Event Information

Start Time

9:00 AM

End Time

4:30 PM

DELIVERY

Online

CPD Hours

There will be CPD hours awarded to attendees. Please check directly with your association or awarding body to see how many points they will award.

We are currently experiencing a technical issue with our booking forms.

To secure a place, please contact us on 01 2933650 or email linzi@cmgevents.ie

BOOK YOUR PLACE

About this Conference

This year’s Data Protection Conference brings together leading experts to unpack the real-world issues dominating GDPR compliance in 2026. Building on the strong engagement from last year’s event, this programme focuses on legitimate interest assessments, employee monitoring, advanced DSAR handling, AI governance under GDPR, surveillance risk, and increasingly complex vendor ecosystems.

Each session is designed to give practical, actionable guidance rather than theory, with clear takeaways that can be implemented immediately.

Whether you’re a DPO, privacy lead, HR manager, ICT professional or compliance adviser, this conference delivers a full day of up-to-date, operational insights to help you manage risk, respond to scrutiny and strengthen your organisation’s data protection practices.

A word from our conference chairperson

Agenda

Conference Chairperson & Opening Remarks

Kate Colleary, Director - Pembroke Privacy, Country Leader Ireland – IAPP

Legitimate Interest Assessments – When They Hold Up and When They Collapse

Speaker: Adam Finlay, Partner, McCann FitzGerald LLP

Balancing tests, proportionality & documenting the rationale
Using LIAs in employee settings: monitoring, attendance, discipline
Red flags that make LIAs invalid
When an LIA must be escalated to a DPIA

Employee Monitoring, Attendance Systems & Disciplinary Use of Data

Swipe cards, GPS tracking, productivity tools & fleet management
Transparency obligations and new purposes
Disclosing monitoring data to third parties
Risk thresholds in HR investigations

Advanced DSARs – Complex Scenarios, High-Risk Cases & Common Errors

Speaker: Laura Fannin, Partner, Hayes Solicitors

Requests naming multiple subjects
Deceased individuals: what must you disclose?
Drafts, opinions, management deliberation
Handling vexatious or repeat SARs
Internal conflict between privacy rights of others vs right of access

Redaction, Re-Identification & Protecting Third Parties in Large Data Sets

Choosing the right redaction tools
Preventing accidental re-identification
Practical redaction workflows for email archives & call notes
When transcripts may replace audio

AI, GDPR & High-Risk Processing – What DPOs Must Control in 2026

Identifying when AI use is GDPR-triggered processing
Profiling and automated decision-making: knowing when Article 22 applies
AI vendors as processors vs controllers – who is responsible for what?
Transparency requirements: informing individuals when AI was used
When AI outputs become personal data (and how that affects DSARs)
How to embed AI governance into existing GDPR structures (RoPA, DPIAs, LIAs, policies)

FRIAs, DPIAs & AI Risk Assessments – How They Actually Work Together

Can AI assessments and DPIAs be merged?
Assigning responsibilities between DPO, ICT & project owners
When the DPC can request/inspect a FRIA
Templates, frequency & documentation

Surveillance, CCTV & AI Cameras – High-Risk Processing in 2026

CCTV shared with third parties (wildlife, contractors, joint controllers)
AI-enabled cameras on public roads
Signage, expectations & EDPB guidance
When your organisation becomes a controller unintentionally

Vendor, Processor & Sub-Processor Oversight – New Expectations Under NIS2 + GDPR

Breach reporting clauses: 24h vs 48h vs 72h deadlines
Hidden sub-processors: what you must be told
Ensuring deletion at contract termination
When controllers can demand processors’ ROPAs
Procurement vs DPO vs business: who owns due diligence?

Who Should Attend?

This conference is ideal for Data Protection Officers, privacy managers, compliance leads, ICT and security teams, HR professionals managing attendance or monitoring data, legal advisers, FOI and governance officers, procurement and vendor management teams, risk managers, internal auditors, and operational staff involved in surveillance or access control systems. It will also be highly relevant to public-sector bodies, local authorities, semi-state agencies and any organisation using AI-driven tools, analytics platforms or cloud-based processors as part of their daily operations. Anyone with responsibility for GDPR compliance, staff technology use, DSAR handling, or high-risk data processing will benefit from the practical guidance delivered throughout the day.

Speakers

Kate Colleary

Director of Pembroke Privacy, Country Leader of IAPP

Adam Finlay

Partner, McCann Fitzgerald

Laura Fannin

Partner, Commercial & Business Team at Hayes Solicitors

Price

SAVE 100.00 EURO BY BOOKING THE EARLY BIRD RATE OF €475 + VAT per Person – Normal Rate @ €575 + VAT.

Please note the early bird discount can close sooner than expected once a certain number of places fill up, therefore your prompt booking is strongly advised to avoid disappointment.

CMG Events Conference Discount

10% discount for the third delegate booked or subsequent bookings thereafter from the same company.

Data Protection Conference 2026