Key Focus on Data Breaches & How to handle them

Cases & Lessons learned to date from GDPR

A one-day conference

Talbot Hotel, Stillorgan, Co. Dublin

Date: 18th September 2019

Sponsored by:

GDPR has had a massive impact on businesses around the world and has altered how we handle data for the foreseeable future. With GDPR now in full swing this conference will examine the issues that have arisen to date, what have been the main challenges and what we can expect in the near – to short-term future.

This conference will also explore common misconceptions within the GDPR framework, with a focus on Data Breaches and how to handle them most effectively. We will take a look at the importance of accountability, transparency, consent and data management and how to ensure your systems are compliant. Through the course of the day, you will hear from a highly-experienced panel of speakers, highlighting cases that have arisen over the last few months, and lessons learned going forward.

This is a must attend event for all businesses to get a handle on where next for GDPR and what your organisation needs to be up to speed on to stay compliant .

Book your place now!

5 Structured CPD Points

This conference will be of interest to all businesses in Ireland (large and small) such as, government departments, corporate consultants, retailers, banks, technology companies, healthcare organisations, marketing firms, legal firms, consultants, advisers, Data protection officers, local authorities, semi-state agencies and universities.




Registration with tea, coffee and pastries


Opening Remarks by Conference Chairperson:
Tricia Higgins, CEO, Fort Privacy


Keynote Address:
Seán Canney TD, Minister for Community Development, Natural Resources and Digital Development


GDPR – How can we future proof compliance? What do you need to be prepared for next?

Speaker: Brian O’Connor, Head of Data Privacy – Aviva Ireland

  • The evolving compliance environment. EDPB opinions, how One Stop Shop has worked, CJEU judgements
  • Enforcement – actions taken by Regulators and the reasons why. Analysis of fines and enforcement orders.
  • Data Subject activity – Impact of increased awareness of data subjects – legal cases for damages, DSAR activity and motivation.
  • Practical steps to create a defensible position – measuring your Privacy maturity and creating a roadmap.


Transparency in Data Collection – What you need to know about what they need to know

Speaker: Dr. TJ McIntyre, Lecturer, UCD, Chair, Civil Liberties Group, Digital Rights Ireland and consultant, FP Logue Solicitors

  • Practical tips regarding what you must tell individuals when collecting data from them, or collecting data about them
  • Recent cases discussed
  • Comprehensive and practical assessment of what is required under the transparency rules, including in situations where personal data is acquired from a source other than the data subject.


Coffee break and chance to network


Proposed changes to the Electronic Communications Regulation

Speaker: Hugh Jones, Sytorus

  • The quality of consent and evaluation of individual capacity to provide an indication of preferences


Complexities with Consent – particularly around customer soft opt-in and accountability for same

Speaker: Simon McGarr, Solicitor, McGarr Solicitors, Director, Data Compliance Europe

  • Consent – What is valid consent?


Accountability – What do you need to do to meet the GDPR Accountability Principle?

Speaker: Liam McKenna, Partner and Head of Privacy, Mazars

  • Interpreting the GDPR requirement of accountability
  • Data Protection Commissioners view
  • What we are seeing in different organisations
  • Risks / Decisions to make


Q+A Session


Lunch and chance to network


SARs – Practicalities of Subject Access Requests – Practical aspects of meeting subject access requests

 Speaker: Tom Hulton, Head of Data Privacy, An Post

  • Rights to be forgotten/erasure and correction – Some tips on meeting these requests
  • Exploring a variety of requests by customers, employees and copy of CCTV requests


Personal Data Breaches and how to handle them

Speaker: Sean O’Donnell, Partner, ByrneWallace

  • What is a personal data breach?
  • What do you do when you become aware of a personal data breach?
  • What are your obligations as an organisation regarding personal data breaches?
  • How do you assess the risk?
  • What are the potential consequences of a personal data breach?


Workshop – Data Breaches in practice – working through a real life breach case study

Speaker: Kate Colleary, Principal, Colleary & Co. Solicitors; Founder and Director Pembroke Privacy and IAPP Country Leader- Ireland. 

  • Applying what we have learned to a live data breach scenario.
  • The DPC’s data breach notification form
  • Issues describing the incident
  • Risk assessment
  • Practical issues that can arise during a breach.


