GDPR for Professional Services Firms

GDPR is now with us. Yet one report says that only 20% of firms are GDPR compliant. Witness the countless emails which we all had the days and hours before implementation on 25 May 2018. Now we are into the new regime, professional services need to ensure they are ready for the rise in subject access requests, maintain staff training and stress test their breach notification processes. This event provides an essential update.


  • 14 November, 2018
  • 09:00 - 17:15
  • Grange Holborn Hotel, 50-60 Southampton Row, London, WC1B 4AR, United Kingdom (View Map)

Additional taxes may be applicable


09:00 Registration and coffee

09:30 Chair’s introduction

          Steve Connors, Partner, Haines Watts

09:40 Future proofing and forward planning your GDPR systems

  • Process mapping: personal data, safeguards and obligation
  • Process reviews: using tools, assessing data flows
  • Updating your audit - what and where your data is held, who uses it?

Vincent Rezzouk, Head of Data Privacy Services (GDPR/Privacy Shield) Services, Mazars UK

10:25 Case study: Handling subject access requests
Practical insights into how a publicly quoted company has developed process and procedures for subject access requests and breaches.

  • Updating your procedures in line with new information and timescales
  • Developing templated response letters
  • How to operationalise an efficient and effective subject access request

Bethan Cater, Group Head of Data Management, Wilmington plc

11:10 Morning networking break

11:30 Breach notification: stress testing the process

  • When does the clock start ticking?
  • Who do you need to call; what do you need to do?
  • Detecting and deterring breaches
  • When does a breach not need to be reported?

Dai Davis, Technology Lawyer, Percy Crow Davis & Co Ltd 

12:15 Technology round table forum
Evaluating your technology: compliance and governance

Steve Connors, Partner, Haines Watts
Jezz Gobran, Managing Director, i-Secured

12:50 Networking lunch

13:50 How has life in risk and compliance changed after GDPR D-Day (D as in data)
Panel discussion considering the challenges and risks that still lie ahead.

  • Data retention
  • Direct marketing - steering a course between seeking opt ins from everyone and a softer approach
  • Do law firms and accountancy firms need to appoint a data protection officer?
  • Dealing with transparency and accountability
  • Brexit and privacy shield update


Mark Lubbock, Partner, Brown Rudnick LLP


Natasha Chell, Partner & Head of Risk and Compliance, Laura Devine 

Gordon Jones, Business Service Partner, Kreston Reeves

Tony Cooke, Compliance Lawyer, Weil, Gotshal & Manges

14:40 Keeping your information and processes up to date by maintaining momentum and monitoring industry practice

  • Establishing industry best practice and applying it to your own business
  • Sharing experience across the professional sector with practical application
  • Practical responses to challenges across the professions

Mark Taylor, Technical Innovation Manager, Institute of Chartered Accountants in England and Wales 
John Mitchison, Director Policy and Compliance, Direct Marketing Association

15:20 Networking break

15:45  Avoiding data breaches – how IT can help share best practice on protecting yourself

  • Reduce the risk of data breaches by email 'fat finger' errors
  • Using Microsoft Outlook functionality to keep you GDPR compliant
  • Best practice for email construction to combat inadvertent disclosure

Fi Trench, IT Training Manager, Trowers & Hamlins LLP

16:25 Data protection risk assessment for professional services

  • Article 32: security of processing
  • Risk analysis, organisational policies - physical and technical measures
  • Article 25: privacy by default and design
  • Baking in data protection into your processes

Jezz Gobran, Managing Director, i-Secured 

17:00 Chair’s summary

17:10 Close of conference

Full Description

Benchmark your compliance programme six months into the new regime

Why you should attend:

