October 24th 2018 | Dynamic Earth, Edinburgh


Maureen H Falconer

Regional Manager, Scotland, Information Commissioner’s Office

Maureen Falconer joined the ICO in 2007, and is currently Regional Manager for the ICO’s Scotland Office. Maureen works with a variety of organisations, providing awareness-raising events, advice and guidance in all things data protection. Maureen sits on various development/steering groups, providing advice and guidance at the early stages of various public sector initiatives.

As well as the day-to-day management of the office, Maureen’s external remit includes the NHS, Local Government, Education and Social Work.

Prior to joining the ICO, Maureen worked in the Scottish Parliament as parliamentary researcher for Dennis Canavan MSP until his retirement in 2007. Coming from an academic background, Maureen lectured and researched in public administration with specific interests in education and health.

Asma Ali

Data Protection Officer and Solicitor, Police Scotland

I started working for Police Scotland in July 2007 as a Solicitor. I have extensive in-house legal experience in relation to police related matters and have successfully defended Police Scotland in a range of legal cases (Personal Injury claims and Employer’s liability claims). I have provided advice internally in relation to Data Protection Legislation, Freedom of Information Requests and Subject Access Requests.  In addition I have represented Police Scotland at Fatal Accident Inquiries. In 2017, I was involved with the implementation of the Criminal Justice Scotland Act 2016.

In July 2018, I formally took up post as Police Scotland’s Data Protection Officer.

In my spare time, I undertake community welfare work and raise awareness amongst youth about issues that potentially could be (or become) criminal. This is delivered via a series of workshops or inputs within the community. I am passionate about community cohesion, working with the youth and vulnerable members of our community to help better their lives through awareness programmes.

Vicki Ambrose

Information and Records Management Officer, Creative Scotland

Hello, I’m Vickie Ambrose, Information and Records Management Officer with Creative Scotland. I wear two hats with this role, Data Protection Officer and Records Management Officer. I enjoy my role and I’m passionate about data protection.

I moved to Scotland in December 2008 and, in doing so, made a long-standing dream come true.

I came to Scotland not knowing anyone, I had no job and not much money – it was a risk - however I quickly found work with the NHS and solved two out of my three needs. I was very much embraced into the Borders community where I lived and also with the NHS and have made firm ties and friends that I am privileged to know. I then moved to Victim Support Scotland which fulfilled my three needs and assisted in improving my governance skills. Next stop, Creative Scotland. I have worked for them for almost eight years and have successfully completed CIPFA Corporate Governance and Data Protection Practitioner courses. I have also developed, co-ordinated and implemented Creative Scotland’s Records Management Plan which has gained approval from the Keeper of the Records of Scotland.

Working in data protection is a continuous learning curve - a roller-coaster ride that I don’t want to get off. My journey has begun and working as a Data Protection Officer is my career path which I’m happily travelling on.

Alex Cash

Global Privacy Engineer, OneTrust

Alex Cash is a Certified Information Privacy Professional (CIPP/E , CIPM) and a Global Privacy Engineer at OneTrust –  the market leader in enterprise privacy management and marketing compliance software. In his role, Cash advises many of the world's leading organizations on General Data Protection Regulation (GDPR) and ePrivacy (Cookie Law) solution implementations with extensive experience building and scaling enterprise-level privacy programs. He holds a Masters degree in Electronic Engineering and has previous experience building enterprise antivirus software.

Mark Chynoweth

General Manager, Really Good Data Protection (RGDP LLP)

Mark is a former Army officer with a wealth of leadership, management and project management experience and qualifications. Trained at the Royal Military Academy Sandhurst and with a Master’s Degree from Cranfield University, Mark provides the management level interface between RGDP and its customers and he manages the Data Protection Officers who deliver RGDP’s services.

Alistair Fenemore

CISO, University of Edinburgh

A senior information/cyber security and risk professional with extensive global experience gained in over 25 years spent in the private and military sectors, Alistair joined the University of Edinburgh in February 2016 as their first Chief Information Security Officer.

