Data Protection

24-25 June 2010, Grange City Hotel, London

Book now

Data Protection 


Compliance and best practice by implementing relevant standards

There has never been a more vital time to understand the importance of keeping personal information safe, but compliance with data protection legislation also means holding the right information for the right purpose for the right amount of time. So how do you know if your current practice is good practice?

BSI’s Data Protection Conference will provide you with an insight into Information Commissioner’s Office (ICO) new powers of audit and penalty and how standards can help you in managing compliance to achieve effective and lawful information governance.

Download conference brochure

Key features and benefits:

  • Gain an insight into the ICO’s new powers and the regulator’s priorities for 2010
  • Succeed in making the business case for information governance
  • Understand the benefits of embedding BSI’s standard for data protection (BS 10012:2009) across your organization
  • Identify best practice in records management
  • Discover why the principle of data minimization can help keep your information practices effective and lawful
  • Find out why the legal admissibility of digital records matters
  • Assess development in solutions for data
  • Learn how standards can assist your organization if you manage compliance across multiple jurisdictions
  • Receive a complimentary copy of BS 10012:2009

There will be opportunity for networking and discussion during the conference and drinks reception.

Visit BSI’s data protection homepage for news, publications and updates


Media partner:

Agenda — Thursday 24 June

Chairman’s Introduction

Alan Shipman, Managing Director, Group 5 Training Ltd

The ICO - New Powers, New Penalties and a New Organisation?

  • When will monetary penalties be imposed and how will they be set?
  • What can you expect from ICO audits?
  • How will the assessment notice power work?
  • What are the prospects for custodial sentences for Section 55 offence?
  • When will we see a law on breach notifications?
  • How is the ICO gearing up for its new responsibilities?
David Smith, Deputy Commissioner and Director of Data Protection, Information Commissioner's Office (ICO)

Data Breach Notification — A big bang or a damp squib?

  • The current British data breach notification guidelines
  • Are the EU’s proposed new rules are likely to affect these guidelines?
  • Given T-Mobile’s experience of a particular type of data breach, will they really affect corporate behaviour?
Martin Hoskins, Head of Data Protection and Disclosure, T-Mobile

The European Commission’s Review of DP Legislation – Moving towards accountability

  • The context and scope of the consultation
  • What the Artic le 29 Working Party think
  • Areas the Commission will focus on
  • The Accountability model and how it might be reflected in the review
  • The timescale and format of change.
Boris Wojtan, Senior Legal Counsel, Data Privacy Compliance Lead, EALA, Accenture

BS 10012:2009 – one year on

  • What did BSI seek to achieve with BS 10012
  • Reaction to and adoption of BS 10012
  • Trends and future developments
David Fatscher, Sector Development Manager, BSI

Case Study: Successful implementation of BS 10012:2009

  • The case study of a large, complex organisation that provides services for vulnerable groups
  • Challenges facing the organisation in the project
    - Large diverse workforce
    - Need for extensive data sharing internally and with third parties.
David Hall, Senior Associate, Anthony Collins Solicitors LLP

Discussion – Ask the expert

Martin Hoskins, Head of Data Protection and Disclosure, T-Mobile

David Smith, Deputy Commissioner and Director of Data Protection, Information Commissioner's Office (ICO)

Boris Wojtan, Senior Legal Counsel, Data Privacy Compliance Lead, EALA, Accenture

Information governance and records management (BS ISO 15489/ BS ISO 27001)

  • Overview – how standards can help
  • Records Management (ISO 15489)
  • Information security (ISO 27001)
  • Legal admissibility (BS 10008)
  • Best practice guidance – Case Study.
Elizabeth Lomas, Research and Tutor, Northumbria University

How to get privacy impact assessment right?

  • When to conduct privacy impact assessment
  • Setting up PIA
  • Benefits of completing PIA
Chris Pounder, Managing Director, Amberhawk

Effective Information Destruction Policy Development

  • Overlooked data destruction precautions
  • Employee training and compliance strategies
  • Dealing with electronic data destruction
  • Vendor selection criteria and contracts.
Robert Johnson, Executive Director, National Association for Information Destruction

Case Study

Managing Cross Border Data Flows

  • The problem: DPA restricts international data transfers
  • How organisations create a framework for effecting international data transfers using:
    - Model Clauses
    - Safe Harbor
    - Binding Corporate Rules
Bridget Treacy, Partner, Hunton & Williams LLP

Q&A session

Please check back for updates as the conference agenda is confirmed

Post conference workshop — 25 June 2010

Workshop topic: Data Protection Audit

A one day “Masterclass” designed for delegates who manage or audit data and therefore have obligations to comply with Privacy and Access laws.

The workshop is framed around the new British Standard BS 10012 and how it should be implemented within an organization. The tutor will also cover how the auditing process should be handled and how an organization should comply with data protection legislation.

The day will include a combination of presentations and discussion sessions with additional case studies from both the private and public sector.

Who should attend:

All those responsible for transferring, storing or managing information within their organization, including:

  • Records Managers
  • Compliance Officers
  • Legal Advisors
  • Data Controllers
  • Marketing Managers and Directors
  • Data Protection Officers
  • Information Security Managers.

Masterclass Outline Programme:

  • Finding out what information you process
  • Drafting policies and responsibilities
  • Staff training
  • Ensuring fair and lawful processing
  • Managing personal information in the long term
  • Using personal information for new purposes
  • Managing the rights of individuals
  • Security issues
  • Auditing against BS 10012
  • Benefits and costs of using BS 10012
Jacqueline Gazey, Senior Partner, European Privacy Partnership

Who should attend?

All those responsible for managing (collecting, storing, transferring) information within their organization including:

  • Data Protection Officers
  • Records Managers
  • Compliance Officers
  • Legal Advisors
  • HR Managers
  • Information Security Officers

BSI Information Security conference

Best practice and the latest developments

BSI's Information Security conference will provide you with the very latest developments in Information Security Management best practice.

Through presentations and discussions with industry experts, you'll gain a thorough understanding of the standards that will underpin and support your work. Equipped with this knowledge, you'll be able to influence your company's information security management processes at boardroom level.

Read more about BSI's Information Security conference

Relevant standards:

BSI offers a range of standards and publications designed to ensure your business complies with the Data Protection Act. A guidance book supports the data protection standard BS 10012 and can help with its implementation. If you use live data in system testing, there is also a book that provides invaluable guidance.

Standard for data protection

Standard for data protection
BS 10012:2009
Data protection. Specification for a personal information management system 

  book cover 
Data Protection Pocket Guide: Essential facts at your fingertips(Second Edition)


BIP 0002:2009

Data Protection: Guidelines for the Use of Personal Data in Systems Testing (Second Edition)


Data protection: are you one of the one-in-five?
Business Standards, 11 September 2009

According to a recent survey of over 500 small- and medium-sized businesses, conducted on behalf of BSI by Opinion Matters/, almost one in five businesses has unwittingly breached the Data Protection Act (DPA) at least once...Read more

Giving good governance
Business Standards, 2 June 2009

Despite the legal obligation to protect information under the Data Protection Act, the financial risk of damaging an organization's reputation by losing confidential data and increased spending on security systems, the number of cases continues to climb with a high cost to the UK economy...Read more

Useful links:

BSI's Data Protection homepage
The latest news, relevant standards, publications and training courses offered by BSI.

BSI's Data Protection Online
The new BSI Data Protection Online self-assessment tool can help you ensure your PIMS meets the requirements of the standard, access a library of updated guidance and relevant case studies.

The Information Commissioner's Office
The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

 Your basket
Your basket is empty