  • GPPR evolves with new unexpected challenges. Future proof your systems by reviewing and mapping processes with your peers
  • Clients are becoming more GDPR savvy, prepare your staff and your procedures for subject access requests
  • An interactive panel session provides an update on professional best practice, allowing you to benchmark your knowledge
  • GDPR is risk management. Develop effective security procedures and policies for your organisation
  • Stress testing process - take away practical advice which you can implement back in the office
  • Benefit from a round up of shared experience, shared challenges and shared solutions in the open forum question and answer session
Speaker interviews and blog posts:
  • Mark Lubbock, Partner, Brown Rudnick LLP discusses some of the on-going challenges of GDPR. Watch the interview
  • Bethan CaterHead of group data management, Wilmington plc, offers a practioners view on the challenges of handling subject access requests and breach notifications. Watch the interview
  • GDPR – having missed your deadline for implementation of the Regulation, what are you doing now? Discussed by Steve Connors, Partner and Governance Risk & Compliance, Haines Watts. Read the blog post
  • Detailed process and data mapping is the cornerstone of a great GDPR compliance programme - yet many professional services firms have not invested enough resources into this vital task, according to Vincent Rezzouk, Head of Data Privacy Services (GDPR/Privacy Shield) Services, Mazars UK. Watch the interview.
Delegate feedback
"Specific, focussed and practical. Good, thought-provoking and relevant" Nick Crook, Partner, Heald Solicitors
"Good networking opportunities. Good insight into how other firms are handling this." Senior Compliance Manager, top 20 UK Law Firm
"Excellent practical insight into procedures of the route to compliance" Supervisor, Data Governance, Ashurst LLP
"Excellent practical insight into preparation/procedures of route to compliance. The ability to see their (Shoosmiths’) progress compared to my own firm. Highlighting practicalities of coordinating project was very helpful."
"Varied experience from a range of speakers, tailored to law firms"
"Very good – well-presented, nuts & bolts very practical and useful."
"Content was very useful in terms of providing an in-depth view of breach notification."
"Practical focus as opposed to legislation theory"
"Specific, focused, practical."
"Good, thought-provoking and relevant."

Top industry speakers

Dai Davis

Technology Lawyer, Percy Crow Davis & Co Ltd

Dai is a Technology Lawyer. He read Physics at Keble College, Oxford and took a Master’s Degree in Computing Science at the University of Newcastle-upon-Tyne before qualifying as a Solicitor. He is a qualified Chartered Engineer and Member of the Institution of Engineering and Technology. Dai is an active member of the Society for Computers and Law in the United Kingdom and has been Chairman of its Northern Branch and a member of the Council of that Society. Dai has consistently been recommended in the Legal 500 and in Chambers Guides to the Legal Profession. Having been national head of Intellectual Property Law and later national head of Information Technology law at Eversheds for a number of years, Dai is now the principal in his own law practice, Percy Crow Davis & Co Ltd. He is based primarily in Leeds and London. Dai advises clients on intellectual property, computer and technology law including such topical matters as E-Commerce IT Security and Cloud Computing issues. He is primarily a non-contentious lawyer, specialising in advising on commercial agreements relating to software and technology products, including outsourcing agreements and web-related contracts. He also has considerable experience advising public bodies on data protection and freedom of information issues. A third “super specialism” that Dai has practised for over two decades is what can most easily be described as high-tech product safety. This involves advising on such technical legal matters as the law relating to CE Marking as well as advising on the practicalities of product safety and product recall. In the latter area Dai has considerable experience in the area of crisis management. Dai has been the convenor of the International Electro-technical Committee TC56 – Legal Advisory Working Group (IEC TC56 being the organisation which is responsible for drafting international maintainability and dependability standards). He therefore has considerable exposure to the drafting, interpretation and legal effect of standards. He has detailed experience on advising on the interaction between standards and the law, particularly in the area of CE Marking. Dai is a regular conference speaker and contributor to legal and technology journals. For the last decade, he has been a Council Member of the Licensing Executives Society of the United Kingdom, a body of professionals dealing in intellectual property licensing. Dai is also a Fellow of the Royal Society for the encouragement of Arts, Manufactures and Commerce.

