Conference Chair:
 

Paul Lavery

Partner, McCann FitzGerald

Keynote Address:

Key Priorities & Strategies in an Evolving Digital Landscape: A Regulator’s Perspective
 

Sandra Skehan

Deputy Commissioner (Head of National Complaints),

Data Protection Commission

Beyond Compliance: How the AI Act Elevates GDPR’s Data Protection Standards in Practice

Dr. Barry Scannell

Partner, William Fry

This session, from a renowned AI and data protection expert, informs delegates as to how organisations can leverage their existing GDPR frameworks to efficiently implement AI Act requirements. This talk features practical strategies and real-world examples.

From DPIA to AIA: Building an Integrated AI Risk and Governance Framework

Ciara O'Buachallar

AI Governance, Logitech

More and more data protection professionals are expected to assess the risks of AI for their organisations. This talk considers moving beyond a standard DPIA to a holistic AI Impact Assessment (AIA) that incorporates ethics and fairness. It also looks at how to develop and maintain an "AI Use Case Register" to effectively track all AI systems across the organisation, as well as how to equip technical colleagues with an understanding of their data protection duties when developing or deploying AI.

Strategies for Avoiding and Handling Complaints

Caoimhe Stafford

Data Protection Officer, Match Group   

Complaints from data subjects can drain resources, harm the reputation of your organisation, and damage trust. This session offers delegates practical strategies for avoiding complaints (particularly those that relate to data subject rights requests) through improved internal practices and user engagement. It also explores how to respond effectively to regulators when complaints do arise, to resolve them swiftly and constructively.

Reforming & Streamlining GDPR: What Organisations Needs to Know

John Fitzsimons

Barrister, Cornerstone Barristers

This session takes a clear, comparative look at proposals to reform and simplify GDPR across Ireland and the UK, with practical insights for data protection professionals. In light of the Draghi and Letta Reports, measures such as smarter record-keeping requirements, inclusion of a broader range of organisations in Codes of Conduct and Certification schemes, and more streamlined cross-border enforcement have been pursued at EU level. With regulatory momentum building and divergence between jurisdictions developing, the session will highlight what’s changing, what it means for practitioners, and what steps organisations should be considering in response to these reforms.

Growing Pains: EU Age Verification

Hannah Perry

Partner, Mason Hayes & Curran 

As digital platforms grapple with the need to keep minors safe online, age verification has become a critical - and controversial - frontier for many organisations. How do we achieve meaningful age assurance without turning the internet into a surveillance state? This session dives into the paradox of protecting young users while preserving privacy; unpacking the technical, ethical and legal challenges of age verification in the EU. It explores emerging solutions, from privacy reserving AI to zero-knowledge proofs.

The Latest on Cookies & Tracking: Regulatory Priorities & Practical Implications

Fedelma Good

Data Protection Consultant

Given the recent high-profile enforcement action by the CNIL against Shein's Ireland-registered entity, this session delivers a timely and practical overview of how regulators are currently approaching cookies and tracking technologies, consent frameworks, and emerging expectations in the field. Attendees will gain clarity on recent developments, areas under scrutiny, and how organisations can align their digital practices with evolving compliance standards. From third-party tracking mechanisms to AdTech and analytics, the presentation will explore the operational impact of regulatory priorities and offer actionable insights for privacy professionals.

Avoiding Unlawful Transfers by Stealth - Mitigating Cross-Border Risks

Annette Hogan

Global Privacy Counsel, Baker McKenzie

As global data flows grow more complex and less transparent, Irish and EU organisations face mounting risks from unlawful transfers via stealth - often occurring through third-party tools, cloud platforms, and AI pipelines without adequate safeguards or disclosure. This session explores how to identify and mitigate these hidden exposures, and how to implement robust operational safeguards (such as vendor mapping, contractual controls, and TIAs). With the EU AI Act introducing multi-authority oversight and intensifying cross-border audit expectations, the session offers practical guidance on embedding these safeguards into a wider governance framework. 

DSARs - Regulatory Shifts & Practical Implications for Organisations

Davinia Brennan

Partner, Matheson LLP

The DPC’s recent Annual Report confirms that data subject access requests continue to constitute the largest number of complaints to the DPC. Ideally, organisations need to avoid regulator scrutiny in this area. This session provides practical guidance for delegates on how to update their existing DSAR handling processes, particularly in light of recent guidance from the DPC and in relation to an uptick in aggressive applicants’ practices, for example from employment lawyers.