Data Governance Conference


This conference took place on 9 March 2018

9 March 2018 | 9.00am - 3.30pm | Hallam Conference Centre, London


Whether you are a listed business, a small private company, public sector or not-for-profit, the need for effective data governance has never been greater.

The value of good data governance underpins the General Data Protection Regulation, or GDPR. Due to popular demand we are revisiting our Data Governance Conference, taking a closer look at the regulation and asking, what does good data governance actually look like? This conference will emphasise the importance of boards grasping the significance of data governance, and will reflect upon how compliance presents opportunities, not just obligations. We will also address the importance of not just complying in time for implementation, but ensuring that the right strategies are in place to ensure compliance continues once implemented.


09.00 Registration, tea/coffee

Chair’s opening remarks

Charis Evans, Business Development Director, ICSA


GDPR: the main points

In this session we will lay out the key provisions of GDPR, from breach notifications to fines, data retention, the role of the data officer and issues around consent. We will also untangle the jargon included in the legislation, analyse who the main players are in enforcement and establish what the regulation is setting out to achieve.

Alaister Johnson, Managing Associate, Linklaters LLP


Countdown to implementation

The introduction of the GDPR represents a significant shift in the way that organisations must handle the data it holds and they should have strategies in place to ensure compliance come 25 May 2018. In this session we will look at what organisations should have done by now, and what they should be looking to do after implementation to ensure business runs as usual.

Ivana Bartoletti, Principal Data Protection Consultant, Gemserv


Networking tea and coffee break

Sponsored by: OneTrust


Using GDPR to gain a strategic advantage

Boards who have approach GDPR as simply a tick box exercise in compliance to be delegated to operations staff, are putting themselves and their entire organisations at risk. Also, by not building GDPR into their overall strategy, organisations will be at a competitive disadvantage to those that do. We take a look at how company secretaries can effectively contribute to ongoing strategy discussions, helping to improve their organisation’s overall efficiency, sustainability and resilience.

James Leaton Gray, Director, The Privacy Practice


Risk management: Assessing your vulnerabilities

Recent cyber-attacks have led to the theft of hundreds of thousands of pieces of customer data and resulted in serious fines and reputational damage for the companies involved. Using real-life case studies, we take a look at the lessons to be learned from recent cyber-attacks and what might happen if a breach occurs under GDPR.

Dr Victoria Wang, Senior Lecturer on Security and Cybercrime, University of Portsmouth


Embedding a data protection culture

Even the best data protection policies and systems will only go so far in reducing an organisation’s exposure to cybercrime and accidental data loss. With more employees sharing data and accessing work documents outside the office, it is imperative that organisations educate their employees on the fundamental aspects of best practice in cyber security and data protection.

Rob Shapland, Principal Cyber Security Consultant, First Base Technologies LLP


Networking lunch

Sponsored by: Diligent & Blueprint Oneworld


ICSA guidance on GDPR

This session will provide brief overview of ICSA’s new guidance which looks to help company secretaries in supporting the board in their GDPR obligations. The guidance highlights the key issues requiring changes to current data practice at a managerial level, and what information the board will need in order to provide effective leadership and oversight.

Liz Bradley, Policy Manager (Corporate), ICSA

Download ICSA's free new guidance note to help with the legal requirements of GDPR


Panel discussion and workshop

The demands of the new regulation will mean different things depending on the size and complexity of your organisation. This session allows delegates to share the particular challenges they are facing in their own organisations in small groups and gain insight and advice from the panellists’ experiences.

Liz Bradley, Policy Manager (Corporate), ICSA

Andrew Fairhurst, Head of UK Secretariat, Legal & General Group plc

Miriam Fine, Associate (Solicitor), Baker McKenzie LLP

Phillippa Caine ACIS, Association Secretary and Data Protection Officer, The Guide Dogs for the Blind Association


Final remarks

Charis Evans, Business Development Director, ICSA

15.40 Close of conference

*This is a draft programme and may be subject to change.


Ivana Bartoletti

Ivana Bartoletti, Principal Data Protection Consultant, Gemserv

Ivana Bartoletti is a Principal Consultant in Privacy and Data Protection, at Gemserv. Her years of experience in the field span the public and private sectors, including senior roles in the NHS, Barclays and Sky.

