My techlaw talk – EU Data Protection Regulation

Welcome to join me on the 30th September 2013 at the BCS Office, London.
Admission Free – Limited Places available
To attend please register via this BCS link:

Details of the event:
BCS – The Chartered Institute for IT
Joint Event BCS LAW SG and IRMA

Monday 30 September 2013
18:00 for event start
18:30 event end 20:30

FILMING: This event may be filmed and recording could be used for future publicity.

Legal issues concerning Data Privacy and Technology generated by the Draft (2012) EU DP Regulation presented by Cher Devey

New legal issues concerning data privacy and technology have arisen from the recently drafted (January 2012) EU General Data Protection Regulation (Draft EU DP Regulation) that should be of immediate interest to lawyers, compliance officers, as well as IT professionals. This revised regulation will eventually replace the current Data Protection Act of 1998.

Early this year a draft report on the Draft EU DP Regulation was released by the MEP Jan Phillipp Albrecht. This Albrecht report (the Report) proposes 350 amendments and has been widely reviewed and commented on, not only in the EU but also with mixed reactions from the US industry and government.

Besides the controversial concepts underpinning the proposals (e.g. the Right to be forgotten), technological measures for protecting personal data and the compliance incentives (in terms of penalties) have also stirred heated debates. The Report also stresses the accountability approach and measures including data protection assessment. In particular it introduces the concept of the ‘producer’. Broadly, the ‘producer’ is the entity that creates automated data processing or filing systems to be used by data controllers or data processors. Potentially the ‘producer’ needs to comply with ‘privacy by design’ and ‘privacy by default’ principles. While the exact scope is still in the making, the introduction of such concept has implications for software and hardware designers and developers.

There are many messy questions not only stemming from the data privacy law but also from the confluence of this and technology. Potential topics for discussion;

What do we understand by ‘privacy by design’ and ‘privacy by default’ principles?

Is data protection assessment a data privacy risk assessment or more?

How do organisations assess or identify data privacy and potential exposure to data related events (theft, misuse, abuse)?

The aims of these topics are to invite participants to share their stories, and also explore what are the challenges ahead.

The format of the evening will be a facilitated forum driven by attendees’ questions and discussions.

The Draft EU General Data Protection Regulation

The Albrecht Report;

Facilitator Profile
Cher Devey

Cher Devey (BSc, MBA, DipIntArb) has particular expertise in technology and computers matters affecting businesses and individuals. She has the benefit of having worked as senior IT Consultant (as Project Manager/Business Architecture/Business Analyst) for several major global investment banks and software service providers. Besides her professional IT qualifications, being a Chartered Engineer (CEng) and a Certified Information Technology Professional (CITP, British Computer Society), she has also studied specialist modules in computer and communications law (LLM with Queen Mary College, London).She is also a Fellow of the Chartered Institute of Arbitrators (FCIArb) and an accredited CIArb Mediator.

As from October 2013, Cher will be a PhD student (with Studentship) with the Centre for Cyber Security Sciences, City University London.
She occasionally blogs at
Her research site at

For overseas delegates who wish to attend the event please note that BCS do not issue invitation letters.

Cancellation Policy
In the event of cancellation the delegates will be told well in advance. BCS reserve the right to cancel any event. BCS is not responsible for hotel or travel costs. No refunds will be given after 18 March 2013.

Bookings close 29 September 2013 at 23:59.


Electronic Privacy
As a body for IT professionals BCS Group regularly communicates with its interested parties by email. I understand that BCS Group will not pass on my email address to other organisations.

Data Protection Act 1998
BCS Group will hold your personal data on its computer database and process it in accordance with the Act. This information may be accessed, viewed and used by the Society for administrative purposes and conducting market research. All of these purposes have been notified to the Commissioner. If you are based outside the European Economic Area (the ‘EEA’), information about you may be transferred outside the EEA in accordance with the requirements of the Act.

Further information about this and other BCS activities is available via the website,
else via email to Law SG Branch Chair, Jennifer Dean at:

One Comment

  1. admin
    Posted April 2, 2016 at 1:33 pm | Permalink

    Slides and video of the talk are available via;

Post a Comment

You must be logged in to post a comment.