Understand your obligations as a healthcare professional

What you can and cannot do with Patient Information

What exemptions apply and the implications they have for university hospitals and research conducted in hospitals

A one-day conference

Talbot Hotel, Stillorgan, Co. Dublin

Date: 24th October 2018

6 CEU Points Certified By Nursing & Midwifery Board of Ireland (NMBI)

Data gathering, data management and data security are high profile and important topics, and arguably the highest profile sector under the spotlight for compliance and proper process is the healthcare sector. A full understanding of your obligations, the law and security requirements when related to your management of data security is vital.

This intensive one-day conference will offer expert insight and information on important issues such as how Data Protection applies to the health sector, what can and cannot be done with patient information, the key responsibilities of data control officers, how to conduct an audit, guidelines on data management & retention, and much more.

See below event programme for a full list of key topics to be covered on the day.

CMG events typically sell out quickly, so prompt booking is strongly advised to secure your place at the early bird rate Save €100.00 – Early Bird Rate is €345.00 + VAT (Normal rate €445.00 + VAT)

Please note the early bird discount can close sooner than expected once a certain amount of seats fill up, therefore your prompt booking is strongly advised to avoid disappointment

Book your place now!

6 Structured CPD Points




Registration with tea, coffee and pastries


Opening Remarks / Conference Chair

Angela Madden, Managing Director, Rits Information Security


Data Controllers Role in healthcare services

  • Health system challenges (data sharing, retention, discussing personal data with relations and 3rd parties)
  • Items raised by DPC review of 20 hospitals
  • Evaluating breaches and the need to report to DPC and data subjects
  • Governance, reporting and the DPO role


  • Rules to follow
  • Ensuring transparency
  • Hidden cameras

Speaker: Liam McKenna, Partner, Mazars


Data Protection and Healthcare Research

  • Governance of Health Research under GDPR, Data Protection Act 2018 & Health Research Regulation
  • Definition of Health Research & GDPR requirements for Health Research
  • Obligations under Health Research Regulation -both ongoing and new research projects – Implications for Health Research
  • Consent Exemption
  • Concession to data subject rights 
  • Biobanks

Speaker: Mary Kirwan, Lecturer and Barrister, RCSI 


Data Protection and Direct care

Speech privacy 

How to handle patient information correctly – guidelines on data management & retention

Speaker: Tracy Elliott, Senior Consultant, BH Consulting


Coffee break and chance to network


Application of Privacy by Design in a Healthcare context and the implications of the data sharing inherent in the industry

  • Privacy Considerations within the context of the Electronic Patient Record
  • Data sharing and the eHealth identifier

Speaker: Peter Davey, Castlebridge


Data Protection and Audit

Speaker: Sara Bloomer, Data Protection Consultant, Colleary & Co.


Q+A Session


Lunch and chance to network


Data Protection & Freedom of Information Requests in the Healthcare System:

  • Exploration of the key provisions of the Freedom of Information Act 2014 
  • The right of access to records the principle of maximum disclosure
  • The commonly invoked exemptions to access in healthcare setting
  • understanding the “public interest” test
  • Examples of key recent decisions from the Office of the Information Commissioner 

Speaker: Claire Hogan, Barrister-at-Law, The Law Library


Healthcare exemptions & data breaches

Data Breaches

  • Criteria for a Data Breach – Mechanisms for detecting, investigating a Breach
  • Aspects to consider prior to reporting to Commissioner, as well as to impacted Data Subjects
  • Completion of Breach Notification – Report and Breach Incident Log
  • Learning from the Breach incident

Health Exemptions

  • List of exemptions which apply
  • Circumstances under which an exemption can be claimed
  • Appeal against exemptions
  • Policies and protocols to ensure compliance

Speaker: John Ghent, CEO, Sytorus


Data Classification in healthcare Services

  • The “norm” of AI in the health sector, for better or for worse.
  • A look at the rigidity of procedure currently in the healthcare system and the need to adhere to carefully defined and agreed terms.
  • The importance of data classification as the first step in delivering formal knowledge.