Gordon Jones

Partner, Kreston Reeves

Gordon moved to Kent and joined Kreston Reeves from University in 1987. He qualified as a Chartered Accountant in 1990 and in 2005 Gordon became a partner.
Gordon currently looks after a mixed portfolio including LLPs and partnerships. He specialises in regulated professions (Law Society, Chartered Surveyors, and Chartered Architects) and is a key member in the firm’s Professional Practices team. 
Gordon regularly contributes to the firm’s professional practices, In Practice, newsletter. The November edition of the newsletter can be found here, which includes two articles of Gordon’s news pieces;
• The changing role of the COFA; and
• Three steps to reduce residual balance.
Kreston Reeves
Kreston Reeves advise dynamic businesses, not for profit organisations, private individuals and families on all areas of business, tax and wealth. The firm helps people make confident decisions about the future.
With offices across London, Kent and Sussex and international reach via Kreston International, Kreston Reeves are dedicated to meeting and exceeding the needs of all their clients wherever their ambition takes them.
Kreston Reeves provide a full range of accountancy, business advisory and financial services that will help their clients achieve their personal and business goals.

Jezz Gobran

Jezz Gobran, Managing Director, i-Secured

Over the past few years Jezz and i-Secured have become a go-to company for data protection and information security in the Birmingham area. Known for having a practical straightforward approach which is methodical, clear and leaving no stones unturned he is a big believer in knowing and understanding the risks to information and privacy in order to effectively deal with them.

i-Secured work with a range of businesses from law firms to national retailers and of all sizes.

Mark Lubbock

Partner, Brown Rudnick LLP

Mark Lubbock was until recently a partner in Ashurst's Digital Economy Group. Mark specialises in commercial technology and privacy law. He advises clients on a wide variety of both contentious and non-contentious matters and has extensive experience in the intellectual property, data protection, information technology, healthcare, e-commerce, outsourcing and commercial contracts practice areas. He advises clients on such issues in relation to a wide variety of industry sectors and on commercial arrangements, technology transfer agreements, trade mark licences and on outsourcing, development and procurement agreements with a technology focus, and in corporate and corporate finance transactions. Working alongside our corporate team, he also assists on the data protection and intellectual property, IT and data protection aspects of mergers and acquisitions, management buy-outs and buy-ins, joint ventures and flotations.

Tony Cooke

Tony Cooke, Weil, Gotshal & Manges (London) LLP

Tony Cooke is a Compliance Lawyer in Weil’s London office. Within the compliance function he advises the London practice on all aspects of professional conduct, legal and regulatory compliance, governance and risk management. Tony is a New Zealand qualified barrister and solicitor and has appeared before the New Zealand High Court. He first experienced risk management and compliance when advising international clients on the largest statutory change in financial markets legislation in New Zealand. Since moving to London and Weil, Tony has taken specialist training in data protection law and advises the firm on data protection legislation and more generally on compliance policies, procedures and best practice. 

Natasha Chell

Natasha Chell – Partner, Head of Risk and Compliance – Laura Devine Solicitors 
Natasha is a solicitor with over 15 years' experience in UK immigration law, nationality and EU free movement. The firm acts for a broad range of clients from major multinationals to start-up businesses and individuals, including high profile/net worth private clients.   As the risk and compliance partner, Natasha is responsible for the firm’s compliance with legal and regulatory matters including GDPR. She has spent the last two years preparing for and implementing the firm’s GDPR policies and practices and can therefore provide insight as to the challenges for a small law firm. 

John Mitchison

John Mitchison - Director of Policy and Compliance, DMA

John has extensive in-depth knowledge of the data and marketing industries, with more than 20 years of experience in both. In recent years, he has worked closely with industry groups like the Data Protection Network and the DMA’s Responsible Marketing Committee as well as regulators like the Information Commissioners Office, Fundraising Regulator and Ofcom to develop guidance in a changing legislative landscape. His current focus is on issues around data protection, ensuring businesses can successfully prepare themselves for the upcoming EU General Data Protection Regulations (GDPR) and ePrivacy Regulations.

