The aim of the Age-related Consent and Digital Rights stream of the GDPR summit is to educate attendees about the changes to data handling, privacy, security and a range of business and oversight processes that organisations need to implement to align with the GDPR and related legislation.

Panelists will discuss, using case examples, how to build consumer trust and maximise on the opportunities for a competitive advantage in a post-GDPR environment. Attendees will gain practical insights into how organisations, across a range of sectors, including; advertising and marketing, content providers, retail, charities and education, are adhering to GDPR. Crucially, you will also learn how to handle the information rights the GDPR affords to all age-groups, including children and young people.

The Age-related Consent and Digital Rights stream of the GDPR summit probably the most informative event you are likely to attend in the run up to the GDPR coming into force in May 2018.


This stream will help board directors, senior management, and those responsible for developing data strategies to harness mobile and digital technologies to ensure their business is compliant.  In particular, we examine how this affects young people and children’s data and how that is managed.

Consumers understand that they need to share some of their personal data with organisations but they rightly expect that information to be kept safe and for organisations to be transparent about its use.

It is the responsibility of the Board and Non Exec Directors to ensure their companies are compliant.

The Facts

Source: Dell


This theatre will explore what GDPR means for those who are handling age sensitive data, concentrating on children, young people and senior citizens.

What are the implications of GDPR for businesses who handle  Children’s , Young People’s and Senior Citizen’s Data?


How can you use consent to build trust and redress the Privacy balance?

How will; Verified Parental Control, revocation of consent, data portability, the right to erasure effect those responsible for compliance?

How will leaders of organisations be effected by GDPR and consent based data management?

How do you implement successful strategies in the increasingly hyper-connected world?

How is technology is shaping and changing consumer behaviour?




Registration, Breakfast & Networking
08:30 - 09:00
Welcome and Opening remarks
09:00 - 10:00
  • Dr Rachel O’Connell and Penny Heyes, Co Founders The Trust Bridge
The Implications of the General Data Protection Regulation (UK DPA) For Organisations That Handle Adult, Children And Young People’s Data
10:00 - 11:00

This panel will explore the principles that underpin GDPR, the changes to data handling, privacy, security and a range of business and oversight processes that organisations need to implement to align with the GDPR and related legislation. A speaker from the ICO will provide insights regulatory oversight and information rights for children


  • Carol Tullo, Former Director, Information Policy and Services, The National Archives, Controller of Her Majesty’s Stationery Office and Queen’s Printer

Principles of the GDPR



  • Lisa Atkinson, UK Information Commissioners Office,

ICO guidance: DPOs, Enforcement & Sanctions.


  • Chiara Rustici, GDPR analyst, consultant, author                          

Applying the GDPR Privacy Rules for the Data Economy


  • Dr Rachel O’Connell, Trust Bridge

Building trust in a post-GDPR environment

Coffee and Networking 
11:00 - 11:15
Good Data Governance is the Key to Consumer Trust in Connected Retail Markets
11:15 - 12:15

The connected retail market is expected to reach more than USD 50 billion by 2022. An increasing amount of personal data is used for customer intelligence, as well as production and supply chain optimization. IoT (Internet of Things) is driving such growth, as smaller and more efficient retail spaces become “fulfilment centres”, with an extensive usage of sensors that create unique customer experiences. Within this context, adequate data governance is fundamental, not only to manage risks but also as a market differentiator.

Moderator:  Moderator:                            

Helen Dickinson, OBE, CEO, British Retail Consortium  (TBD)                              


Or David Clarke   



  • Steve Wright, Group Data Privacy & InfoSec Officer at John Lewis        

What does the GDPR mean for the retail sector?


  • Marcus Piotrowski , COO at Plexus Platform Ltd                                  

The role of smart contracts and digital signatures in retail supply chains and customer transactions


  • Nandini Jolly, CEO, Crypotmill      

Creating circles of Trust


·Louise Bennett, BCS - The Chartered Institute for IT

Anonymous payments

Consent and Digital Rights - Implications for Big Data
12:15 - 13:15

GDPR guidelines apply to all the data that is gathered throughout the big data analytics ecosystem, whether it is willingly provided by customers or gathered by automated systems. This includes PII data stored and used in data lakes and big data analytic platforms. This panel will consider the impact of the GDPR, on Big Data businesses and digital rights.


  • Colin Wallis  Kantara Initiative  

Data Protection by Default - setting technical standards



  • Dr Krisztina Huszti-Orban Senior Research Officer at The Human Rights, Big Data and Technology Project,

How technology and big data are reshaping the conceptualisation of rights in today’s digital age.


  • Giles Watkins  Commercial Director – JLINC 

Entrusted Data, Data Provenance and Information Rights


  • James Neville  CEO & Founder @ Citizen 

Redefining Personal Data Relationships

Lunch & Networking
13:15 - 14:00
Will Consent Based Marketing Help to Save Advertising from Itself?
14:00 - 15:00

Post-GDPR marketing compliance is a complex matrix of rights, rules, and risk mitigation combined with traditional marketing operations. It is far from a one-size-fits-all model. This panel will explore existing, evolving and new models and explores to what extent these can help to restore trust


  • Lydnsi Plummer, Advertising Industry Executive




  • Rupert Graves , CEO AdUnity

Ad platforms and Consent Based Advertising- advertisers and publishers


  • Mark Lizar Open Consent Group      

Consent receipts - machine and human readable


  • Chris Cooper, CEO Consentua


  • John Mitchison  - Direct Marketing Association
Coffee and Tea Break
15:00 - 15:30
The Legal Obligations of Organisations to Protect Children
15:30 - 16:30

For the first time, the GDPR will bring in special protection for children’s personal data, particularly in the context of commercial internet services such as social networking. If your organisation offers online services  (‘information society services’) to children and relies on consent to collect information about them, then you may need a parent or guardian’s consent in order to process their personal data lawfully. Organisations need to assess whether systems should be put in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity. Member States can choose the age at which parental consent is required, and there are some variations across Europe, for example, Sweden, Poland and the UK have opted for 13, Spain for 14, Hungary, Italy and the Netherlands have set the bar at 16 years of age.

The UK's Digital Economy Bill, which requires adult content providers to conduct age-checks, received Royal Assent in April 2017. From October, the British Board of Film Classification (BBFC) will operate as the UK's age-verification regulator. At a meeting, in July, of representatives from fifty-seven OSCE countries, there was broad agreement on a proposal that to protect children and young people's digital rights each country should follow the UK's lead and draft legislation that requires content providers to conduct age-checks before affording access to 18+ content.

In October, the British Standards institution will publish a technical standard entitled PAS 1296 Age Checking code of practice. The standard was written to assist those businesses that are mandated to comply with legal requirements in conducting age checks, such as 18+, below 7 or over 16 years old. 


  • Paul Herbert, Goodman and Derrick LLP                                                 


  • Dr Rachel O'Connell, Co Founder, TheTrustBridge                                    

Age Checking code of practice


  • Lubos Kuklis, European Regulators Group for Audiovisual Media Services (ERGA)    

The Audio Visual Media Services Directive and age-checking content


Steve Winyard

GDPR The Pathway to Implementation
16:30 - 17:00
  • David Clarke, Dr Rachel O'Connell, Penny Heyes, Co Founders, The Trust Bridge

Methodology and Case studies - How to achieve GDPR alignment

17:00 - 18:00


Get in touch for more information!

Venue address

155 Bishopsgate, London, EC2M 3YD

Get in touch

Jacob Ludlow