Data Protection - 2025 Virtual Conference

Introduction

Chaired by Robert Bond, this annual conference explores a range of current and emerging issues in data protection, from key developments in UK GDPR enforcement to the latest case law, regulatory guidance, and practical challenges facing organisations today.

Conference Agenda

This live and interactive 5 hour conference will cover the following:

10am-11am: Assessing the Risk Assessments

Robert Bond, Bond & Bond Ltd.

Since GDPR we have focused our attention on Data Protection Impact Assessments and, more recently, Transfer Risk Assessments. However, we must not forget other risk assessments such as AI, Accessibility and Cyber Resilience, Online Safety, and more.

Morning Break

11:10am-12:10pm: Cybercrime Affecting Data Security - A Best Practice Update for Protecting Data

Dr Stephen Hill, Hill Bingham Ltd

The cybercrime threat environment is changing continuously and at a rapid rate, requiring real-time and proactive defence against data threats. Attacks are becoming increasingly sophisticated, with ransomware employing double extortion and AI-driven phishing based on human psychology. But here as well, despite all this innovation, human fallibility remains the primary vulnerability, and robust measures such as MFA and periodic security updates are essential. Ultimately, a multi-layered approach involving technology controls supplemented by heightened user vigilance is the secret to good data protection against today's threat-ridden environment.

This session will emphasise the importance of being informed about the latest cyber threats and the need to implement good security practices. This in essence will help organisations and individuals to significantly reduce the risk of falling prey to cybercrime.

12:10pm-1:10pm: Navigating Data Security and Privacy: The Intersection of GDPR, DSA & NIS2

Ian Beeby, Barrister

This session covers the interaction between GDPR and more recent EU law such as the DSA and NIS2 in relation to obligations on data controllers and processors to maintain high degrees of security and privacy. This is important because there have been a number of high profile data breaches and the number of these continues to increase, while there seems to be some considerable uncertainty about what measures are necessary to comply with the obligations put on the controller by the GDPR and now the new enactments.

Break for lunch

2-3pm: Age Assessment Without Documentary Evidence: Challenges & Legal Implications for Data Controllers

Ian Beeby, Barrister

An overview of the position regarding age assessment in the absence of documentary evidence. This refers to the consultations run by the ICO and others to see whether data controllers can determine the age of a data subject by some form of assessment that does not include documentary evidence - so for children. This is important because large tech organisations desperately want to serve children, children want the service (they say) and the law suggests that the data controller has to be satisfied that the child is over the minimum age or that valid parental consent has been given.

Afternoon break

3:15-4:15pm: International Data Transfers - Latest Update

Robert Bond, Bond & Bond Ltd.

Before computerisation manual data moved in a mono-directional manner, and then suddenly, in the digital age, personal data moves multi-directionally across jurisdictional boundaries. Whilst the EU set out rules for international data transfers to adequate and non-adequate countries, in recent years many other countries have created their own rules and requirements for data transfers. So what is the current landscape and what will the future look like?

Recording of live sessions: Soon after the Learn Live session has taken place you will be able to go back and access the recording - should you wish to revisit the material discussed.