Event Summary
This year’s Data Protection Conference focuses on privacy in the age of AI.
With a new Code of Practice on AI and automated decision-making (ADM) on the horizon, regulators are moving towards requiring greater transparency around the use of AI and automated decision-making.
The regulatory landscape is evolving rapidly. The ICO’s final guidance on ADM is expected this summer, followed by a statutory Code of Practice on AI and ADM later in 2026. The EU AI Act’s transparency obligations take effect in August 2026, with requirements for high-risk AI systems following in December 2027. At the same time, the Government’s Smart Data 2035 Strategy is reshaping data-sharing obligations across the economy.
We will explore what the new ADM guidance and Code of Practice will mean in practice, including data flow mapping, bias assessment, explainability, meaningful human oversight, third-party accountability, and individuals’ rights to challenge automated decisions and seek redress.
High-risk AI processing will almost certainly require a Data Protection Impact Assessment (DPIA) before deployment. The conference will provide practical guidance on what an effective AI Impact Assessment looks like, what it should cover, how to update your privacy notices, and how to conduct due diligence on third-party AI vendors.
We will also examine the ICO’s expectations for the responsible use of ADM in recruitment, including what constitutes meaningful human involvement and how organisations should protect candidate rights.
With a focus on responsible digital advertising, we will examine the ICO’s expanded framework for storage and access technologies, covering not only cookies but also pixels, scripts, tags and fingerprinting, and what this means for consent. We will also discuss potential changes to PECR consent requirements and the practical implications for online advertising.
With updated ICO guidance on children’s information now in force, we will share good practice on processing children’s personal data and adopting privacy-friendly approaches to age assurance.
As volumes of AI-generated DSARs, FOI requests and data protection complaints continue to rise, we will explore how organisations can manage responses at scale, where AI can support the process, and the circumstances in which requests may be refused.
Backed by £36 million of government investment, the Smart Data Strategy aims to establish five or more active Smart Data schemes by 2030 and at least 20 by 2035. We will examine what participation means for priority sectors and the new data protection obligations organisations should prepare for.
Looking ahead to emerging technologies and the advent of agentic AI, existing governance models will need to evolve. We will consider how current AI standards and risk management frameworks apply, where gaps remain, and how organisations can prepare for the next generation of AI.
There is significant change ahead. Don’t miss this opportunity to network with peers, hear directly from regulators and experts, evaluate your organisation’s current risks and governance arrangements, and future-proof your approach to data protection.
Key Topics
We will share updates and good practice guidance in the following areas:
- Top data protection risks in the age of AI
- Key updates from the ICO and what they mean for organisations
- New ADM guidance: mapping automated decisions, reviewing human involvement and strengthening safeguards
- Updating privacy notices to clearly explain the use of AI and automated decision-making
- PECR, storage and access technologies, and potential changes to online advertising rules
- Managing increased volumes of AI-generated DSARs, FOI requests and data protection complaints
- Workshop: embedding data protection by design and by default
- Processing children’s personal data and using privacy-friendly age assurance
- Fair and responsible use of automation in recruitment
- Conducting DPIAs and AI impact assessments for high-risk AI processing
- New data protection obligations around Smart Data
- Due diligence, oversight and accountability when working with third-party AI vendors
Benefits of attending
- Take away practical guidance on using AI and automated decision-making (ADM) responsibly and lawfully under UK data protection legislation.
- Learn from organisations already implementing AI and ADM, sharing practical lessons, challenges and examples of responsible deployment.
- Hear the latest ICO guidance on automated decision-making and understand what it means for your organisation.
- Understand the ICO’s expectations for the fair and responsible use of AI and automation in recruitment.
- Anticipate emerging AI risks, including the data protection implications of agentic AI and other rapidly evolving technologies.
- Gain insight into new data protection obligations relating to Smart Data and how to prepare for future compliance requirements.
- See what an effective AI Impact Assessment looks like in practice and how it complements Data Protection Impact Assessments (DPIAs).
- Understand how to approach storage and access technologies, including tracking technologies, consent requirements and evolving PECR rules.
Sponsorship
Interested in sponsoring this event? Click here for sponsorship opportunities.
View all our conferences, events and training here.
Group discounts
Contact us for group rates.




