Catchpell House

Carpet Lane



Tel: 0131 553 9381

  • Twitter - White Circle
  • LinkedIn - White Circle
  • Facebook - White Circle
  • Instagram - White Circle


© 2019 by DIGIT

3rd Annual

Compliance  -  GDPR  -  Process - Strategy

 10th December 2019 
 Dynamic Earth, Edinburgh 

Lead Sponsor

OneTrust New.png

Speakers & Supporters

cyber academy.png
DMA new (002).PNG

The Conference

The conference will contextualise the changing regulatory landscape, considering the business impact of the GDPR and DPA (2018) and how it is changing policy and process in practice. 

When GDPR came into force in May 2018 it significantly raised the bar of obligation and accountability, ensuring that all organisations who handle personal data adhere to strict regulations around privacy, security and consent. 18 months on from implementation, the conference will consider how data protection procedure has moved on, with insight from frontline practitioners reflecting on how practices within their organisation have changed.
The event will also provide an update from the regulator; exploring regulatory action policy, decision making for fines and penalties, and clarifying some of the most prominent areas of misconception and non-compliance.

Core conference topics include:

•    Key legal issues and obligations
•    Data security and encryption
•    Privacy Impact Assessments
•    Databases, data mapping and classification
•    Privacy by design
•    Practical strategy implementation 



DIGIT has rapidly grown into the largest independent business technology community in Scotland, running an extensive conference series focused around core areas of emerging technology, Digital and IT.

The events provide a unique platform for knowledge exchange, drawing stakeholders together to explore best practice, technological innovation and business outcomes. Our conferences attract a senior delegate following and have become renowned as an important forum for high-level networking.


2019 Speakers

Privacy Consultant, OneTrust
COO and Co-Founder -Talking Medicines
Head of Regions - ICO
EEA Data Protection Manager - Facebook
GDPR Practitioner, iCaaS
Marketing Director, iomart
Chief Data Protection & Chief Privacy Officer - Mars
Head of Technology Policy, ICO
Partner, Addleshaw Goddard
Sr Proposition and Data Protection Manager - Standard Life Assurance, part of the Phoenix Group
Journalist & Broadcaster - BBC Scotland
Founder, DIGIT
Show More

2019 Sponsors

OneTrust New.png

2019 Exhibitors

Act Now.png

For enquiries about sponsorship and exhibitor opportunities, contact Ray Bugg on

2019 Agenda 


GDPR and DPA 2018 were designed to raise the bar of obligation and accountability, ensuring that organisations who handle personal data adhere to strict regulations around privacy, security and consent. 18 months on from implementation, the opening session will contextualise how the Data Protection landscape has changed and reflect on progress, perception and persisting challenges.


08:30 Arrival, Refreshments and Badge Collection


09:20 Introduction from the Conference Chair

Mark Stephen, Journalist & Broadcaster, BBC Scotland


09:30 Data Protection in the GDPR Era

  • The ICO’s experience since GDPR was fully implemented

  • Lessons to be learned and myths to be busted

  • Taking regulatory action

  • Helping the data controller

Ken Macdonald, Head of ICO Regions, ICO


10:00 Practitioner Observations on the Evolving Data Protection Landscape

  • The evolving privacy and data protection  landscape, trends and observations

  • How have trust, privacy and customer expectation shifted

  • What are the main data issues and compliance challenges facing practitioners 

Evie Kyriakides, Chief Data Protection & Privacy Officer, Mars


10:20 ISO27001 & the GDPR: Identifying Overlap and Streamlining Efforts

  • Map the most common security operations standard, ISO 27001 to the world’s most influential piece of privacy legislation, the GDPR 

  • Identify how much work toward GDPR compliance that security teams have likely already done 

  • Develop a framework to reduce the risk of a damaging incident while increasing productivity and customer trust

  • Learn about the stakeholders, teams, tools and processes that should come together for a comprehensive privacy and security strategy

Charlie Grey, Privacy Consultant, OneTrust


10:40 Question & Answer Panel

11:05 Refreshments, Exhibition & Networking



This session will explore three key topics in a smaller and more interactive breakout setting. The three breakout sessions will be run in parallel and then repeated, providing delegates the opportunity to attend two of the options on offer.

11:40   Breakout 1

12:10   Transition

12:15   Breakout 2

A: The consumerisation of privacy – legal impact

GDPR and similar regulation across the globe, coupled with the explosion of big data and high profile privacy cases, has led to a previously unparalleled level of privacy awareness. Data is undoubtedly now a consumer commodity, and in some cases privacy has become a weapon.  In this session we look at the legal aspects of this new privacy landscape, and how organisations can handle the risks, focusing on:


•             Breaches and class actions

•             New developments in data subject rights

•             Trends in transparency

•             Cookies and marketing

Helena Brown, Partner, Addleshaw Goddard

B: Solving Mass Data Fragmentation

Data is an enterprise’s most valuable digital resource.    It should be a competitive asset, but with the introduction of GDPR, data  has become a costly and risky IT management headache.     Secondary data has become so fragmented across infrastructure silos and locations that it is too complex for IT to protect or locate – let alone leverage.     Learn how to identify mass data fragmentation in your organisation and establish best practices across your organisation for safely and cost-effectively defeating it.