Speaker: Plamen Petkov, post-doctoral researcher working in close collaboration with Castlebridge


Q&A session


Conference Close

Mary KirwanMary Kirwan

Barrister and Lecturer RCSI

Mary is a barrister and lecturer at the Royal College of Surgeons in Ireland.

Read more

She teaches medical law on the undergraduate and postgraduate Ethics programme in the RCSI.

She is a dissertation director for the MSc Healthcare Ethics and Law course and provides training seminars in hospitals on medico/legal issues.
Mary Kirwan is a graduate of the National University of Ireland Galway and the Honorable Society of Kings Inns.

Mary is also a winner of the Law Society of Ireland Justice Media Award for her writing on current legal topics. She has written extensively in the area of law, including a weekly legal column in the Irish Independent, and is a frequent legal contributor in national and local broadcast media, including RTE’s Prime Time.

Mary is currently a member of a number of committees including a Research Ethics Committee, an Ethics Committee and an Advisory Panel.
Mary provides expert legal advice to various organisations on a voluntary basis and previously worked with the Legal Aid Board.

Dr. John Ghent

Dr. John Ghent

CEO, Sytorus

John is a co-founder and CEO of one of Ireland’s leading data protection firms, Sytorus, a company leading the market by delivering end-to-end Data Protection solutions.

Read more

John is a proven technical entrepreneur, with over 15 years of insight into business operations and execution. John excels at developing strategic partnerships, implementing mission critical technical solutions involving Big Data and building Data Protection solutions from the ground level up. His career to date has seen him selected by leading government agencies to pioneer the knowledge based economy agenda, successfully implement essential EU directives for the insurance sector, assist in cost reduction programmes across the financial services sector, and work with senior management and executives to drive efficiencies and maximise profit. John has extensive experience in developing smart technology solutions around data protection compliance, and is the primary IT architect for PrivacyEngine, Sytorusí innovative product to help Data Protection Officers be compliant with the General Data Protection Regulation.

He is a certified Data Protection Practitioner, holds a bachelorís degree with honours and a PhD in computer science from National University of Ireland, Maynooth. He attended Harvard Business School, completing an Executive Education Programme

Tracy Elliott

Tracy Elliott

Senior Consultant, BH Consulting

Tracy has joined the GDPR consulting team at BH Consulting having previously spent 13 years working in Legal & Compliance for two international telecommunications companies including holding the role of Data Protection officer.

Read more

Prior to that she has worked in computer software for 10 years, implementing data systems to streamline sales and customer processes for Irish businesses.
She advises clients on all aspects of Data Protection and GDPR with a particular expertise in the areas of International Data Transfers, Data Mapping Projects, and Commercial Contracts. Most recently Tracy has been working with a number of BH Consulting Clients in establishing and leading an enterprise wide compliance project and gap analysis of the General Data Protection Regulation (GDPR), identifying key changes and impacts to business processes and procedures.

Tracy has a recognized record of accomplishment of implementation and service delivery in the highly regulated telecommunications space of data protection projects including dealing with cross boarder transfers outside of the EU since 2013. During her 12-year tenure with Hibernia Networks she held the position of Data Protection Officer and was responsible for all Data Protection issues for the group which operated in 13 markets including 7 outside of the EU.

Tracy holds a BSc (Hons) in Chemistry from University College Dublin and MBA In Strategy from Dublin City University. Her most recent qualification is in Data Protection being one of the first in Ireland qualified as a Certified Data Practitioner by the Law Society of Ireland in 2013.

Highly experienced and recognised in the field of Data Protection, Tracy was a recent Guest Speaker at the 9th Annual Data Protection Practical Compliance Conference – “Data Protection Officers’ Panel Session – What is the Role of the DPO?”

Plamen Petkov

Plamen Petkov

Post-doctoral researcher working in close collaboration with Castlebridge

Holding a doctoral degree from Dublin City University and B.Sc. Eng. degree in Computer Systems and Technology, Plamen encompass a wide range of skills – from high level business and analytical skills to low level – technical ones such as designing data models and coding computer program modules.