Q&A Session & Conference Close

Seán Canney TD

Seán Canney TD

Minister for Community Development, Natural Resources and Digital Development

Seán Canney TD was appointed Minister of State for Community Development, Natural Resources and Digital Innovation on 16 October 2018.

Read more

Seán was elected to Dáil Éireann as an Independent TD for Galway East in 2016 and had served as Minister of State for OPW and Flood Relief from May 2016 until June 2017 before his latest appointment.

He had previously been a member of Galway County Council for three terms where he held various positions including Mayor of County Galway (2007-2008).
Seán is a Chartered Quantity Surveyor and lectured at GMIT prior to his election to Dáil Eireann.

Simon McGarr

Simon McGarr

Solicitor at Simon McGarr Solicitors and Director of Data Compliance Europe

Simon McGarr is a practising solicitor and the director of Data Compliance Europe.

Read more

He offers training and assessment in GDPR requirements for public sector and private clients and offers an external Data Protection Officer service. He has lectured on data protection law for the Law Society and the Academy of European Law, Trier. He is a senior Technical Advisor to M3AAWG, the global security professional conference.

Dr TJ McIntyre

Dr TJ McIntyre

Lecturer, UCD, Chair, Civil Liberties Group, Digital Rights Ireland and consultant, FP Logue Solicitors

Dr TJ McIntyre is a Lecturer in Law in the Sutherland School of Law, University College Dublin, the chair of civil liberties group Digital Rights Ireland and a consultant solicitor with FP Logue Solicitors where he specialises in privacy and data protection issues.

Read more

His research looks at information technology law, crime, and civil liberties, with a particular focus on fundamental rights in the online environment. He is a leading commentator on technology law in the national and international media.

Hugh Jones

Hugh Jones


Hugh Jones is a co-founder of Sytorus Ltd, a specialised provider of Data Protection training and assessment services.

Read more

With his colleagues, Hugh provides professional Data Protection guidance, and is a frequent speaker at Privacy and Data Management events in Ireland and overseas. Through Sytorus, Hugh offers both general and bespoke training to organisations in the areas of data management and regulatory compliance. Hugh is an experienced project manager, and works with a number of sporting, not-for-profit and membership administration organisations to help them resolve their fund-raising and regulatory challenges. As a certified practitioner, Hugh also supports organisations striving to achieve and maintain compliance with Irish and European Data Protection legislation.

Kate Colleary

Kate Colleary

Principal, Colleary & Co. Solicitors; Founder and Director Pembroke Privacy and IAPP Country Leader – Ireland

Kate gained an honours degree in law from Trinity College Dublin in 1995.

Read more

She has been a qualified solicitor since 1999. She has also received a Diploma in Arbitration from UCD and a Diploma in E-Commerce from the Incorporated Law Society of Ireland. She previously led the IP/Data Protection department of a large international firm. Kate runs a law firm, Colleary & Co., specialising in data protection law. She is also the founder and a director of data
protection consulting practice Pembroke Privacy. Kate is regularly asked to speak on FOI and data protection issues and to comment in the media. She lectures on the Incorporated Law Society of Ireland’s postgraduate courses in technology law. She was one of only three Irish lawyers nominated for a Women in Law Award by the UK’s Lawyer Magazine. Kate is the Irish country leader of the International Association of Privacy Professionals (IAPP).

Tricia Higgins

Tricia Higgins

CEO, Co-founder Fort Privacy

Tricia is CEO of Fort Privacy which she co-founded with Marie Murphy in 2017.

Read more

Fort Privacy uses a structured, multi disciplinary approach to enabling compliant data processing activities by it’s clients. Our services, including audit, ODPO and Privacy Program Development training, are delivered using a maturity model approach that is innovative and practical in its application.

Tricia obtained a law degree from University College Cork in 1999 and qualified as a Barrister at Gray’s Inn, London in 2006. Tricia is focussed on the the governance, transparency, accountability and transfer management aspects of the GDPR including drafting and providing advice and guidance on Data Processing Agreements, Privacy Statements, DPIAs, LIAs, Intercompany agreements and internal policies and procedures.

Liam McKenna

Liam McKenna

Partner, Mazars

Liam is a Partner in the Mazars Consulting Services practice.