Ivana holds a Master of Laws degree (LLM) with a Distinction and a postgraduate management degree in European Public Affairs.

Phillippa Caine

Phillippa Caine ACIS, Association Secretary and Data Protection Officer,
The Guide Dogs for the Blind Association

Phillippa is an experienced governance professional and has worked as a Company Secretary, with responsibility for data, across a number of sectors. She has been Association Secretary at Guide Dogs since November 2012 and before that she was Company Secretary at Southern Housing Group after leaving a similar role at CORGI.

Whilst each sector has offered different opportunities and challenges, Phillippa believes that the golden thread of sound governance and data practices has been consistent throughout!

Phillippa is an Associate of the Institute of Chartered Secretaries & Administrators, holds a Practitioner Certificate in Data Protection and is an NLP Practitioner.

Liz Bradley

Liz Bradley, Policy Manager (Corporate), ICSA

Liz Bradley is a qualified solicitor and works as a Policy Manager at ICSA, supporting the production of research, guidance and responses to consultations.

Her strong interest in corporate governance has developed from a legal background. Liz graduated from Christ Church, Oxford, in 2010 with a first class honours degree and two prizes in Law with Law Studies in Europe – a degree that also involved a year studying German law at the University of Bonn.

After gaining invaluable commercial experience working in Bristol, she went on to train in the City with the magic circle law firm Slaughter and May in 2013. Liz qualified as a solicitor in 2015, having completed seats including tax and financial regulation, as well as work for FTSE 100 clients on corporate transactions of international significance.

Charis Evans

Charis Evans, Business Development Director, ICSA

Charis is ICSA’s Business Development Director. In this role, she is responsible for developing new technical capabilities and services across the organisation, and leads the publishing, web and IT teams.

Charis joined ICSA in 2013 as Head of Marketing with responsibility for brand development, communications and data.

Previous in-house and consultancy roles have been with educational publishers, Collins and Granada Learning, heritage organisations including the V&A and the Imperial War Museum and digital business, principally recruiters and start-ups in the creative industries.

Andrew Fairhurst

Andrew Fairhurst, Head of UK Secretariat, Legal & General Group plc

Andrew joined Legal & General as a Company Secretarial Assistant from Hogg Robinson in 1987 where Andrew performed a number of roles within the Group Secretariat. In 1990, Andrew was appointed Company Secretary of the Financial Services businesses. In 1995, he was asked become Company Secretary for the Legal & General Investment Management business. During his time with Legal & General Investment Management Andrew built and ran a standalone Company Secretarial function and was company secretary to and launched a number of investment trusts. In 2002, Andrew returned to the Group Secretariat as Assistant Group Secretary and in 2006 he was appointed Deputy Group Secretary. In October 2011, Andrew was asked to return to the business and create a UK Secretariat team to provide Co Secretarial and Governance services to Legal & General’s Insurance, Retirement and Savings businesses. Andrew is a member of the ICSA Co Sec Forum.

Andrew holds a Post Graduate Diploma in Company Administration. He is a Fellow of the Institute of Chartered Secretaries and member of the Chartered Institute of Management and Fellow of the Institute of Directors.

Miriam Fine

Miriam Fine, Associate (Solicitor), Baker McKenzie LLP

Miriam is an associate in Baker McKenzie LLP's IT/Commercial practice. The IT/Commercial practice specialises in providing clients across the telecoms, media and technology industry with practical legal support in relation to licensing, outsourcing, commercial, telecoms, consumer and data protection compliance.

Miriam regularly advises clients on how to comply with complex data protection laws. She is currently supporting a range of businesses in the run up to implementation of the General Data Protection Regulation, and focuses on enabling those clients to identify compliance gaps in their businesses, as well as prioritising and implementing key remediation steps.

James Leaton Gray

James Leaton Gray, Director, The Privacy Practice

At The Privacy Practice James provides bespoke consultancy services in Data Protection and Privacy for a variety of companies and sectors. These range from financial services and retail, through to law and digital services. James specialises in privacy implementation advice, GDPR readiness reviews and strategic data policy guidance. He also designs integrated privacy programmes, for example for the BBC’s personalisation and big data capability. As well as running the Privacy Practice he is a Consulting Director at Deloitte and lead Privacy Consultant at Kemp Little.

