Morning Workshops (9.30am - 12.00pm)

Workshop A:

Individuals' Rights - Practical Risk-Based Compliance in the Age of AI

Hugo Grattirola - Partner, Philip Lee

Navigating the GDPR’s data subject rights in an AI-driven world presents significant challenges. Many data protection professionals struggle in trying to balance compliance with operational reality. This hands-on session equips you to tackle emerging challenges - from AI-opaque SAR responses to erasure in AI systems - while avoiding regulatory pitfalls. This Workshop provides cutting-edge tools and actionable compliance strategies to future-proof processes and mitigate litigation risks, leveraging insights from recent regulatory guidance and enforcement trends. Leave with practical solutions for real-world challenges, being equipped to confidently address GDPR rights requests in increasingly complex AI-driven environments. Delegates will:

• learn to efficiently locate, explain, and redact personal data embedded in AI systems (e.g. AI training sets, APIs, and automated decision logs)
• learn techniques for managing erasure and rectification requests in legacy systems and AI models
• participate in a live simulation redacting third-party data from DSAR responses, guided by Irish case law
• get insights into upcoming regulatory trends and enforcement priorities from the Irish DPC and EU
• learn to adapt existing GDPR compliance processes to address the unique risks and opacity of AI systems, including ensuring transparency, lawful processing, and effective risk assessment for AI-driven activities

Delegates will leave the session with templates for GDPR-compliant privacy notices and AI transparency statements.

Workshop B:

Helping Employees Meet Their, and Employer's, Data Protection Obligations 

Paul Lavery - Partner,   McCann FitzGerald

• looking at potential roles and responsibilities for employees and how these fit within the organisation
• assessing potential policies and procedures to work out what would be helpful in your organisation
• reviewing the requirement for training, and discussing how to ensure that training is the best fit for your employees
• discussing how to approach the security requirement under the GDPR with employees and looking at what is necessary and what can be helpful

Afternoon Workshops (1.00am - 3.30pm)

Reconciling AI Compliance with the GDPR

Rachel Hayes - Partner, William Fry

Data protection compliance plays a central role in the use of AI tools. The opportunities of AI continue to scale and develop at an unrelenting pace, presenting challenges for ensuring compliance with the GDPR and the AI Act. Fortunately, AI and data protection compliance can work together and there are emerging standards helping to leverage existing data protection compliance to meet relevant requirements of the AI Act.

This Workshop deep dives into the critical topics, equipping delegates to handle relevant compliance issues. It focusses on:

• the interplay between data protection and AI: an explanation of the relationship including the key data types, roles and responsibilities in the AI eco system
• the similarities between the GDPR and the AI Act: the risk and principles based approaches of each legal framework 
• the importance of data hygiene: an explanation of the importance of data hygiene when adopting AI tools to support AI adoption in addition to compliance with the GDPR and AI Act (including, mitigating risks like inaccuracy, bias, and discrimination)
• AI-specific risk assessments: data-driven assessments specific to AI, focusing on data protection impact assessments, legitimate interest assessments and fundamental rights impact assessments
• automated decision-making under GDPR: the role of, and obligations in relation to, automated decision-making under the GDPR 
• vendor diligence and data processing terms: the AI-specific requirements 
• regulatory insights: the most up-to-date insights into how national and European regulators are currently supervising and enforcing the GDPR and the AI Act

Workshop D:

A Practical Guide to Cyber Incident Responses

Ricky Kelly - Partner, RDJ

Giles Tyler - Associate Director, Control Risks

• how, with some simple social engineering and realistic looking malicious websites, MFA (Multi-Factor Authentication) can be bypassed - a demonstration of a successful hack (bypassing security to access your email account) will be demonstrated to delegates
• the roles and responsibilities of a Crisis Management/Incident Response Team
• the stages of an incident response process, insight into crisis management and how to identify what legal leaders need to know in the immediate aftermath of a cyber-attack

This session is a step-by step interactive workshop on how to respond to a cyber-attack.