CILN - Centre for Innovative Leadership Navigation


DATA PROTECTION: Whose Data is it Anyway?

Workshop Instructor's: 
Dr. Andrea C Simmons
Director of Consulting



Workshop Overview

2018 sees the most significant changes to Data Protection in a decade.  After a significant review process, the 1995 EU Data Protection Directive was updated and agreed on 14 April 2016, becoming the EU General Data Protection Regulation (GDPR).  This enhanced legislation goes live on 25th May 2018.  Given the breadth and scale of global data processing taking place, this regulatory change impacts all businesses processing personal data (personally identifiable information [PII]).  Data Controllers are no longer solely responsible for protecting personal data; Data Processors are, effectively, “jointly and severally liable”.  This workshop is designed to take you through the alterations that have occurred – and indeed the events that have led to the need for these changes.  This workshop aims to show to delegates the benefits of a holistic approach to the implementation of effective privacy strategies to protect personal information, as the essential part of the lifeblood of any organisation that seeks to develop and grow.  Personal Information is, after all, the “gold” that the cyber attackers are seeking out – so it behoves us all to join forces and ensure we understand the threats and address the challenges together in order to reduce the threat landscape and mitigate identified risks



  1. Data Protection concepts
  2. Changing culture
  3. It’s not your data...
  4. Identifying and managing information assets
  5. Incorporating cyber security as part of your overall Governance approach
  6. Building your Personal Information Management Systems (PIMS)


Instructor Profile

Andrea ( is an experienced information governance, risk and compliance (GRC) specialist with expertise in designing and delivering Data Protection/EU General Data Protection Regulation (GDPR), Privacy Impact Assessments (PIA) and Freedom of Information (FoI), Information Assurance (IA), Records Management (RM) and Information Security management programmes, training content, strategy and planning. This covers the breadth of both private and public sector compliance requirements including Data Handling, ISO27001, PCI, HMG SPF, CoCo, GCSx etc.  She has wide experience in both the private and public sector, both UK and global, implementing compliance programmes and information security management systems (ISMS).  As a qualified Psychotherapist and Hypnotherapist, all of this is done within the context of a deep understanding of human factors – and the need for the buy-in of users. 

Following the completion of PhD research into the changing landscape of Information Assurance (IA) understanding in the face of the growth of cyber security, Andrea has produced a trademarked framework for bringing all the requirements together, through the deconstruction of organisational silos – – i3GRC™, integrated and informed information governance, risk and compliance.


Benefits to Participants

  1. Opportunity to review the impact of the new GDPR – separating the fact(s) from the fiction
  2. Gain a factual, procedural and theoretical understanding of Information Governance, Information Security and Data Protection Strategies
  3. Improve familiarity with concepts related to data protection
  4. Understand the impact of the forthcoming EU General Data Protection Regulations (GDPR) and principles and their implications for information governance policies and practices
  5. Identify, select and use appropriate cognitive and practical skills, methods and procedures to address information governance ‘wicked problems’, e.g. the “right to be forgotten”
  6. Design, apply and review strategies to embrace the requirements to address privacy within the constructs of data protection and data transfer legislation and practices


Who should attend?

Anyone in security or governance, risk & compliance (GRC), including: CIOs, CDOs, CIGOs, cyber threat analysts, cyber security analysts, information security analysts, CISOs, CSOs, director of security, executive protection, physical security, IT Department Managers, IT Security Engineers, Information Assurance Analysts/Officers/Managers, Security Systems Administrators, Senior IT Security Consultants, Data Security Strategists, IT Security Leads, Security Systems Specialists, Senior Security Architects, Legal team, Auditors, Finance team, Procurement team, Information Management specialists.


Date and Time

10.00 P.M. TO 13.00 P.M.


Cost: £100
For further details please Email: