Event roundup: UK Data Protection Update | Resources
Xcina Blog

Event roundup: UK Data Protection Update

We welcomed over forty Privacy, Risk and Compliance professionals at the City of London Club on 1st December for a breakfast and networking seminar titled UK Data Protection Update: Taking Stock & Navigating the Road Ahead. The event was run under the Chatham rule.


Background and keynote

The introduction of the General Data Protection Regulation in 2018 marked a dramatic change in data protection legislation, paving the way for a growing global regulatory landscape. With further developments and proposed UK data protection reforms on the horizon, it was an excellent opportunity to review the pain points, lessons learnt from GDPR, and the benefit


The keynote speaker was Glen Hymers, Head of Data Privacy & Compliance and Information Assurance at the UK Government Cabinet Office.

He was joined in the panel discussion by:

Catherine Bowen-Walker (Group Data Protection Officer at Vitality)
Evie Kyriakides-Stenhouse (Group Head of Privacy and Chief Privacy Officer at Natura & Co)
Giulia Carnà (Data Protection Counsel at ACI Worldwide – EMEA)
Adrian Leung (Data Protection Officer at Equifax UK)


Panel Discussions

The interactive panel discussions were chaired by Lindsey Domingo (Senior Director and Regulatory Compliance Lead at Xcina Consulting) and covered the following topics:

How to ensure a harmonised approach for international firms operating in the UK

At least in its original version, the proposed DP reform may involve some departure from the GDPR. We spoke about the importance of maintaining adequacy. We also discussed some design principles and criteria international firms could consider applying when implementing a common framework whilst allowing for local flexibility.


GDPR pain points and challenges

GDPR came into force in 2018, and many organisations did what they felt was required to get over the line by the 25th of May. However, four and a half years later, we’re finding that many organisations still fail to comply with several requirements.

The panellists were asked to share their experience of the most common GDPR pitfalls, obstacles and challenges. Those were numerous and related to the following:

  • Education
  • ROPAs
  • The regulatory complaints process
  • Data retention
  • Consent
  • Third parties
  • Data transfers
  • New technologies
  • Limited privacy resources

Lessons learnt since the implementation of GDPR

The panel was asked to discuss the lessons learnt since the implementation of GDPR, taking into consideration data breaches, enforcement action, and any other relevant examples they could comment on, whether based on direct experience or publicised cases.

These lessons can be summarised under the following themes:

  1. The importance for organisations to be able to show their workings (e.g. ROPA, DPIA and training) in line with the Accountability principle
  2. The ROPA is the fundamental cornerstone without which organisations can’t have an informed view of data protection compliance
  3. Privacy by design and data minimisation
  4. Upfront engagement with key stakeholders within the organisation
  5. Capitalising on issues such as data breaches
  6. Dealing with the regulator
  7. The data retention challenge
  8. How the term ‘breach’ is often misunderstood and overused
  9. How PECR should not be overlooked, given that many recent enforcement cases and fines related notably to marketing and the use of Cookies.

Polling question


We conducted a brief poll of the participants in the room to find out how many people were confident that their organisation complies with all applicable Privacy requirements, including the Data Protection Act 2018 & UK GDPR and the Privacy and Electronic Communications Regulation (PECR).

The majority were not in a confident or comfortable position.  We emphasised that whilst absolute compliance was unrealistic, organisations needed to achieve a defensible position.


Data protection and consumer trust

The most obvious downside for organisations that do not comply with privacy obligations would be potential breaches, enforcement action including fines, and reputational damage. The panel discussed the upside, in other words, the added value for those organisations which comply with the requirements. Privacy compliance and transparency can be positive competitive differentiators and help achieve higher consumer trust and loyalty.

Questions from the audience

Further discussions touched on the following aspects:

  • The growing use of ad tech
  • BYOD and acceptable use
  • Third-party due diligence
  • Data transfer agreements, including negotiating with prominent industry players
  • The structure and composition of data protection teams

Concluding remarks

Xcina Consulting has been assisting clients in achieving a defensible position with regard to their compliance with data protection requirements, including PECR. Feel free to contact us for a free consultation and to understand how we have helped organisations like yours.

To participate in our future discussions, stay up to date as we announce new dates and address wider topics by emailing us at info@xcinaconsulting.com, or join our guest list for future events.   Join the guest list  




If you missed our last event or any of our earlier ones in the Regulatory Compliance or Information Security series, further details of the discussions are shared at the pages below: 



Operational Resilience, Outsourcing and Third-Party Risk Management >>

Thursday 20 October, 2022


Compliance Challenges amidst Regulatory Changes >>

Thursday 22 September, 2022

















War and Ransomware – More
Cyber Instability >>

Thursday 25 August, 2022


Financial Crime >>

Thursday 9 June, 2022


We’d love to hear from you

We have a strong track record in providing risk advisory services with a focus on governance, regulatory compliance, conduct and culture, data protection, and third-party assurance. We help organisations successfully address governance, risk management and compliance challenges.

To discuss how the areas highlighted in this post, or any other aspect of risk management, information governance or compliance impact your business, speak with our team, tell us what matters to you and find out how we can help you navigate complex issues to help you deliver long term value.

If you have any questions or comments, or if there’s anything you would like to see covered, please get in touch by emailing Xcina Consulting at info@xcinaconsulting.com. We’d love to hear from you.

Lindsey Domingo

Senior Director

Speak to me directly by Email, or
Telephone: +44 (0)203 745 7826

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>