Data Protection Conference 2025

AGENDA

EVENT SCHEDULE

Conference Chairperson Opening Remarks

09:00

NIS2– What data controllers need to know

Gillian Traynor, Director, Ambit Compliance

What is the NIS2 Directive?
Sectors Covered by NIS2 Guidelines
Key Focus Areas of NIS2
Preparing for NIS2 Compliance
Implications for Information Security and Data Protection Teams
Practical overlaps and differences between NIS2 and GDPR reporting requirements

Data Subject Access Requests(DSARs): Strategies for Efficiency
and Compliance

Laura Fannin, Partner, Hayes Solicitors

Streamlining DSAR responses: Best practices for managing high volumes
Handling vexatious or repetitive requests while maintaining transparency
Legal insights on balancing data subject rights with organizational privacy obligations

Navigating the AI & Data Protection Intersection

Tricia Higgins, CEO & Co-Founder, Fort Privacy

AI Liability Directive: How it impacts data protection and risk management
Practical application of GDPR’s Article 22 on automated decision-making in an AI-driven world
Staying compliant with AI tools: Risk assessments, transparency, and best practices

11:15

Coffee Break

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Privacy Notices and Consent: Keeping it Clear and Compliant

Eoin Cannon, Independent Lawyer/Consultant/DPO

Creating privacy notices that align with today’s regulatory demands
Balancing legitimate interests with clear, concise consent mechanisms
Adapting notices to cover emerging tech like AI and advanced data processing

Standard Contractual Clauses(SCCs) 2025

Zelda Deasy, Partner, ByrneWallace LLP

What is the purpose of the new SCCs, and why are they needed?
How does the current limitation of SCCs affect international data transfers?
What are the specific risks associated with data importers located in third countries?
How might the 2024 public consultation shape the new SCCs?
How can organizations prepare for potential SCC changes in 2025?

13:15

Lunch Break

Takeaways from recent EU developments on the GDPR’s “legitimate
interests” legal basis

Noel McGrath, Barrister at Law, The Law Library

Can commercial interests now qualify as "legitimate interests" under GDPR?
What are the EDPB's updated requirements for the "necessity" of processing based on legitimate interests?
Has the EDPB set a stricter standard for balancing legitimate interests with data subject rights?
What new guidance has the EDPB provided on addressing objections under Article 21 GDPR?
Is it permissible for private entities to share data with law enforcement under legitimate interests?

Data Breach Management – Step by Step Guide

Sean O'Donnell, Partner, ByrneWallace LLP

Identifying and verifying the breach
How to contain the breach
Assessing the risk and impact what to look for
Determine if notification is legally required under the GDPR
Preparing the notification – what is needed and who to contact
Conducting a detailed investigation
Mitigate and recover
Conduct a post-breach analysis

DORA (The Digital Operational Resilience Act) Compliance and
Third-Party Risk Management

Adam Finlay, Partner, McCann FitzGerald LLP

What is DORA?
Why is DORA compliance urgent now?
How are DORA and third-party risk management connected?
How to achieve full DORA compliance in 2025?

16:30