John is also the DMA’s media spokespeople and can often be seen offering comment in print, online, on radio and on TV. Prior to joining the DMA, John was a Client Services Manager for Acxiom, managing large data solutions for a number of key accounts. Before that, he worked at the Daily Telegraph, where he was responsible for generating data for their subscription acquisition program and production of direct marketing campaigns.

Mark Taylor

Mark Taylor, Technical Innovation Manager, Institute of Chartered Accountants in England and Wales 

A Fellow of the BCS (FBCS) and a Chartered IT Professional (CITP.) Mark has had a long and wide ranging career in IT. Previous roles include senior service delivery manager at PwC and working within a NHS doctors practice. At the ICAEW he helps members get the best out of technology through the creation of web and printed guides. His current focus is on data protection and cyber security.

Vincent Rezzouk-Hammachi

Senior Manager, Head of Data Privacy Services

Vincent is a Senior Manager in the Technology Solutions team (Mazars Consulting) and Mazars Head of Data Privacy and DPO services. He is qualified to practice law in France (Paris Bar) and CIPP/E certified, with over 9 years of experience in providing legal assistance to clients in compliance, in the areas of Competition/Antitrust law and Data Protection.

Vincent specialises in organisation compliance to regulations. He is currently involved in several projects before the European Commission and the French Competition Authority. He also assists organisations in implementing the new General Data Protection Regulations (GDPR) and the Privacy Shield (EU-USA agreement on Data Protection) in organisations processing personal or sensitive data related to EU individuals.

He ran over 50 projects for Mazars across industries in the past two years (gap analysis, implementation, GDPR audits and on-going support) and is the appointed Data Protection Officer for several organisations in financial services, tech and public sector.

Vincent is fluent in English, French, Spanish and has a good understanding of Italian. 

T: +44 (0)20 7063 4932 / E: 

Bethan Cater

Data Protection Officer, Wilmington plc

Bethan Cater is Wilmington plc’s Data Protection Officer.  In a data-driven world, Wilmington companies deliver information, education and networking products to the Professional, Healthcare, Compliance and Insurance markets.

Bethan’s career started with Wilmington in 1998 as the company began its journey from a traditional training provider and magazine publisher to the digital business it is today.  She started as an editorial researcher, moving up to Head of Editorial and then taking on the role of Publishing Systems Director for a Wilmington business focussed on charity financial data.

The consistent thread in her different roles in Wilmington is data and how it can be used to drive our businesses forward.  Since 2011 she has expanded her role to work on data projects across Wilmington plc, including managing Marketing technology systems and becoming the company’s Data Protection Officer.

Bethan is an active member of the Direct Marketing Association and the International Association of Privacy Professionals.

Fi Trench

IT Training Manager, Trowers & Hamlins LLP

Fi has had a wide-ranging career in IT training having previously worked for Freshfields, UBS and the Financial Conduct Authority. She also had her own IT training consultancy for over 10 years which gave her a breadth of knowledge and experience across a variety of industries: from Buckingham Palace and the British Red Cross to Lloyds of London and the Bank of England. She believes that building a training programme should start early on in the lifecycle of a project; the more IT training personnel are involved at the outset, the better the end result. The success of a software rollout can really be impacted by the involvement of IT training. Currently leading the IT Training team for Trowers & Hamlins, she is passionate about utilising IT training as a vehicle to increase productivity, save time and empower staff to maximise their potential. She believes that confidence in IT skills makes for a more fulfilled and happier employee. The focus is on delivering high-quality, tailored training sessions whilst embracing a blended learning approach as far as possible to accommodate all types of learners and learning styles. She sings with an award-winning acappella group and they are representing the UK next year at an international competition in New Orleans.

Think about reading...