GDPR Help! Roundtable - Maintaining momentum


HSBC, London


Hosted by


- Maintaining momentum

- The ICO’s way ahead for certification and codes of conduct


Date: 28 November 2018, 09.00h.-17.30h.

Location: HSBC, Canary Wharf, London

Host:  Cameron Craig, Deputy General Counsel - Group Head of Data Privacy, HSBC, UK

Guest session from the ICO:  Helen Moores, Senior Policy Officer


Six months after the adoption of the GDPR and the UK Data Protection Act 2018, this Roundtable is your opportunity to discuss the practical steps you are taking and how they are working in practice.


09.00 Registration
09.30 Welcome and Introductions
09.50 International Data Transfers and Brexit
10.25 The extra-territorial effect of the GDPR and the uncertainty introduced by the words "offering of goods or services" to individuals in the EU
11.00 Coffee
11.30 Efficient management of data subject access requests
12.30 The Market Research Society’s work with two European associations to create a GDPR Research Code
13.00 Lunch
14.00 The ICO’s new developing policies on Certification and code of Conduct
Helen Moores, Senior Policy Officer, Information Commissioner’s Office
15.00 Developing a data protection certification or code of practice framework on personal financial data and digital marketing
15.45 Tea
16.00 Breach management from beginning to end of an event
16.45 Keeping records of processing activities
17.30 Close





Helen Moores, Senior Policy Officer ICO, will join the Roundtable to explain the ICO’s new policies on certification and codes of conduct, important methods supporting companies’ duty to demonstrate accountability. Certification is a new area for European data protection law with many issues to resolve. Codes of conduct can enable sectors to act together, addressing common issues that will be hard to solve in isolation.

Your dialogue with Helen will give you plenty of time to ask questions and discuss the implications for your company and sector. We can expect her to cover:

  1. What are the essential elements of certification and codes of conduct?
  2. Who will conduct validation and how will the process work?
  3. Which sectors will receive priority for certification and codes of conduct?
  4. To what extent will companies have an opportunity to participate in the development of the ICO’s procedures for certification and codes of conduct?
  5. To what extent will adherence to accredited certification provide a defence against ICO enforcement action?
  6. While the UK is in the Brexit transition period for the next year or so, to what extent will there be coordination on this issue between Data Protection Authorities in different Member States?
  7. If Brexit goes ahead, will the ICO continue to utilise EU-wide certification and codes of conduct?


Following the session with Helen, you will have the opportunity to discuss with other members of the group how you envisage working within this new framework combining flexibility with responsibility.

A follow-up report will be produced by the PL&B editorial team after the Roundtable summarising the issues and action points without identifying the names of organisations or those reporting on their experience. The anonymity of this arrangement gives everyone involved the confidence to speak freely.

This series is hosted by companies rather than law firms to ensure that the emphasis is on practical experience rather than legal advice. We greatly appreciate HSBC hosting this event.

This event is limited to 25 people to facilitate discussion in a relaxed atmosphere. Lunch is included, ideal for networking.

CPD hours. This event qualifies for 6 SRA Continuing Professional Development hours.
Every Privacy Laws & Business event qualifies for accredited CPD hours for the purposes of the England and Wales Solicitors Regulation Authority’s requirements.
Please quote AQJ/PLBU when applying for the points with the SRA.



Registration Fee: £400 + VAT per person
To register: e-mail 


Registration Policy

  • Registration by email constitutes a firm booking and an undertaking to pay the full conference fee.
  • Full payment of your fees is required prior to the event.
  • A VAT invoice will be sent to everyone who registers.
  • If you are unable to attend the conference for any reason, you may make substitutions at no additional charge but you must inform us in advance.
  • If you wish to cancel your booking, you must do this by 22 October 2018. Either an administration fee of 20% will be payable or you will receive a full credit towards another PL&B service. If full payment has already been made, the balance (less the administration fee) will be refunded.
  • If your cancellation notice is NOT received by 22 October 2018, you will be liable for payment of the full fee and will not be entitled to any refund.
  • We will be taking photos during the event and you may be included.
  • Please contact us if you have any questions.


Information on the GDPR Help! Roundtables

This Roundtable will be the 7th in a series which began in November 2016. See information on the most recent series. Members of the group agreed in April to hold this session to discuss their progress at a point 6 months after the GDPR fully applied.