Conference Registration


Conference Welcome


GDPR recap, exploring the role of the data protection officer and whether you need to appoint one

Sophie Thring and Rachel Mills, associates, Geldards

Opening the conference, Thring and Mills will set the scene providing a quick overview of the new General Data Protection Regulations (GDPR) which come into force in May. The introduction will touch on the areas the conference will explore in further detail such as marketing consent and legitimate interest and security. They will also delve deeper into the question of whether dealer groups need to appoint a data protection officer, the remit of this role and the kind of issues this person would expect to face and ways to deal with them. They will also ask practical questions around whether DPO responsibilities should be fulfilled at dealer or group level or both.


How marketers can and should contact their database under GDPR

Zach Thornton, external affairs manager, Direct Marketing Association

Covering the headline parts of GDPR relevant for the marketing industry, this session focuses on consent and legitimate interests which will undoubtedly form the basis for on-going communications. The presentation will also offer some top tips on what marketers can do now to get ahead which will incorporate third party data, legal bases for processing data (legitimate interest and consent) and legacy data. In addition, with changing attitudes to privacy as important as the new regulation itself, Thornton draws on the DMA’s research into consumer attitudes to privacy.




Refreshments & Networking


Telephone and privacy data - Will EU privacy laws prevent you from calling your customers in future?

Toni Vitale, partner, Winckworth Sherwood and Simon Hinks, senior marketing consultant, PMA

The regulation on telephone contact with the public is governed by privacy law - currently that’s the Privacy and Electronic Communications Regulations (PECR), but the use of data on those to be called is governed by data law. PECR will be replaced by the EU e-Privacy Act, and data law by GDPR. But managers are likely to view the data and privacy laws as one and the same thing at ground level. This session given by members of the Telephone Compliance Council will explore how data and privacy laws affect day-to-day activity in practical terms in dealerships in relation to telephone calls, the form future legislation could take, how to prepare and how to ensure employees remain compliant. There will be real case history examples of what can go wrong, and how to get it right.


How to prevent a data breach, common pitfalls and what to do should the worst happen

Todd Gifford, head of cyber, Optimising IT

The new data regulations require organisations to take risk into account when managing data and implement measures to protect the data they hold. Managing risk particularly in the online space is complex, although breaches can occur off-line as easily as online, such as if a phone or laptop is lost or information is left on a desk in a showroom. Turning cyber security and data protection into a tangible action plan can be difficult to comprehend and typically bosses will think they have information security covered, when in reality a basic gap analysis/audit often reveals glaring gaps and risks. This session explores an organisation’s obligations under GDPR, highlights the common information security flaws and ways to mitigate – as well as obligations under the new regulations, this includes when to report a breach to the Information Commissioner’s Office (ICO) and when you are obligated to inform customers.




Lunch & Networking


Key Note Speaker - How GDPR could put you out of business and how to make sure it doesn’t

Ardi Kolah, executive fellow and director of the GDPR transition programme at Henley Business School, founder of compliance company GO DPO® editor-in-chief, Journal of Data Protection & Privacy 

When one of world's leading business schools warns the significant consequences of failing to comply with the higher standards of data protection, privacy and security under GDPR, it's worth taking this seriously. Ardi Kolah LL.M will challenge the sector to seize the opportunity for doing more with personal data by deepening digital trust. He will address the need to focus on reputation, not just regulation and to demonstrate that it's transparent and accountable. In a shifting regulatory landscape, awareness and training for anyone handling personal data is a legal requirement under the GDPR. The sanctions and fines for getting this wrong can put dealerships out of business and severely dent consumer trust and confidence in the sector. The session includes clear explanations of practical steps the motor industry must now take in order to achieve these new standards and avoid the punitive sanctions and fines.




Panel Discussion - Inc Key Note Speaker


Closing Address


Refreshments & Networking