with all speakers
  • a recording of the addresses, all slides cleared by speakers, and further materials, is made available to all delegates afterwards as a permanent record of the proceedings
  • delegates are able to add their own written comments and articles following the conference, to be distributed to all attendees and more widely
  • networking too - there will be opportunities for delegates to e-meet and interact - we’ll tell you how!

Full information and guidance on how to take part will be sent to delegates before the conference

Keynote Speakers

Chris Combemale

Chief Executive Officer, Data & Marketing Association

Eleonor Duhs

Director, Technology, Outsourcing and Privacy, Fieldfisher

Dawn Monaghan

Head of Information Governance Policy, NHSX

Keynote Speakers

Chris Combemale

Chief Executive Officer, Data & Marketing Association

Eleonor Duhs

Director, Technology, Outsourcing and Privacy, Fieldfisher

Harry Lee

Deputy Director, Data Protection and Data Rights, DCMS

Dr Subhajit Basu

Associate Professor, Information Technology (Cyber Law), University of Leeds and Chair, British and Irish Law Education and Technology Association (BILETA)

Matthew Houlihan

Senior Director, Government and Corporate Affairs, Cisco

Dawn Monaghan

Head of Information Governance Policy, NHSX


Rt Hon Baroness Ludford

Liberal Democrat Lords Spokesperson (Exiting the European Union)

Rt Hon Lord Arbuthnot of Edrom

Officer, All-Party Parliamentary Group on Digital Identity and Officer, All-Party Parliamentary Group on Cyber Security


Lars B. Andersen

Founder and Chief Executive Officer, My Nametags

Nicky Stewart

Commercial Director, UKCloud

William Malcolm

Legal Director, Privacy, Google

Rafi Azim-Khan

Head of IP/IT and Data Privacy, Pillsbury Law

Linda NiChualladh

Head of Privacy (Legal), EMEA, Citi