Helen Findlay

Head of Information Assurance and Risk, Scottish Government

A librarian by trade, I have worked in records and information management, IKM, information governance and data protection in public and private sector organisations in Scotland and New Zealand.  I currently manage the branch responsible for data protection and information assurance advice and guidance for the Scottish Government.

David Freeland

Senior Policy Officer, Information Commissioner’s Office

David joined the ICO in 2013 as a Senior Policy Officer in the ICO’s Scotland team. He engages primarily with information governance professionals across Scotland to increase awareness of data protection law, encouraging a privacy-by-design approach to both policy development and working practices. This work includes responding to specific enquiries from stakeholders, developing ICO responses to new legislation in Scotland, organising and delivering workshops and presentations, and representing the ICO in sector-based forums.

Dr Rena Gertz

Data Protection Officer, University of Edinburgh

Dr Rena Gertz completed her law degree in Germany before moving to Scotland for a Masters Degree and PhD in law, followed by a research fellowship at Edinburgh University. Leaving academia, she worked in local government for 7 years as DP and FOI Compliance Officer, while still maintaining her relationship with Edinburgh University, lecturing on several Masters Degree programmes. In May 2017 she returned fully to Edinburgh University by taking up the role of Data Protection Officer. 

Donald Henderson

Information Governance Manager/DPO, Perth & Kinross Council

Started in IT development the private sector before moving to the Council doing IT networking before moving to information security, DP and FOI.

Undertook the registration for my employer under the DPA 1984 and then helped implement the DPA 1998 in the Council. Led the Council’s implementation of FOI from 2003 onwards. Have been responsible for DP in the Council since 2004 and led the work to implement the GDPR. Appointed as DPO for the Council earlier this year.

Iain Hockenhull

Head of Information Governance & Data Protection Officer, Scottish Courts & Tribunal Service

Iain is the Data Protection Officer for the Scottish Courts and Tribunals Service, where he has worked on promoting information law compliance since 2014.   This has included improving the systems and structures in place on issues such as data protection, record keeping and freedom of information and overall GDPR preparations. 

He previously worked at the Scottish Government as a policy advisor on property law reform and a number of criminal justice issues including the double jeopardy legislation and the proposed reform of the law on corroboration.  He also supported the Irish Presidency of the European Union in 2013 on secondment to the Department of the Taoiseach in Dublin. 

Chelsea Jarvie

Security and Information Risk Manager, Social Security Directorate, Scottish Government

Chelsea Jarvie is Security and Information Risk Manager, Social Security at the Scottish Government. Holding a First Class Honours degree in Ethical Hacking and Countermeasures from Abertay University, Dundee, she is integral to the development of the digital and technological solutions that are being developed for the safe and secure transition of 11 benefits to Scotland. Chelsea ensures information risks are understood across the organisation, bridging the gap between IT and the business.

Chelsea is passionate about promoting diversity in technology and was named as a "Woman of the Future" by Equate Scotland in their "Leading Women of Scotland" publication. She was also chosen as Code First Girls: One to Watch 2017 and was a finalist in the Scottish Cyber Awards 2016 for "Outstanding Woman in Cyber".

Ann Jones



Head of Information Governance and Data Protection Officer, Heriot-Watt University

Ann Jones is the Data Protection Officer for the Heriot-Watt University Group, comprising the University and its subsidiary companies. With an established reputation for teaching and research informed by the needs of business and industry, the University has just under 30,000 students studying on five campuses in Edinburgh, Scottish Borders, Orkney, Dubai and Malaysia, by distance learning or with learning partners in 40 countries worldwide.

She heads an information governance team leading on data protection, freedom of information (FOI), records management and information security policies, standards and procedures. 

Starting her professional career with a master’s degree in Archive Administration, Ann has extensive experience of experience of lifecycle information risk management and led the University’s implementation of FOI and GDPR.  A Certified Information Privacy Professional, Europe (CIPP/E), she is an active member of relevant professional bodies and networks.

Eamonn Keane

Head of Cyber Security & Innovation, Scottish Business Resilience Centre

Detective Inspector Eamonn Keane has worked with the Irish and Scottish Police for 35 years principally in the investigation of terrorism, serious crime, criminal investigation, public protection and most recently national Cybercrime investigations and forensic delivery.

