Data Governance Conference: Risks and opportunities of GDPR

3 November 2017 | 9:00am–3:30pm | America Square Conference Centre, London

Whether you are a listed business, a small private company, public sector or not-for-profit, the need for good and effective data governance has never been greater.

The value of good data governance underpins the General Data Protection Regulation, or GDPR. In ICSA’s latest technologies conference, we took a closer look at the regulation and asked, what does good data governance actually look like? We emphasised the importance of boards grasping the significance of data governance, and reflected upon how compliance presents opportunities, not just obligations. Small group workshops also offered delegates the chance to share and get advice on the unique challenges they face.

Delegates also received a copy of ICSA's forthcoming guidance on GDPR, which was launched at the event and available to download now.


09.00 Registration, tea/coffee

Chair’s opening remarks

Charis Evans, Business Development Director, ICSA


GDPR: the main points

In this session we will lay out the key provisions of GDPR, from breach notifications to fines, Data retention, the role of the data officer and issues around consent. We will also untangle the jargon included in the legislation, analyse who the main players are in enforcement and establish what the regulation is setting out to achieve.

Alaister Johnson, Managing Associate, Linklaters LLP


What does good data governance look like?

The introduction of the GDPR represents a significant shift in the way that organisations must now handle and store all the personal data it holds. To do this effectively boards must truly understand what data they hold and the risks and opportunities this date presents.
Only then can a robust data governance framework be embedded that ensures adequate protection and accountability.

Simon Loopuit, CEO, Trust-Hub

11.00 Networking tea and coffee break - Sponsored by: Brainloop logo

Using GDPR to gain a strategic advantage

Boards who approach GDPR as simply a tick box exercise in compliance to be delegated to operations staff, are putting themselves and their entire organisations at risk. Also, by not engaging with the bigger strategic opportunities, organisations will be at a competitive disadvantage to those that do. We take a look at how Company Secretaries can effectively contribute to strategy discussions, helping to improve their organisation’s overall efficiency, sustainability and resilience.

James Leaton Gray, Director, The Privacy Practice


Risk management: assessing your vulnerabilities

Recent cyber-attacks have led to the theft of hundreds of thousands of pieces of customer data and resulted in serious fines and reputational damage for the companies involved. Using real-life case studies, we take a look at the lessons to be learned from recent cyber-attacks and what might happen if a breach occurs under GDPR.

Dr Victoria Wang, Senior Lecturer on Security and Cybercrime, University of Portsmouth


Embedding a data protection culture

Even the best data protection policies and systems will only go so far in reducing an organisation’s exposure to cybercrime and accidental data loss. With more employees sharing data and accessing work documents outside the office, it is imperative that organisations educate their employees on the fundamental aspects of best practice in cyber security and data protection.

Rob Shapland, Principal Cyber Security Consultant, First Base Technologies LLP

13.00 Networking lunch

ICSA guidance on GDPR

The ICSA’s guidance looks to help company secretaries in supporting the board in their GDPR planning. The guidance highlights the key issues requiring changes to practice at a managerial level, and the information the board will need to consider in order to provide effective leadership and oversight.

Liz Bradley, Policy Manager (Corporate), ICSA


Panel discussion and workshop

The demands of the new regulation will mean different things depending on the size and complexity of your organisation. This session allows delegates to share the particular challenges they are facing in their own organisations in small groups and gain insight and advice from the panellists’ experiences.

Liz Bradley, Policy Manager (Corporate), ICSA

Andrew Fairhurst, Head of UK Secretariat, Legal & General Group plc

Miriam Fine, Associate (Solicitor), Baker McKenzie LLP

Jeremy Small, Group Company Secretary, AXA UK plc


Final remarks

15.40 Conference closes

*This is a draft programme and may be subject to change


Liz Bradley

Liz Bradley, Policy Manager (Corporate), ICSA

Liz Bradley is a qualified solicitor and works as a Policy Manager at ICSA, supporting the production of research, guidance and responses to consultations.

Her strong interest in corporate governance has developed from a legal background. Liz graduated from Christ Church, Oxford, in 2010 with a first class honours degree and two prizes in Law with Law Studies in Europe – a degree that also involved a year studying German law at the University of Bonn.

After gaining invaluable commercial experience working in Bristol, she went on to train in the City with the magic circle law firm Slaughter and May in 2013. Liz qualified as a solicitor in 2015, having completed seats including tax and financial regulation, as well as work for FTSE 100 clients on corporate transactions of international significance.

Charis Evans

Charis Evans, Business Development Director, ICSA

Charis is ICSA’s Business Development Director. In this role, she is responsible for developing new technical capabilities and services across the organisation, and leads the publishing, web and IT teams.