Read more

His passions are researching various Data Quality and Data Governance methodologies and how they could be applied to reinforce compliance with GDPR. Previously he has been involved in several projects requiring design and development of Databases relationship models, CMS, Web Portals, etc.

Plamen is currently a post-doctoral researcher working in close collaboration with Castlebridge. He is funded by Science Foundation Ireland Industry Fellowship programme which aims to enhance industry-academia collaborations through the funding of collaborative industry-academia research projects, and to stimulate excellence through knowledge exchange and training of engineers and scientist. His work at Castlebridge focuses on researching and developing a Personal Data privacy taxonomy which will feed into the company’s vision to deliver better services that will aid compliance with GDPR.

Sara Bloomer

Sara Bloomer

Data Protection Consultant, Colleary & Co.

Sara is a qualified Solicitor and a Certified Data Protection Practitioner (PDP).

Read more

She is also a Certified Information Privacy Professional (Europe) (CIPP/E) and a member of the International Association of Privacy Professionals. She holds a Postgraduate Diploma in Employment Law from the Law Society of Ireland, as well as a Postgraduate Diploma in Marketing from the Chartered Institute of Marketing.  Her Marketing experience has seen her work nationally and internationally with leading brands as well as with a semi state organisation in Ireland. She holds a BA (Hons) Degree from Trinity College Dublin in modern languages and is a fluent Russian and Italian speaker. In Colleary & Co, Sara enjoys giving GDPR workshops and training as well as carrying out data protection audits for clients.

Liam McKenna

Liam McKenna

Partner, Mazars

Liam is a Partner in the Mazars Consulting Services practice.

Read more

He focuses on delivering regulatory driven change. Liam has 20 years of industry experience. He commenced his career working in Information Security and subsequently moved into Data Protection. He has managed the delivery of significant compliance driven projects with budgets in excess of €50m. Liam has assisted numerous organisations across the public, private and semi-state sectors with data protection issues. This includes meeting their compliance obligations, responding to breaches, developing and implementing remediation plans post breaches and responding to ODPC reviews.   More recently Liam has led Data Protection Impact Assessments within Banking, Public Sector, Health and Biometrics. As a leader in Mazars 200-person European Privacy Practice, he led the development of our GDPR compliance approach and methodology and has been applying this approach to clients since late 2016. He is currently adapting the Mazars European outsourced Data Protection Officer service for the Irish Market.

Dr Claire Hogan

Dr Claire Hogan

Barrister-at-Law and Lecturer

Dr Claire Hogan is a barrister at the Bar of Ireland.

Read more

She has a mixed civil practice, and undertakes cases and provides legal advice in the areas of Freedom of Information and Data Protection Law.
She graduated from Trinity College Dublin with a degree in Law and French, having been elected a Scholar of the College. Claire also holds a Master’s degree in Law (LL.M.) from the University of Cambridge. She qualified as a barrister in 2009, and was awarded the John Brooke Scholarship for first place in the exams of the Honorable Society of King’s Inns. Claire has also completed a Ph.D. in the area of Constitutional Freedom of Religion Law.

Claire lectures in Civil Procedure in the King’s Inns, and Constitutional Law in the Law Society. Additionally, she acts as a Consultant for Public Affairs Ireland, training public sector workers in Freedom of Information and Data Protection Law.

Angela Madden

Angela Madden

Managing Director, Rits Information Security

Angela has over 20 years experience in the IT industry focusing on information security.

Read more

Prior to joining Rits, Angela held several managerial roles focusing on Information Risk Management and IT Security both in Ireland and in Switzerland. Since joining Rits, Angela has assisted clients in the development and implementation of information security strategies and risk frameworks, defining and implementing Information Security Management Systems (ISMS) to enable them to proactively manage information risk and security within their organisations, conducted legal and regulatory compliance audits including Payment Card Industry (PCI) audits and undertaken various technical reviews incorporating a wide range of applications, systems and technologies.
Rits Information Security, established in 1990, is a wholly owned Irish company focusing on the delivery of specialised security consulting services, to Irish and international organisations.

