Click to view dynamic map
Data protection roadshow 2019

Date: 1st April 2019

Time: 09:00 - 15:30

Law Society of Scotland
Atria One
144 Morrison Street

CPD Hours: 5hours

Beginning with an introduction to the new legislation, the Data Protection Roadshow 2019 will then address the practical implications: relationships between data controllers, processers and subjects; implementing policies within your organisation and protecting yourself and your organisation from data breaches.

Book by 28 February to save 20% on the below prices with our Early Bird rate

Last year was a bumper year for data protection issues. Alongside the implementation of the General Data Protection Regulation and the Data Protection Act 2018, which imposed a whole new data protection regime, we saw – and continue to witness – the fallout from the Cambridge Analytica scandal. These, in addition to a number of high-profile hacks and leaks of personal data have led to matters of personal data and privacy setting the agenda like never before.

What does this mean for legal practitioners? Well, it means that in addition to ensuring that our clients’ data is managed in accordance with the law, we also have to constantly be aware of the practical aspects and risks: to consider what matters of the legislation are most relevant to our nature of work, and what problems we are likely to face.

Beginning with an introduction to the new legislation, the Data Protection Roadshow 2019 will then move on to address the practical implications: relationships between data controllers, data-subjects and processors ; implementing policies within your organisation and protecting yourself and your organisation from data breaches.

Why should I attend?

  • Learn about the key aspects of data protection regulation and how it affects your work
  • Review the ways your organisation uses data and how to implement the most effective data protection policies
  • Protect yourself and your organisation from data breaches and other cybersecurity risks

"Laura Irvine was excellent and very engaging. All speakers were very informative."

Edinburgh, March 2018

"All good, informative, engaging"

Edinburgh, March 2018

"All were friendly and interesting - I liked the humour (as otherwise dense without)! Good job!"

Edinburgh, March 2018

"All spoke very well, kept it interesting and engaging. Very good chair."

Edinburgh, March 2018

  • 09:00 - 09:30

    Registration and refreshments
  • 09:40 - 10:30

    Introduction and update: data protection legislation

    • What key changes were introduced by the GDPR and Data Protection Act 2018?
    • How is the regulator using its powers?
    • What are the implications of Brexit in relation to data protection? 
    • Where are we with contracts and data processors?

    10:30 - 11:20

    Data principles: legality, fairness, transparency

    • Fair processing information and how important it is
    • Privacy notices
    • Client confidentiality and the DPA 2018
    • Data Subject Rights

    Mark Chynoweth

    Mark is a former Army officer with a wealth of leadership, management and project management experience and qualifications. Trained at the Royal Military Academy Sandhurst and with a master’s degree from Cranfield University, Mark provides the management level interface between RGDP and its customers and he manages the Data Protection Officers who deliver RGDP’s services.   

    Tim Musson

    Tim focuses on training in data protection and information security, support for data protection compliance and information security and offering an outsourced data protection officer service.

    He is currently Convener of the Law Society of Scotland’s Privacy Law Committee, where he has contributed to consultations on the new EU General Data Protection Regulation and the Investigatory Powers Act. He is also a member of the Technology Law and Practice Committee.

    11:20 - 11:30

    Questions and discussion

  • 11:30 - 11:45

    Refreshments and networking
  • 11:45 - 12:35

    Breaches and breach reporting

    • As a law firm, what sort of issues do we need to think about in relation to personal data breaches?
    • What data breaches require to be reported to the ICO/data subjects?
    • What do I do if a breach does not require to be reported?

    Matthew McIlwaine

    Matthew is a graduate of The University of Dundee and qualified as a solicitor in 2012. In 2013 he took up the role of Data Protection Officer for RBS Global Human Resources which he held for five years.  In 2017 Matthew returned to RBS Legal to specialise in Privacy & Data Protection as legal counsel, a department he had been on secondment to when in private practice. Matthew has a keen interest in Privacy by Design and Default and is working with a number of internal Fintech initiatives currently. 

    12:35 - 13:25

    Social Engineering: Individual and Corporate Footprints

    • What do law firms need to think about in relation to staff and corporate information and the risks presented to the integrity?


    The Scottish Business Resilience Centre (SBRC) is a non-profit organisation which exists to support and help protect Scottish businesses.

    Our unique connection to Police Scotland, Scottish Fire and Rescue Service and Scottish Government gives us exclusive access to the latest information on legislation, criminal trends and threats, allowing us to provide the very best advice to safeguard your staff, customers and business.

    We offer a wide range of business resilience services, delivered by our expert team of trusted professionals, seconded police and fire officers and innovative Ethical Hacking students from Abertay University.

    We work in partnership to protect people, places and processes and we are constantly looking at new ways to keep businesses free from risk.

    13:25 - 13:35

    Questions and discussion

  • 13:35 - 14:20

    Lunch and networking
  • 14:20 - 15:20

    Practical workshop session

    We will provide examples of typical data protection issues a law firm may face and give you the opportunity to discuss these in groups.

    We then provide feedback highlighting the issues that should be considered and what lessons should be learned.


    • Personal data breach
    • Complaint about sharing data
    • Regulator requesting information
    • Cyber attack

  • Laura Irvine, Head of Regulatory team and Partner, Davidson Chalmers


prices exclude VAT

New member:
Accredited Paralegal:
Unemployed member:

Contact Us