In October, the Data Protection Practitioners’ Conference 2024 (DPPC24) was filled with insightful discussions, expert panels, and practical advice for navigating the ever-evolving world of data protection. The event, hosted by the Information Commissioner’s Office (ICO), centred on the theme “Empowering Through Engagement” and covered various crucial topics, including cybersecurity, Consent, Artificial Intelligence (AI), Data Breaches, and career opportunities in Data Protection.
A Day Packed with Insights
DPPC24 started with a keynote speech by Information Commissioner John Edwards, who set the tone for the day by emphasising the importance of involving everyone—from senior management to everyday staff—in fostering a culture of data privacy. The agenda then featured sessions such as a cybersecurity panel on “Availability – the forgotten corner” and an inspiring talk from Jeni Tennison, discussing how to make consent processes more meaningful. The day also included a panel on career pathways in data protection and ended with insights from Baroness Jones of Whitchurch on the future of online safety.
For those who couldn’t attend, catch-up videos and session recordings are available on the ICO’s event page, providing a valuable resource to revisit key takeaways.
The Importance of Engagement
The overarching theme “Empowering Through Engagement” was evident throughout the day, underscoring that data protection is not just about ticking boxes for compliance. It’s about involving all stakeholders in creating robust, proactive privacy practices. Each session contributed practical insights aimed at helping organisations not only meet regulatory requirements but also foster a deeper culture of data protection.
Main Topics Covered
1. Cyber Security
The cybersecurity panel emphasised that incidents are not a matter of “if” but “when” and stressed the importance of preparation. Simple measures, such as multi-factor authentication and regular vulnerability scans, can go a long way in fortifying defences. Key points from the session include
- Emphasised the inevitability of cyber incidents and the importance of preparation, including having an incident response plan.
- Discussed the significance of multi-factor authentication (MFA), vulnerability scanning, and patch management to mitigate risks
2. Consent
Consent was discussed as a legal necessity and a practice that should empower individuals. Jeni Tennison’s session highlighted the social pressures that can make genuine consent challenging and advocated for alternative approaches that respect individual choices. Key takeaways included;
-
•Highlighted consent limitations in privacy practices, especially under social pressures or coercive settings.
-
Stressed the need to engage individuals throughout the consent process and provide meaningful alternatives
3. Artificial Intelligence (AI)
The sessions on AI provided insights into its growing role in data processing. They covered how organisations can implement AI safely while mitigating risks like data bias and maintaining transparency. Key points:
- Covered risks associated with AI include data bias, accountability, and transparency challenges.
- Suggested thorough data protection impact assessments (DPIAs) before implementing AI tools and ensuring AI systems align with data protection principles
4. Data Breaches
Data breaches were reframed as technical failures and events with profound human consequences. A session dedicated to this topic called for more compassionate, trauma-informed responses. Key points:
- Data breaches have profound psychological and social impacts beyond the immediate data loss. If not handled compassionately, the response can worsen the harm.
- Emphasised documenting the harm caused and incorporating trauma-informed approaches in breach responses
5. Privacy Careers
The panel on career pathways illustrated that there is no single route to data protection. Training and career development are varied, and this field is accessible to people from diverse backgrounds. Key highlights
- There is no single career path in data protection. Training and experience can come from various backgrounds.
- The ICO does not give direction of specific qualifications for becoming a Data Protection Officer (DPO)
- You don’t need to be a legal professional to be a DPO.
Why DPPC24 Matters
DPPC24 wasn’t just about presentations but about sparking a conversation on how organisations can better protect data by engaging everyone. Whether you’re new to data protection or a seasoned professional, the event offered something for everyone—reminding us all that a collaborative approach is key to navigating the complexities of today’s data landscape.
Stay tuned for the next post in this series, where we’ll dive into preparing for cyber incidents and enhancing your organisation’s cyber resilience.
Articles in the series