Back to browse activities

As the new regime approaches, the law, the headline grabbing fines and new compliance requirements are now being grasped.

Preparations are underway but there’s still a way to go. GDPR means a complete overhaul of compliance processes, risk management, working structures and relationships with IT infrastructure and support.

Full description

As the new regime approaches, the law, the headline grabbing fines and new compliance requirements are now being grasped.

Preparations are underway but there’s still a way to go. GDPR means a complete overhaul of compliance processes, risk management, working structures and relationships with IT infrastructure and support.

This one-day GDPR event delivers an holistic, practical approach for the compliance and marketing functions offering an action plan which can be delivered in readiness for implementation on 25 May 2018.

Five reasons to attend:

  • There’s a month to go - update your business processes for the new compliance regime
  • Prepare yourself for the new e-privacy regulations
  • Privacy impact assessments are a necessity, so know their purpose and how they work
  • A case study from a law firm providing you with an opportunity to benchmark your own preparations
  • Marketing is at the forefront of the new regime, prepare your checklist of action points
Delegate feedback:
"Excellent practical insight into preparation/procedures of route to compliance. The ability to see their (Shoosmiths’) progress compared to my own firm. Highlighting practicalities of coordinating project was very helpful."
"Varied experience from a range of speakers, tailored to law firms"
"Very good – well-presented, nuts & bolts very practical and useful."
"Content was very useful in terms of providing an in-depth view of breach notification."
"Practical focus as opposed to legislation theory"
"Specific, focused, practical."
"Good, thought-provoking and relevant."


09:00     Registration and refreshments

09:30     Chair’s opening remarks

Mark Lubbock, Partner, Brown Rudnick LLP


09:40     Running a GDPR project for law firms: one month count down check list

  • Documenting your processing activities
  • Defining your lawful basis for processing
  • Defining your breach framework
  • Fair processing notices and privacy policies
  • Training, running a mock breach and checking again before implementation

Sara Ewen, Senior Manager, Data Governance, Ashurst


10:20     GDPR case study: Ashtons Legal

  • Internal project sponsors: risk & compliance, DP team, project collaboration
  • Gap analysis, workstreams, data inventory
  • Steps to compliance: regular meetings, what’s still outstanding: one month to implementation
  • Data breach management, client interaction, employee interaction, third party interaction
  • What should you be doing?

James Tarling, Partner, Ashtons Legal


11:00     Networking break


11:30     Law firm marketing: What to do now

  • Reviewing the consent regime: explicit and implied consent
  • How to determine whether your CRM system is GDPR compliant
  • Better post-consent email marketing strategies

Simon McNidder, CRM Database Consultant, Database First Aid Limited


12:15     Session to be confirmed     


13:00     Networking lunch


14:00     The proposed new e-privacy regulation and law firms, what you need to know

  • Application of the new regulations
  • What are the implications for communication with clients?
  • New rules for communications data: processing content and communications metadata
  • E-marketing rules

William Richmond-Coggan, Partner, Pitmans Law


14:40     GDPR – breach notification, practical considerations

  • What are the new obligations: when does the clock starting ticking?
  • Definition and responsibilities: latest Article 29 Working Party
  • Who do you need to call, what do you need to do?
  • Detecting and deterring breaches
  • When does a breach not have to be reported

Dai Davis, Technology Lawyer, Percy Crow Davis & Co Ltd


15:20     Networking break


15:40     How Microsoft technologies help with GDPR compliance

  • What does GDPR have to say about security measures - dissecting the requirements?
  • New data breach notification obligations and breach readiness
  • What are the GDPR relevant technologies: adapting to data portability, mobility and escalating security risks

Tristan Watkins, Head of Research & Innovation, Content & Code


16:20     Understanding the purpose of privacy impact assessments

  • Working party 29
  • Should they be the default?
  • The cornerstone of data flows and system risk
  • Knowing when to conduct privacy assessments
  • Using privacy impact assessments

David Clarke, GDPR consultant

17:00     Chair’s summary

17:30     Close of conference


Mark Lubbock

Partner, Brown Rudnick LLP

Mark Lubbock was until recently a partner in Ashurst's Digital Economy Group. Mark specialises in commercial technology and privacy law. He advises clients on a wide variety of both contentious and non-contentious matters and has extensive experience in the intellectual property, data protection, information technology, healthcare, e-commerce, outsourcing and commercial contracts practice areas. He advises clients on such issues in relation to a wide variety of industry sectors and on commercial arrangements, technology transfer agreements, trade mark licences and on outsourcing, development and procurement agreements with a technology focus, and in corporate and corporate finance transactions. Working alongside our corporate team, he also assists on the data protection and intellectual property, IT and data protection aspects of mergers and acquisitions, management buy-outs and buy-ins, joint ventures and flotations.

Profile image

Sara Ewen

Senior Manager, Data Governance, Ashurst

Profile image

James Tarling

Partner, Ashtons Legal

Simon McNidder

CRM Database Consultant, Database First Aid Limited

Simon has spent over 20 years using, managing and implementing CRM databases, mostly in professional services. Before he spent 15 years at Pinsent Masons, as their CRM database manager, implementing and managing their CRM systems during five mergers, he was at PwC. Whilst in-house at Pinsent Masons, he won two CRM industry awards. Simon now focuses on helping professional service firms find and implement the right CRM system within the right cost, set up processes so law firms can make the most of their investment, and sort out their data, for instance, from combining 200 spreadsheets into one.

Profile image

William Richmond-Coggan

Partner, Pitmans Law

Dai Davis

Technology Lawyer, Percy Crow Davis & Co Ltd

Dai is a Technology Lawyer. He read Physics at Keble College, Oxford and took a Master’s Degree in Computing Science at the University of Newcastle-upon-Tyne before qualifying as a Solicitor. He is a qualified Chartered Engineer and Member of the Institution of Engineering and Technology. Dai is an active member of the Society for Computers and Law in the United Kingdom and has been Chairman of its Northern Branch and a member of the Council of that Society. Dai has consistently been recommended in the Legal 500 and in Chambers Guides to the Legal Profession. Having been national head of Intellectual Property Law and later national head of Information Technology law at Eversheds for a number of years, Dai is now the principal in his own law practice, Percy Crow Davis & Co Ltd. He is based primarily in Leeds and London. Dai advises clients on intellectual property, computer and technology law including such topical matters as E-Commerce IT Security and Cloud Computing issues. He is primarily a non-contentious lawyer, specialising in advising on commercial agreements relating to software and technology products, including outsourcing agreements and web-related contracts. He also has considerable experience advising public bodies on data protection and freedom of information issues. A third “super specialism” that Dai has practised for over two decades is what can most easily be described as high-tech product safety. This involves advising on such technical legal matters as the law relating to CE Marking as well as advising on the practicalities of product safety and product recall. In the latter area Dai has considerable experience in the area of crisis management. Dai has been the convenor of the International Electro-technical Committee TC56 – Legal Advisory Working Group (IEC TC56 being the organisation which is responsible for drafting international maintainability and dependability standards). He therefore has considerable exposure to the drafting, interpretation and legal effect of standards. He has detailed experience on advising on the interaction between standards and the law, particularly in the area of CE Marking. Dai is a regular conference speaker and contributor to legal and technology journals. For the last decade, he has been a Council Member of the Licensing Executives Society of the United Kingdom, a body of professionals dealing in intellectual property licensing. Dai is also a Fellow of the Royal Society for the encouragement of Arts, Manufactures and Commerce.

Profile image

Tristan Watkins

Head of Research & Innovation, Content & Code

Profile image

David Clarke

GDPR consultant


Back to browse activities

You might also be interested in these activities