For over 10 years he headed the BBC’s Information Policy and Compliance Department overseeing the corporation’s systems for compliance with the Data Protection and Freedom of Information Acts. Before that he worked on a variety of policy and management roles in the BBC following a career in current affairs and political programmes production.

Alaister Johnson, Managing Associate, Linklaters LLP

Alaister is a Managing Associate in Linklaters’ technology practice, with extensive experience advising clients on complex domestic and international information management and data privacy issues.

He regularly advises on all aspects of the General Data Protection Regulation and has worked on a wide spectrum of privacy projects, ranging from cross-border transfer solutions (including several BCR applications), multi-jurisdictional data protection compliance reviews and major data security incidents, to issues surrounding lawful interception and retention of content and data.

Alaister is also heavily involved in counselling clients on the privacy implications of cloud computing.

He is listed in the 2017 Legal 500 as a “next generation lawyer” for data protection, privacy and cybersecurity.

Rob Shapland, Principal Cyber Security Consultant, First Base Technologies LLP

Rob Shapland is an ethical hacker with 9 years’ experience conducting penetration tests for hundreds of organisations, from small businesses to major international organisations. He specialises in simulating advanced cyber-attacks against corporate networks, combining technical attacks with his other hobby of dressing up and tricking his way into company headquarters using social engineering techniques.

He is also a regular speaker at events and conferences around Europe, and has appeared on both BBC and ITV as a cyber security adviser. He holds qualifications from SANS, Offensive Security and CREST, and has been trained in social engineering techniques by Chris Hadnagy, one of the world's leading practitioners and researchers.

Victoria Wang

Dr Victoria Wang, Senior Lecturer on Security and Cybercrime, University of Portsmouth

Victoria is the Principal Investigator for a £360k project (EPSRC, UK) on Data Release: Trust, Identity, Privacy and Security; and is a Co-Investigator of the annual Cyber Security Breaches Survey (HM Government).

Her current research ranges over cyber/information security, surveillance studies, social theory, technological developments and online research methods.

Her latest research projects involve data release and its related issues of trust, privacy and security; a general formal theory of digital identity and surveillance; formal methods for monitoring, data collection and interventions; the criminal Darknet; and security threats and management measures in organisations.


Board Intelligence logo

Board Intelligence enables your board to make smart decisions by equipping them with high quality information in the boardroom. Board Secretaries can plan effective agendas, Management can write concise reports and Board Directors can read their board packs — all on one ultra-secure platform.

Visit to find out more.

Diligent is a leading provider of secure corporate governance and collaboration solutions for boards and senior executives. Over 4,700 customers in more than 75 countries and on all seven continents rely on Diligent to provide secure, intuitive access to their most time-sensitive and confidential information, ultimately helping them make better decisions. The Diligent Boards (formerly Diligent Boardbooks) solution speeds and simplifies how board materials are produced, delivered and collaborated on via any device, removing the security concerns of doing this by courier, email and file sharing.

Blueprint OneWorld is a global web-based entity management and corporate governance solution, allowing you to access and manage your corporate compliance data 24/7, anytime, anywhere. With more than 25 years of experience, thousands of users worldwide, across every conceivable industry, our client base features many of the largest companies in the world. Our commitment to providing highly secure and integrated solutions is the reason why many FTSE 100, FORTUNE 500, EURONEXT 100, ASX 50 trust us to manage their corporate information to deliver good governance.

Visit: and

OneTrust is a leading privacy management software platform used by more than 1,500 organisations globally to comply with data privacy regulations across jurisdictions, including the EU GDPR.

Powered by deep privacy research, our comprehensive and integrated platform includes readiness assessments, privacy impact assessments (PIA/DPIA), data mapping automation, website scanning and cookie compliance, subject rights and consent management, incident reporting, and vendor risk management.

OneTrust is co-headquartered in London, UK and Atlanta, GA with a global team of CIPP-certified privacy and technology experts.

Visit to find out more.

You are on the “Data Governance Conference” page.

Search ICSA