Data Protection - 2025 Virtual Conference

Introduction

Chaired by Robert Bond, this annual conference explores a range of current and emerging issues in data protection, from key developments in UK GDPR enforcement to the latest case law, regulatory guidance, and practical challenges facing organisations today.

Conference Agenda

This live and interactive 5 hour conference will cover the following:

10am-11am: Reforms to the UK Data Protection and e-Privacy Laws

Robert Bond, Senior Counsel, Privacy Partnership Law

The Data (Use and Access) Act 2025 is amending the current UK Data Protection and e-Privacy regime.

This session will explain the impact of DUAA.

• Changes to lawful grounds for processing
• Changes to cookies rules
• Codes of Conduct
• Smart data
• Verification services
• Improving public services
• Corporate restructuring of the ICO

Morning Break

11:10am-12:10pm: Cybercrime Affecting Data Security - A Best Practice Update for Protecting Data

Dr Stephen Hill, Hill Bingham Ltd

The cybercrime threat environment is changing continuously and at a rapid rate, requiring real-time and proactive defence against data threats. Attacks are becoming increasingly sophisticated, with ransomware employing double extortion and AI-driven phishing based on human psychology. But here as well, despite all this innovation, human fallibility remains the primary vulnerability, and robust measures such as MFA and periodic security updates are essential. Ultimately, a multi-layered approach involving technology controls supplemented by heightened user vigilance is the secret to good data protection against today's threat-ridden environment.

This session will emphasise the importance of being informed about the latest cyber threats and the need to implement good security practices. This in essence will help organisations and individuals to significantly reduce the risk of falling prey to cybercrime.

12:10pm-1:10pm: Navigating Data Security and Privacy: The Intersection of GDPR, DSA & NIS2

Ian Beeby, Barrister

This session covers the interaction between GDPR and more recent EU laws, such as the DSA and NIS2, in relation to obligations on data controllers and processors to maintain high levels of security and privacy. This is important because there have been a number of high-profile data breaches, and the frequency of these continues to increase. At the same time, there appears to be considerable uncertainty regarding the measures necessary to comply with the obligations imposed on the controller by the GDPR and the new enactments.

Break for lunch

2-3pm: Age Assessment Without Documentary Evidence: Challenges & Legal Implications for Data Controllers

Ian Beeby, Barrister

This session provides an overview of the position regarding age assessment in the absence of documentary evidence. This relates to the consultations conducted by the ICO and other bodies to explore whether data controllers can determine the age of a data subject through some form of assessment that does not include documentary evidence, specifically for children. This is important because large tech organisations are eager to serve children, children want the service (or so they claim), and the law suggests that data controllers must be satisfied that the child is over the minimum age or that valid parental consent has been given.

Afternoon break

3:15-4:15pm: Data Protection Laws Outside the UK and EU

Robert Bond, Senior Counsel, Privacy Partnership Law

The majority of countries now have some form of data protection law. It is interesting to see how much influence the GDPR has on global data protection laws.

This session will cover:

• The history of data protection concepts
• Common privacy principles
• Similarities between jurisdictions
• The US landscape
• International data transfer rules
• Is there a ‘one size fits all’ opportunity?

Recording of live sessions: Soon after the Learn Live session has taken place you will be able to go back and access the recording - should you wish to revisit the material discussed.