Peter Davey

Peter Davey


Peter is a senior management consultant and IT programme manager with experience in data analytics, strategy consulting, compliance and change management.

Read more

He began his career as a researcher at Musgrave Park Hospital in Belfast working on the historical effects of myelograms in the treatment of scoliosis.
Prior to joining Castlebridge, Peter worked extensively in senior management positions in global consulting firms in London and Singapore and as an advisor to leading RegTech software start-ups. He holds an MBA from City University, London, and has taught strategy and project management MSc programmes as a visiting professor at National University of Singapore and the University of London.

He is a previous graduate and current examiner on the Law Society of Ireland’s Certificate in Data Protection Law and Practice and Chief Operations Officer at Castlebridge where he leads teams of consultants advising both national and multinational enterprises and government on the formation and implementation of Information Governance and Data Strategy.

This conference will be of interest to all healthcare professionals operating in hospitals, nursing homes, primary care centres, specialist clinics including, nurses, doctors, GP’s, DON’s, clinicians, administration support, records managers, data controllers, IT professionals and management.

There will be 5 structured CPD points awarded to all attendees at this conference from the CPD certification service & 6 CEU Points Certified By Nursing & Midwifery Board of Ireland (NMBI)

Talbot Hotel (Formerly Stillorgan Park Hotel)

First early bird rate is now SOLD OUT! Secure your place at the second early bird rate of €380.00 + VAT – Normal rate €445.00 + VAT

Please note the early bird discount can close sooner than expected once a certain amount of seats fill up, therefore your prompt booking is strongly advised to avoid disappointment

CMG Events Conference Discount

  • 10% discount for the third delegate booked or subsequent bookings thereafter from the same company.

The rate to attend includes morning tea/coffee and refreshments on arrival at registration, mid-morning tea/coffee and pastries and full buffet lunch. You will receive the speakers PowerPoint presentations within 24 hours after the event. 

Tel: 01 293 4764

Email: bookings@cmgevents.ie

   Telephone:+353 1 2933650

Early Bird 2 Booking rate: €380.00 + VAT Normal Rate: €445 + VAT

Company Name (required)

Number of Delegates Attending (required)

Delegate's Name(s) (required)

Delegate's Position(s) Within Company (required)

Delegate's Email(s) (required)

Booker's Name (required)

Booker's Email:

Booker's Telephone (required)

Payment Options (required)

We recommend you pay by credit card to ensure you receive the best rate available

Invoicing Address

Accounts Phone Number (required)

Accounts Email (required)

NOTE: Please do not enter your credit card details. A member of our staff will contact you promptly when you have submitted the form.

Terms and Conditions:
Payment for attendance is due within seven days from the date of invoice. This booking is transferable and a substitute attendee may attend on your behalf at no additional cost if you cannot attend. Cancellation of a booking must be received by CMG in writing by email or by post, no later than 14 days prior to the event or course date. Regrettably no cancelations or refunds can be made after this date. Cancellations will be charged an administration fee of 25% plus VAT.

CMG reserve the right to make any necessary changes to the advertised programme including a change of venue. The views expressed by the speakers/tutors are not necessarily those held by the organisers, nor is the organiser responsible for speakers/tutors opinions or statements. Please note CMG will distribute the delegate list to all speakers prior to the event/course to ensure their presentation is relevant to those attending. However, in keeping with current data protection and privacy legislation, the distributed delegate list will not contain telephone or email contact details. Please advise CMG Events if you would like to have your name removed from this list.

We do not sell your data to a third party - we may use your contact details for the purposes of notifying you of other conferences or training courses that we run. If you do not wish for us to contact you again, please let us know by emailing unsubscribe@cmgevents.ie.

To view our Privacy Policy please Click Here

I have read the terms and conditions