Charis joined ICSA in 2013 as Head of Marketing with responsibility for brand development, communications and data.

Previous in-house and consultancy roles have been with educational publishers, Collins and Granada Learning, heritage organisations including the V&A and the Imperial War Museum and digital business, principally recruiters and start-ups in the creative industries.

Andrew Fairhurst

Andrew Fairhurst, Head of UK Secretariat, Legal & General Group plc

Andrew joined Legal & General as a Company Secretarial Assistant from Hogg Robinson in 1987 where Andrew performed a number of roles within the Group Secretariat. In 1990, Andrew was appointed Company Secretary of the Financial Services businesses. In 1995, he was asked become Company Secretary for the Legal & General Investment Management business. During his time with Legal & General Investment Management Andrew built and ran a standalone Company Secretarial function and was company secretary to and launched a number of investment trusts. In 2002, Andrew returned to the Group Secretariat as Assistant Group Secretary and in 2006 he was appointed Deputy Group Secretary. In October 2011, Andrew was asked to return to the business and create a UK Secretariat team to provide Co Secretarial and Governance services to Legal & General’s Insurance, Retirement and Savings businesses. Andrew is a member of the ICSA Co Sec Forum.

Andrew holds a Post Graduate Diploma in Company Administration. He is a Fellow of the Institute of Chartered Secretaries and member of the Chartered Institute of Management and Fellow of the Institute of Directors.

Miriam Fine

Miriam Fine, Associate (Solicitor), Baker McKenzie LLP

Miriam is an associate in Baker McKenzie LLP's IT/Commercial practice. The IT/Commercial practice specialises in providing clients across the telecoms, media and technology industry with practical legal support in relation to licensing, outsourcing, commercial, telecoms, consumer and data protection compliance.

Miriam regularly advises clients on how to comply with complex data protection laws. She is currently supporting a range of businesses in the run up to implementation of the General Data Protection Regulation, and focuses on enabling those clients to identify compliance gaps in their businesses, as well as prioritising and implementing key remediation steps.

James Leaton Gray

James Leaton Gray, Director, The Privacy Practice

At The Privacy Practice James provides bespoke consultancy services in Data Protection and Privacy for a variety of companies and sectors. These range from financial services and retail, through to law and digital services. James specialises in privacy implementation advice, GDPR readiness reviews and strategic data policy guidance. He also designs integrated privacy programmes, for example for the BBC’s personalisation and big data capability. As well as running the Privacy Practice he is a Consulting Director at Deloitte and lead Privacy Consultant at Kemp Little.

For over 10 years he headed the BBC’s Information Policy and Compliance Department overseeing the corporation’s systems for compliance with the Data Protection and Freedom of Information Acts. Before that he worked on a variety of policy and management roles in the BBC following a career in current affairs and political programmes production.

Alaister Johnson

Alaister Johnson, Managing Associate, Linklaters LLP

Alaister is a Managing Associate in Linklaters’ technology practice, with extensive experience advising clients on complex domestic and international information management and data privacy issues.

He regularly advises on all aspects of the General Data Protection Regulation and has worked on a wide spectrum of privacy projects, ranging from cross-border transfer solutions (including several BCR applications), multi-jurisdictional data protection compliance reviews and major data security incidents, to issues surrounding lawful interception and retention of content and data.

Alaister is also heavily involved in counselling clients on the privacy implications of cloud computing.

He is listed in the 2017 Legal 500 as a “next generation lawyer” for data protection, privacy and cybersecurity.

Simon Loopuit

Simon Loopuit, CEO, Trust-Hub

Simon is a serial entrepreneur and experienced CEO with a successful track record in investment banking, software, and technology services. He is CEO & Founder of trust-hub, the UK’s leading data privacy technology platform and winner at the 2017 Cyber Security awards.

Simon believes that GDPR is more than just compliance, it’s about digital disruption, competitive advantage and risk mitigation. He is well versed in the practical impact of GDPR on areas such as the supply chain, insurance, rights management and strategic programmes. All of which can be managed through the trust-hub SaaS platform.


Rob Shapland, Principal Cyber Security Consultant, First Base Technologies LLP

Rob Shapland is an ethical hacker with 9 years’ experience conducting penetration tests for hundreds of organisations, from small businesses to major international organisations. He specialises in simulating advanced cyber-attacks against corporate networks, combining technical attacks with his other hobby of dressing up and tricking his way into company headquarters using social engineering techniques.

