We are delighted to confirm that Privacy Manager, Lorraine Pintér will speak at PrivSec & GRC Connect London.

 Taking place March 12 and 13 at Park Plaza, Riverbank, London, PrivSec & GRC Connect London provides a platform for organisations to address the cumulative nature of risk.

PrivSec & GRC Connect London’s comprehensive agenda is led by subject matter experts, business chiefs and industry leaders, giving attendees a deep-dive into challenges and solutions on the rapidly evolving GRC landscape. 

Event speaker, Lorraine Pintér is Group Privacy Manager at Vodafone Group. Lorraine began her career in privacy in 2017, working for the Royal College of Radiologists where she helped to establish their privacy programme. She then worked at John Lewis advising on products and services, and internal business, before joining Vodafone Group in her current role, mainly advising on commercial products and services launched globally. 

Lorraine will be at PrivSec & GRC Connect London to discuss the UK’s new version of the Data Protection and Digital Information Bill, and what the revision means for British businesses and their trading partners. Below, she answers questions on her professional journey and introduces the key issues.

UK Data Protection Bill No.2 – What has changed?

  •  Tuesday, 12th March 2024 (Day 1), 10:00-10:40am GMT
  • Theatre: Privacy & Security (P&S)

Click here to register for free to PrivSec & GRC Connect London



Could you briefly outline your career pathway so far?

I studied Law, then went on to take the Bar Professional Training Course part time whilst working full time. After completing my bar exams and whilst applying for a pupillage, I was offered by my then employer, to assist them with building their privacy program prior to GDPR coming into effect.

This was my first insight into the sphere of privacy. I absolutely loved it; the work I was doing as well as all the things I was learning, and as a result I haven’t looked back.

From there I moved to John Lewis’ Privacy team where I gained excellent experience advising within the retail industry and assisting to further build their privacy program. After a few years I moved into my current role as Group Privacy Manager at Vodafone where I advise our consumer product owners which includes reviewing contracts, drafting privacy policy, completing assessments and ensuring privacy by design. 

I also look at ways of developing and improving our processes; drafting internal policy, reviewing approaches, and promoting a good privacy culture.

How does the UK government’s new version of the UK Data Protection and Digital Information Bill differ from the first?

As stated in the Parliament publication ‘Much of the Bill is the same as the [DPDI No 1] which was introduced in the Commons on 18 July 2022’. However, there were a few changes and clarifications in the new Bill, for example:

• The structure of the ICO, namely the Secretary of State’s role in approving guidance

• Processing of personal data for the purposes of scientific research

• Keeping a record of processing for high risk activities

• Meaning of automated-decision making

What changes will organisations need to make in order to accommodate the new Bill?

In my opinion, if an organisation is multinational and is required to comply with the GDPR then it is likely that no changes will need to be made as compliance with the GDPR should be sufficient. However, organisations (or functions) that solely operate within the UK can consider the application of DPDI, which ultimately aims to reduce burden and provide clarity to organisations with its less stringent rules.

There are still some unknowns and what the effect of the Bill could be, for example whether the UK Adequacy will still stand. Such change is relevant as it could require organisations to go back to relying on standard contractual clauses.

Organisations should not compare the implementation of DPDI to the implementation of the GDPR, where organisations undertook immense work to become compliant. I do not believe that many changes (if any for some) will be required before this Bill becomes Act, because it can reasonably be assumed that organisations will already be compliant due to applying the GDPR.

However, there are new notification requirements, which organisations that fall into this category of needing to provide information will have to determine how they will be able to meet this obligation.

On the other hand, it is important to note, just as the Bill was withdrawn with the change of leadership, it is possible that the same could happen again as a result of elections. I would suggest to watch this space.

Lorraine Pintér explores these issues in depth at PrivSec & GRC Connect London session:

UK Data Protection Bill No.2 – What has changed?

On 8 March 2023, the UK government presented a new version of the UK Data Protection and Digital Information Bill. As with the previous bill, the new bill aims to alleviate the burden of compliance with the UK GDPR and its implementing UK Data Protection Act (2018) for organisations based in the UK, or trading with the UK.

So, what are the main proposed changes, and how will organisations be affected? Tune into this exclusive session to find out.

Also on the panel:

  • Alexandra Khammud, Senior Project Manager - Data Protection, Privacy, Information Security, Activision Blizzard (Panel Moderator)
  • Henry Davies, Data Protection Lead, Likewize
  • Joseph Byrne, Principal Solutions Engineer, FIP, CIPP/E, CIPM, CIPT, GRCP


UK Data Protection Bill No.2 – What has changed?

Theatre: Privacy & Security (P&S)

Time: 10:00 – 10:40am GMT

Date: Tuesday 12 March 2024 (Day 1)

The session sits within a packed agenda of insight and guidance at PrivSec & GRC Connect London taking place March 12 and 13, 2024.

Discover more at PrivSec & GRC Connect London

GRC, Data Protection, Security and Privacy professionals face ongoing challenges to help mitigate risk, comply with regulations, and help achieve their business objectives - they must… 

  • Continually adopt new technologies to improve efficiency and effectiveness.
  • Build a culture of compliance and risk awareness throughout the organisation.
  • Communicate effectively with stakeholders and keep them informed of GRC activities.


PrivSec & GRC Connect London takes you to the heart of the key issues, bringing together the most influential GRC, Data Protection, Privacy and Security professionals, to present, debate, learn and exchange ideas.