On 16 November 2021, hundreds of privacy and security professionals came together to discuss how their lives, communities, and work have changed over the past 20 months—at PrivSec New Normal, an all-day event at Park Plaza, London Riverbank.


The conference, facilitated by BBC Cybersecurity Correspondent Joe Tidy, examined the social, technical and political developments taking place in the fields of data protection and security.

Equally importantly: PrivSec New Normal was an opportunity for colleagues to meet and network in person—many for the first time since the start of the pandemic. And the atmosphere was vibrant.


The day began with a discussion about the data protection implications of monitoring staff working from home, hosted by Selin Ozbek Cittone, Managing Partner at Ozbek Attorney Partnership.

Panellists explored how surveilling employees’ activity in their own homes could put companies in breach of data protection law. Katie Tomashevski, Data Protection and Information Officer at Unison, pointed out that many firms are even failing to properly assess the risks

Joe Tidy then hosted a panel about the surge in phishing attacks since the start of COVID-19. Vickie Guilloit, Partner at Privacy Culture suggested that there has been a 400% increase in suspicious communications since early 2020.

Matteo Quartieri, Privacy Associate at OneTrust, provided a detailed examination of the state of international data transfers—one of the most complex and resource-heavy tasks for privacy professionals since the “Schrems II” judgment last July.

Two sessions focused on the privacy and human rights implications of fighting COVID-19. Tech and privacy experts gave nuanced accounts of the impact, effectiveness, and legality of both contact-tracing apps and vaccine passes.

Madeleine Stone, Legal and Policy Officer at Big Brother Watch, discussed her involvement in a court challenge of the Welsh government’s implementation of vaccine passes.

20211116_121547 (1)

After lunch, the conference featured sessions on how businesses are adapting to the “new normal”: ensuring security in remote and hybrid workplaces, shifting to a new workplace culture, and responding to changes in the consumer privacy landscape.

Reflecting on his pandemic experience, Steve Wright, Partner at Privacy Culture, stressed the importance of face-to-face contact between colleagues—and the assembled delegates audience seemed to wholeheartedly agree.

Two further panels focused on the proposed reforms of the UK’s data protection framework and how the government’s consultation could impact UK organisations.

In the first, Stewart Room of DWF Law LLP suggested that the reforms could lead to stricter regulation of UK data controllers, but expressed concern about the possible impact on data subject rights.

In the second, Yasmin Hinds of Pontoon Solutions predicted that, regardless of any attempt to liberalise regulation. global-facing companies are unlikely to weaken their data protection standards in the current climate.


A warm and communal atmosphere persisted throughout the day as delegates, speakers, and exhibitors embraced the opportunity for “offline” learning and interaction.

The return to in-person events has been a long time coming, but this fantastic conference showed that it was worth the wait