Skip to main content

AFB Training Workshop: The UK GDPR: Spotting Red Flags in a Landscape of Data Transfers, Enforcement and UK Reforms


In May 2022, as part of the Queen’s Speech, the UK government announced its intention to introduce a Data Reform Bill. The UK government’s background and briefing notes state that the purpose of the Bill is to “take advantage of the benefits of Brexit to create a world class data rights regime…that reduces burdens on businesses, boosts the economy, helps scientists to innovate and improves the lives of people in the UK.” The Bill, being announced in September 2022, will seek to provide the ICO with the power to take “stronger action” against businesses that breach data rules.

In spite of the expected reforms, one challenging area is not expected to change. The UK GDPR restricts the transfer of personal data to countries outside of the UK or to international organisations. These restrictions apply to all transfers, no matter what the size of the transfer is or how often they are carried out. Knowing the main transfer “gateways” is therefore important.

This workshop, in partnership with BCLP, will help AFB members to gain an understanding of how to comply with the UK GDPR and data transfer rules which, now more than ever, will be essential to their organisations.

Why attend?

The workshop will cover:

Update on recent data protection enforcement activity relevant to Banks in the UK

• What activities tend to prove highest risk? What do recent fines under the GDPR and the ePrivacy regime indicate about the regulatory priorities and attitude to sanctions?

• How does the proposed reform of the UK’s data regime look set to impact the AFB’s members?

International data transfers

• An outline of the main “gateways” to facilitate personal data flows from the UK to third countries (where many AFB members will have their Head Offices).

• How to spot red flags and key questions to ask.

Update on the reforms most relevant to Banks in the UK

• An outline of the proposed reforms (to the extent known).

This workshop is aimed at all those for whom a refresher on data protection compliance requirements and risk-spotting could be of interest.

Learning Outcomes

Attendees of the workshop will be able to:

  • Understand the key GDPR compliance priorities in terms of enforcement and operational risk    
  • Use the information gained to spot potential red flag issues in your Bank in terms of vulnerability or non-compliance and be able to suggest approaches to fix these


Format:           In-person at BCLP, Governor’s House, 5 Laurence Pountney Hill, London, EC4R 0BR

Cost:               £230 + VAT

Date:               Tuesday 20 September 2022

Time:              10:00 – 11:30 (Registration from 09:30)               

Places:           Maximum of 30 people

There will be ample opportunity for questions throughout the session, however, if you would like to submit a question before or have any specific questions or areas that you would like the session to address, please send them to the AFB at as soon as practicable. You will receive details on how to join the Workshop a few days before the event.

The Workshop will be held under the Chatham House Rule, to promote open and constructive discussion.