Alan Gardiner, Marketing Director, iomart

C: Delivering effective GDPR training

•             Why aren’t businesses delivering effective training?

•             Making it relevant, a priority and ongoing.

•             Getting the message across.

•             Long-term consequences of insufficient training.

Megan Kane, GDPR Practitioner, iCaaS

12:45 Lunch, Exhibition & Networking


This session will split into streams to provide a closer insight of specific aspects of data protection from frontline data protection practitioners. The three streams will cover: data protection myths, privacy by design, and organisational engagement. Delegates will select one stream to attend.


13:35 Stream 1: Debunking Data Protection and Data Sharing Myths

  • Exploring common myths and misconceptions

  • Data protection says no

  • Clarity on data sharing

  • Raising awareness and changing perceptions

Alice Wilson, DPO, HEFESTIS & Lisa Powell, DPO, HEFESTIS

13:35 Steam 2: Engagement and Alignment 

  • The evergreen nature of data

  • Recognising what different roles & functions need to get out of data

  • Organisational buy-in: we all need to buy into it together and be on the same page

  • Are we still engaged post GDPR?

  • Activity must align with addressing risks

  • Balancing priorities


Paul Sherrard, Sr Proposition and DP Manager, Standard Life Assurance: part of the Phoenix Group

13:35 Stream 3: Privacy by Design

  • What does privacy by design look like in practice

  • How can you create a product that contains adequate built in safeguards

  • What does the roadmap look like, what are the key principles

  • What are the primary challenges

  • How can data protection work hand in hand with innovation

  • Internal collaboration, conflict resolution and troubleshooting

Elizabeth Fairley, COO, Talking Medicines 

14:10 Transition to Session 4



The recent explosion of data has driven huge strides forward in automation, personalisation, Machine Learning and Artificial Intelligence, accompanied by a raft of new products and services. But this explosion of data and new technologies has also created a wave of new challenges across privacy, security and DP. 


The final session will examine two prominent areas of discussion, data portability and AI regulation, and explore the balance between innovation and advancement with data protection, privacy and control. The conference will then conclude with a panel discussion considering some of the key DP challenges posed by emerging technologies.

14:15 Data Portability and the Rise of Data Intermediaries

  • The role of data portability as a vehicle of access, personal ownership and innovation

  • Features and benefits: diversity, control, choice

  • Data protection and privacy considerations

  • Progress and ongoing collaborations and open source tools

  • What it means to build portability in a privacy-protective way

  • Ensuring the internet remains a space characterized by growth and innovation

Calum Liddle, EEA Data Protection Manager, Facebook


14:35 Regulating the Use of AI

  • How do we as a regulator think about the use of AI and ML

  • What are the main challenges and liabilities facing organisations deploying AI

  • How can these be mitigated in practice

  • Exploring and understanding contentions in the law

  • Tangible advice and guidance 

  • Steps towards formalised guidance and operating frameworks

Ali Shah, Head of Technology Policy, ICO

14:55 Question & Answer Panel

  • Calum Liddle, EEA Data Protection Manager, Facebook

  • Ali Shah, Head of Technology Policy, ICO

  • Elizabeth Fairley, COO, Talking Medicines 

  • Alice Wilson, DPO, HEFESTIS & Lisa Powell, DPO, HEFESTIS

  • Paul Sherrard, Sr Proposition and DP Manager, Standard Life Assurance: part of the Phoenix Group

  • Mark Stephen, Journalist & Broadcaster, BBC Scotland

15:35 Closing Remarks

15:40 Networking Drinks Reception

16:30 Close of Conference


*The conference programme is provisional and subject to change and revision



This conference is now fully booked. To be added to the waiting list, please fill in the booking form below.


The conference is free to attend for Data, IT & Digital Leaders e.g. Data Protection Officers, CIOs, CDOs, IT Directors, IT Managers, Transformation Directors, ‘Heads’ of Digital, Digital Marketing,  Security, Architecture, Infrastructure etc.

If you are outwith this criteria, offer GDPR Training, Consulting, Security or IT products / services, or are a Recruiter then a £199 Delegate Fee applies.

Delegate Terms and Conditions
The online booking form constitutes a legally binding agreement. We cannot be held responsible for the non-arrival of registration information.

Cancellations must be submitted by 5pm 8th Dec 2019. Please click here or email Hannah.

Substitutions will be accepted if notified in writing before the event.  It may be necessary for reasons beyond the control of the organisers to alter the content and the timing of the programme or the identity of the speakers. Where conferences are free to attend, a £99 + VAT charge will be levied should the delegate fail to attend on the day and not notify the organisers before the specified time & date.
Data protection
The personal information provided by you will be held on a database by DIGIT and will be shared with exhibitors, sponsors and supporting organisations of the conference when permission is granted. All attendees will receive the weekly DIGIT newsletter & details of future events, this can be opted out of at any time.
If you are happy to share your details with event supporters, please check the box on the registration form or email
For more information and any further enquiries, please contact by email at or by phone 0131 553 9381 

The speakers list is provisional and subject to change.