Register your Interest
Request sponsorship pack

Stephen Latham

Data Protection Programme Manager
Department of the Environment, Food and Rural Affairs (Confirmed)

Stephen Latham has worked in a range knowledge and information management roles in the Civil Service over 26 years including appointments at the Foreign and Commonwealth Office, the Department for International Development and HM Revenue and Customers. He is currently leading a programme of work to ensure that the Department of the Environment, Food and Rural Affairs (Defra) and its Executive Agencies comply with the new General Data Protection Regulation. His previous roles include Head of Knowledge and Information Management at Defra, where he was responsible for library and information services to Defra, Natural England and the Animal and Plant Health Agency. He is also currently Government Head of Profession for Knowledge and Information Management and leads work to develop the professional skills and capabilities of over 1000 knowledge and information management professionals working in central Government.

  • Appreciating the legal obligations of employers and individual rights surrounding access to information under the GDPR
  • Outlining how to effectively manage your employees’ data responsibly
  • Understanding the role of the Data Protection Officer (DPO), according to GDPR regulation
  • Examining key responsibilities for DPOs: reporting data breaches and GDPR enforcement
  • Considering recruitment and workforce challenges to fill any gaps ahead of May 2018
  • Creating an effective reporting structure; ensuring all data breaches are reported to the DPO immediately to facilitate an effective and adequate response

  • Leading a Programme of work to ensure that Defra and its Executive Agencies comply with the GDPR
  • Raising awareness among your organisation’s management to set the appropriate ‘tone from the top’
  • Identifying the personal information your organisation holds about employees, customers and suppliers and the level of risk associated
  • Checking your use of data is compliant and overcome misinformation concerning the requirement for consent
  • Ensuring data use is in line with the other GDPR principles, such as data minimization, storage limitation, and use in accordance with individuals’ rights