At the PrivSec London conference on the 4th and 5th February, we enjoyed hearing how leading professionals in our field are tackling the many shared challenges of doing business under the changing needs of the 2020s.

Here are some final thoughts from the event’s keynote speaker, Baroness Neville-Rolfe, and from ourselves…


Baroness Neville-Rolfe (Member, European Union Committee, and a former minister under David Cameron, who was heavily involved in negotiating GDPR) said that data is the “oil equivalent” of an extraordinary digital revolution.

This revolution is now affecting almost everything on the planet. The effects are impossible to predict, but like other revolutions, this one started slowly and is now picking up speed.

There were some interesting official statements made by government, EU, or other regulators which indicate:

  • There’s an ever-growing concern about the harms of online activity (such as for young people, from fraud, and so on), which is being reflected in legislation and official guidances across the world.
  • China’s big tech companies are catching up with the major US firms.
  • The UK may be particularly exposed to cybersecurity threats.
  • The management of risk has gone up the corporate agenda.
  • EU rules provide a framework to recognise the reciprocity between the data standards of different countries, and the UK will fall inside that alignment thanks to our adherence to GDPR in the new Data Protection Act 2018.

Overall, PrivSec London 2020 was an extremely informative conference. The key things that we learned are:

  • A culture shift is needed in most companies in order to keep up with changing legislation and guidelines. This includes planning for privacy and cybersecurity, getting buy-in across an entire organisation by explaining it in the business terms of each department, and only using data for transparent, legitimate reasons.
  • Security and privacy are not the same thing, and pointing enquiries about privacy to security protocols is insufficient. It’s impossible to buy ‘compliance in a box’ as a solution to GDPR, which raised people’s awareness of the legal bases for processing data.
  • Cybersecurity is a serious issue; the majority of passwords may already be leaked, and Multi-Factor Authentication is a necessity. Most problems are caused upstream by system and configuration issues or poor procedures, but most money is being directed downstream at the consequences, and there are huge skill gaps in the field.

What we can do for you about all this – check out our offers to find out how we can help you with your data protection programme:

  • GDPR Consultancy and Project Management – From start to finish, we will help manage your data protection programme and provide all the advice you need to become compliant.
  • GDPR Gap Analysis – Identify potential risks quickly and affordably, and set out clear recommendations of what will need to be done in order to comply with the law.
  • Data Protection Officers as a Service – As well as helping implement the necessary changes in your business for GDPR, we may be able to help you save money managing your data protection and securing your reputation with your customers.
  • Data Protection Staff Training – We can provide in-person or online support to teach your staff and contractors anything from the very basics of GDPR to the more advanced areas of the regulation.

Our thanks to the following guest speakers at PrivSec London 2020:

  • Steve Wright, Partner, Privacy Culture Ltd, previously DPO for Bank of England, also John Lewis and Unilever previously
  • Baroness Neville-Rolfe, EU Committee member
  • Sheila Firtzpatrick, Fitzpatrick & Associates
  • Dave Horton, Solutions Engineer at OneTrust
  • Shaab Al-Baghdadi, OnlineDPO; Emily Johnson, Microsoft, Bill Karazsia, Fortive; Joao Torres Barreiro, Wills Towers Watson;
  • Charlie Wijsman, Accenture Global Data Privacy Lead
  • Damine Larrey, Microsoft; Dominic Johnston, Epiq Global; Damian Murphy, Lighthouse Global
  • Alberto Quesada, Global Head of Group Data Management, BNP Paribas
  • John Richardson, DMA, and formerly the Telephone Preference Service; Giorgia Vulcan, EU Privacy Counsel for the EU DPO Office, Coca-Cola; Or Lechner, Luminati Networks; Marie Bradley, Adam & Eve; Magali Fey, Anonos
    Ben Hawes, Benchmark initiative
  • Joan Keevil, Professional e-Learning Expert, SAI Global
  • David Clarke, Founder, GDPR Technology Forum; Beth Brookner, Privacy Counsel and Data Protection Officer, GVC Ladbrokes Coral; Steve Windle, Incident Response Lead for Europe & Latin America, Accenture; Cosimo Monda, Director, Maastricht European Centre on Privacy and Cybersecurity; Simon Hall, Privacy Consultant & DPO Coach, AwarePrivacy
  • Stuart Aston, National Security Officer, Microsoft
  • Greg Van Der Gaast, Head of Information Security, University of Salford
  • Meera Narendra, Journalist, Data Protection World Forum; Dr Shavana Musa, Legal Consultant and Academic, The University of Manchester;  Victoria Guilloit, Partner, Privacy Culture; Ally Pinkerton, Group Head of Information Security Governance & Assurance, Group Information Security Office, Bupa