He is also a regular speaker at events and conferences around Europe, and has appeared on both BBC and ITV as a cyber security adviser. He holds qualifications from SANS, Offensive Security and CREST, and has been trained in social engineering techniques by Chris Hadnagy, one of the world's leading practitioners and researchers.

Jeremy Small

Jeremy Small, Group Company Secretary, AXA UK plc

Jeremy is an experienced Company Secretary with wide-ranging technical and commercial experience in manufacturing, services and financial services industries, who has extremely good relationships with chairmen, directors and senior executives, and is often used as a sounding board for commercial propositions, strategy and cultural issues. Jeremy led an international team to develop a direct to consumer wealth management product and for several years he has actively sponsored talent and development programmes, providing coaching and mentoring support in the UK, France and Germany.

At AXA, he introduced board evaluation and instigated a number of innovations to improve the culture and smooth running of board meetings. In 2010, through CriticalEye, a business networking organisation, Jeremy published an article on directors and decision-making, and in 2011, he published an article on leadership in M&A. He has also published an article about the role of the Chairman, via Fidelio Partners in 2015. He acts as an informal advisor on a range of corporate governance matters and was a member of the CBI Companies Committee for 10 years.

Victoria Wang

Dr Victoria Wang, Senior Lecturer on Security and Cybercrime, University of Portsmouth

Victoria is the Principal Investigator for a £360k project (EPSRC, UK) on Data Release: Trust, Identity, Privacy and Security; and is a Co-Investigator of the annual Cyber Security Breaches Survey (HM Government).

Her current research ranges over cyber/information security, surveillance studies, social theory, technological developments and online research methods.

Her latest research projects involve data release and its related issues of trust, privacy and security; a general formal theory of digital identity and surveillance; formal methods for monitoring, data collection and interventions; the criminal Darknet; and security threats and management measures in organisations.


Brainloop logo


Founded in 2000, Brainloop is a market-leading provider of highly secure Corporate Governance and Collaboration Solutions for managing confidential information and sharing files internally and externally. The Brainloop Board Solution is a platform for board and executive teams to manage communications efficiently and securely.

Thousands of companies worldwide, including 80% of DAX30, rely on Brainloop. They achieve greater productivity without the need to worry about security – document versioning is automated, board packs are easily created, updated and securely delivered to directors’ devices; corporate compliance issues are met fully and regulatory requirements fulfilled.

Cyber Data Solutions

Cyber Data Solutions Ltd offers a unique Data Insurance policy underwritten by Allianz that protects business critical data against All Risks in the same way conventional “All Risks” insurance protects physical hardware assets. CDS Data Insurance determines a fair agreed indemnity value for the data to be insured. To validate your Policy a CDS accredited BaaS Managed Service Provider will back-up the defined data in an accredited Insured Data Environment or IDE (at a frequency determined by you). If you lose your data (or permanent access to it), the policy will return the insured critical data from the IDE or, in the unlikely event that the data cannot be returned, the policy will pay you the appropriate indemnity value of lost data. With enhanced GDPR regulations calling for even more diligent data risk management, CDS Data Insurance offers our customers a unique and, more importantly, an appropriate Insurance solution.

Visit the web site: to find out more.

Computershare Governance Services

Computershare Governance Services offers corporate governance and compliance solutions to help companies transform their business practices and stay ahead of ever-changing market dynamics. We address today's global compliance challenges through entity management, insider management, board governance, registered agent services and regulatory filing solutions. Clients use our software to assist them with the administration, governance and compliance of over 250,000 legal entities across more than 160 jurisdictions. Leading companies from all market segments look to our team of governance specialists for proactive ways to stay compliant and minimize risk in an ever increasing regulatory environment.
Founded in 1978, Computershare is renowned for its expertise in high integrity data management, high volume transaction processing and reconciliations, payments and stakeholder engagement. Many of the world’s leading organizations use us to streamline and maximize the value of relationships with their investors, employees, creditors and customers.

Visit for more.


Diligent & Blueprint OneWorld

Diligent is a leading provider of secure corporate governance and collaboration solutions for boards and senior executives. Over 4,700 customers in more than 75 countries and on all seven continents rely on Diligent to provide secure, intuitive access to their most time-sensitive and confidential information, ultimately helping them make better decisions.

Blueprint OneWorld is a global web-based entity management and corporate governance solution, allowing you to access and manage your corporate compliance data 24/7, anytime, anywhere.

Visit and to learn more.

How to book


Members: £250 +VAT

Students: £100 +VAT

Non-members: £325 +VAT


This conference took place on 3 November


America Square Conference Centre
No.1, America Square,
17 Crosswall,


contact us using the online form or phone: 020 7612 7032

Search CGI