Conference Chairperson & Opening Remarks

Kate Colleary, Director - Pembroke Privacy, Country Leader Ireland – IAPP

Data Breaches, Escalation Failures and Regulatory Exposure

Speaker: Sean O'Donnell, Partner, Byrne Wallace Shields LLP

• Managing accidental disclosures, internal breaches and unauthorised access
• Assessing materiality, risk thresholds and reportability obligations
• Containment, escalation and evidence preservation under tight timelines
• Coordinating GDPR, NIS2 and operational incident response processes
• Lessons from delayed reporting, governance failures and enforcement action  

The EU Digital Omnibus, AI Act and Changing Compliance Expectations

Speaker: Stephen O’ Sullivan, Senior Manager, Digital Trust & Privacy,Deloitte

• Proposed GDPR simplification and wider EU digital regulation reforms
• AI Act implementation timelines and Irish enforcement structures
• Emerging overlap between GDPR, AI Act, NIS2 and ePrivacy obligations
• Potential changes affecting DPIAs, breach reporting, accountability and data governance
• Preparing compliance frameworks for regulatory change without overhauling everything prematurely

Third-Party Data Sharing, Joint Controllers and Urgent Disclosure Decisions

Speaker: Ruth Hughes, Partner, Technology and Innovation Group, McCann FitzGerald

• Sharing information with Gardaí, insurers, contractors, regulators and public bodies
• Joint controllership, processor confusion and accountability gaps
• Managing urgent disclosure requests during incidents, complaints and investigations
• Data sharing agreements that fail in practice
• Reducing risk where operational teams are under pressure to disclose quickly

RoPAs, Data Mapping and Accountability in Practice

Speaker: Rachel Nyasani, Senior Consultant, Pembroke Privacy, London

• Updating Records of Processing Activities as systems and processing evolve
• Identifying undocumented processing across HR, ICT, procurement and operations
• Linking RoPAs to DPIAs, retention schedules, vendor oversight and breach response
• Common accountability gaps identified during audits and complaints
• Moving beyond “paper compliance” to operational governance and defensible records

Biometrics, Facial Recognition and High-Risk Employee Data Processing

Speaker: Adam Finlay, Partner, Head of Technology and Innovation Group, McCann FitzGerald

• Fingerprint systems, facial recognition and biometric attendance technologies
• Special category data, lawful basis and proportionality concerns
• Workplace objections, transparency and staff consultation obligations
• DPIA expectations and regulator scrutiny of biometric processing
• Practical lessons from workforce management and access-control systems

Microsoft 365, Teams and Uncontrolled Data Growth

Speaker: Rebecca Lindly, Senior Cyber Consultant, Deloitte

• ‍‍Governance risks across Teams, OneDrive, SharePoint and shared drives
• Managing permissions, external sharing and guest access
• Retention challenges across collaborative platforms and cloud environments
• Duplicate records, unmanaged folders and uncontrolled storage growth
• Governance gaps created by hybrid working and decentralised data ownership

WhatsApp, Personal Devices and Off-System Communications

• Business records created through WhatsApp, SMS, Signal and personal email
• BYOD, remote working and governance challenges outside official systems
• Retention, disclosure and search risks linked to informal communications
• Managing screenshots, deleted messages and fragmented record keeping
• Creating workable operational controls without unrealistic blanket bans

Retention Failures, Legacy Records and Dark Data

• Historic records, legacy systems and unmanaged archives
• Retention schedules that do not reflect operational reality
• Duplicate records, backups and uncontrolled storage growth
• Defensible deletion, minimisation and storage limitation practices
• Risks exposed during complaints, breaches, audits and investigations