Read more

He focuses on delivering regulatory driven change. Liam has 20 years of industry experience. He commenced his career working in Information Security and subsequently moved into Data Protection. He has managed the delivery of significant compliance driven projects with budgets in excess of €50m. Liam has assisted numerous organisations across the public, private and semi-state sectors with data protection issues. This includes meeting their compliance obligations, responding to breaches, developing and implementing remediation plans post breaches and responding to ODPC reviews.   More recently Liam has led Data Protection Impact Assessments within Banking, Public Sector, Health and Biometrics. As a leader in Mazars 200-person European Privacy Practice, he led the development of our GDPR compliance approach and methodology and has been applying this approach to clients since late 2016. He is currently adapting the Mazars European outsourced Data Protection Officer service for the Irish Market.

Brian O’Connor

Brian O’Connor

Head of Data Privacy – Aviva Ireland

Brian O’Connor ACII, CIPP/E, is Head of Data Privacy for the Aviva Group of companies in Ireland.

Read more

He has extensive experience in the insurance industry over the last 40 years. He is currently Chair of the Data Protection Working Group in Insurance Ireland. Brian has a particular interest in the operational impact of GDPR and the practical day to day impact on business organisations.

Sean O'Donnell

Sean O’Donnell

Partner, ByrneWallace

Seán is a partner in the ByrneWallace Litigation & Dispute Resolution Team

Read more

Seán has strong experience advising senior management of public-sector and semi-State bodies on regulatory requirements, data protection and designing and implementing GDPR compliant frameworks. Seán leads the ByrneWallace team advising clients on the application of the GDPR and data protection law. He understands the environment in which the public sector operates and how to assist his clients to mitigate risks, navigate regulatory requirements and manage public scrutiny. He has expertise in advising on regulatory compliance, powers and functions, enforcement proceedings advising clients on their engagements with the Data Protection Commission. Seán has led a number of GDPR compliance projects, advising clients on the implementation of a GDPR compliant framework. He is experienced in advising public bodies and private organisations on data subject access requests and personal data breaches. He is a member of International Association of Privacy Professionals.


OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust’s three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit or connect on LinkedInTwitter and Facebook.


There will be 5 structured CPD points awarded to all attendees at this conference.

We advise you check with your awarding body to see how many points they will give.

Talbot Hotel, Stillorgan, Co. Dublin

Booking Rate @ €495 + VAT.

CMG Events Conference Discount

  • 10% discount for the third delegate booked or subsequent bookings thereafter from the same company.

The rate to attend includes morning tea/coffee and refreshments on arrival at registration, mid-morning tea/coffee and pastries and buffet lunch. You will receive the speakers PowerPoint presentations within 24 hours after the event. 

   Telephone:+353 1 2933650


Early bird 2 - €435 + VAT - Normal rate €495.00 + VAT

Company Name (required)

Number of Delegates Attending (required)

Delegate's Name(s) (required)

Delegate's Position(s) Within Company (required)

Delegate's Email(s) (required)

Booker's Name (required)

Booker's Email:

Booker's Telephone (required)

Payment Options (required)

We recommend you pay by credit card to ensure you receive the best rate available

Invoicing Address

Accounts Phone Number (required)

Accounts Email (required)

NOTE: Please do not enter your credit card details. A member of our staff will contact you promptly when you have submitted the form.

Terms and Conditions:
Payment for attendance is due within seven days from the date of invoice. This booking is transferable and a substitute attendee may attend on your behalf at no additional cost if you cannot attend. Cancellation of a booking must be received by CMG in writing by email or by post, no later than 14 days prior to the event or course date. Regrettably no cancelations or refunds can be made after this date. Cancellations will be charged an administration fee of 25% plus VAT.

CMG reserve the right to make any necessary changes to the advertised programme including a change of venue. The views expressed by the speakers/tutors are not necessarily those held by the organisers, nor is the organiser responsible for speakers/tutors opinions or statements. Please note CMG will distribute the delegate list to all speakers prior to the event/course to ensure their presentation is relevant to those attending. However, in keeping with current data protection and privacy legislation, the distributed delegate list will not contain telephone or email contact details. Please advise CMG Events if you would like to have your name removed from this list.

We do not sell your data to a third party - we may use your contact details for the purposes of notifying you of other conferences or training courses that we run. If you do not wish for us to contact you again, please let us know by emailing

To view our Privacy Policy please Click Here

I have read the terms and conditions