SOLD OUT - BP, London


Roundtables for exchanging ideas on planning and managing
a GDPR compliance programme

BT, London, 23 November 2016, 14.00h.-17.30h.
BP, London, 19 January 2017, 14.00h.-17.30h. Sold out
Google, London, 23 March 2017, 14.00h.-17.30h. Sold out

This session is sold out but you may add your name to the list for future Help! sessions in London, Leeds and Birmingham by emailing 

This series of three roundtables for peer group exchange will focus on managing the EU General Data Protection Regulation (GDPR) compliance process. Regulators and policy makers will not be invited to these roundtables.

Whatever happens with Brexit, your organisation will continue to trade with some of the 30 countries in the European Economic Area and you need to ensure that your organisation is complying with the GDPR.

The emphasis will be on sharing experience to help you organise and manage the process rather than giving legal advice on the impact of the GDPR.

The roundtables will be hosted by companies and take place in London in November 2016 and January and March 2017. Hosts will report on progress in their organisations. In addition, you should expect to discuss your plans with the group. Everyone learns and benefits from this participatory process.

The first roundtable will be hosted by Mark Keddie, Chief Privacy Officer, BT Group on 23 November at its office near St. Pauls in central London.

The second roundtable will be hosted by Ellis Parry, Global Lead - Data Privacy, BP Legal, BP Oil International Ltd on 19 January 2017 at its office in Canary Wharf, London

The third roundtable will be hosted by Google, on 23 March 2017 in London. 

Each group will be limited to 25 people to facilitate discussion in a relaxed atmosphere.

A summary will be prepared after each session by Privacy Laws & Business on a non-attributable basis for distribution to the group.

The programme is below but everyone who registers will be able to suggest amendments within the scope of each session to help ensure that the programme is closely aligned with your needs.

You are welcome to e-mail with your offer to share your experience of what you are doing, or planning to do, on one or more of the points in the programme, and suggestions for amending the programme.

Each session qualifies for 3 CPD hours.

Every Privacy Laws & Business event qualifies for accredited CPD hours for the purposes of the England and Wales Solicitors Regulation Authority’s requirements. Please quote AQJ/PLBU when applying for the points with the SRA.


This session is sold out but you may add your name to the list for future Help! sessions in London, Leeds and Birmingham by emailing

The fee is £200 + VAT.

An invoice will be sent to everyone who registers. You will need to pay in advance to attend these sessions.


Roundtable 1: Planning
BT, London, 23 November 2016

1. Data mapping

2. Constructing a plan to ensure consistency across your organisation and assessing the human and financial resources you need to achieve it, for example, defining the role of Data Protection Officer, agreeing where the role would fit in your organisation, and proposing a budget and timeline

3. Cultivating potential allies, for example, Chief Financial Officer, Head of Internal Audit, Chief Information Officer, Head of Information Security, Head of Risk

4. Gaining time and attention from your board/top management in terms appropriate for your corporate culture, for example, data breach management, risk of fines

5. Making your case to obtain and secure more resources from top management, for example, corporate and personal liability of directors, reputation management

Roundtable 2: Execution
BP, London, 19 January 2017

6. Rights of data subjects

7. Subject access and the right to erasure (the Right to be Forgotten)

8. DP by Design and Default, DP Impact Assessments, data retention and data breaches

9. Data protection governance and strategy  

Roundtable 3: Reviewing progress
Google, London, March 2017

10. Adapting your policies and procedures with the help of other departments and external resources if necessary

11. Planning and conducting audits and reviewing results

12. Planning and conducting training and reviewing results

13. Keeping track of your project plan

14. You have reached your destination?