His current portfolio is with the Scottish Business Resilience Centre as Head of Cyber Security & Innovation championing the ethos of cybercrime prevention through business engagement, resilience, support, education and intelligence sharing for the Scottish and UK business community.

Alison Mackinnon

Data Protection Officer, SEPA

Alison Mackinnon has worked for SEPA since its inception in 1996 and is a member of SEPA’s Information Team with the broader Governance function.

Alison has been  SEPA’s Data Protection Officer since 2002.  However, with the implementation of GDPR and the Data Protection Act 2018, the scope of the role has expanded exponentially.

Alison is also the specialist lead for Information Governance activities in SEPA, with a focus on ensuring that external regulatory and compliance requirements are both met and also  embedded into SEPA processes and procedures . Over the last 16 years, she has been involved in the implementation of successive compliance regimes relating to Information Governance.

These include Access to Information requests (EIR and FOISA),  Customer Complaints, Records Management , the re-use of public sector information, Open Data.  The role also  includes liasion with a range of extermal regulators including the ICO, OSIC, SPSO and NRS.

Dr Kenneth Meechan

Head of Information and Data Protection Officer, Glasgow City Council

Dr Kenneth Meechan is Head of Information and Data Protection Officer for Glasgow City Council.  He has led the council’s major GDPR implementation programme since 2016 and, since April 2018, is statutory DPO for the council and its arms’ length external organisations. Dr Meechan is a qualified Scottish solicitor and an acknowledged expert in data protection and FOI.  He is convenor of the Law Society of Scotland’s accreditation panel for data protection and FOI and a member of the Society’s privacy law committee, and also chairs the Data Protection and FOI working group of SOLAR (Society of Local Authority Lawyers and Administrators in Scotland).  He is a regular conference speaker and is often asked to join specialist working groups on areas such as public records legislation and, most recently, the “Named Person” legislation.

Paul Motion

Head of Data Protection Ream, BTO Solicitors LLP

Paul is a Partner and Solicitor Advocate at BTO Solicitors LLP. He is an accredited specialist in freedom of information and data protection law, currently the only such accredited specialist in private practice in Scotland.

Paul has advised colleges, private schools, councils, Registered Social Landlords, law firms, accountants and SMEs on a variety of DPA/GDPR, PECR, Freedom of Information and Environmental Information issues. He has run many ground breaking cases, for example, he appeared before the First Tier (Information Rights) Tribunal, representing Scottish Borders Council v ICO. A £250,000 DPA 1998 Monetary Penalty was cancelled by the Tribunal. The only successful such appeal in the UK to date.

He has provided data protection advice and comment for almost two decades, advising on a wide range of data protection issues including: telecare, common area surveillance, Subject Access Requests, neighbour complaints and covert CCTV/audio recording of care workers by service users’ families. 

Complementing his data protection experience, Paul has a well-known practice in defamation, media and social media law which is increasingly called upon by his clients who have ranged from politicians to record production companies.

Keith Nicholson

Chairman, Cyber Security Scotland

Dr Nicholson has worked in the cyber security field since 1992; initially as CEO of a first-mover ecommerce business and later as an Interim Director, a Non-Executive Director and Consultant. He acts as an independent cyber security and technology advisor with a range of clients that have included FTSE 250 companies; SMEs and several public bodies including NHS Scotland and the Scottish Government.

Keith was a contributing author to the Scottish Government Cyber Resilience Strategy and also co-authored a WannaCry impact assessment report for NHS Scotland. He is a member of the public-private sector National Cyber Resilience Leaders Board and Joint Chair of its Public Sector Steering Group. He recently founded Cyber Security Scotland; a non-profit independent advisory body offering specialist security and digital technology guidance.

William O'Brien

Senior Manager Technology Sales, Veritas Technologies

Will has worked for some of the industry’s leading IT Vendors over the past 25 years, and currently leads the pre-sales solution SE’s team for Veritas Public Sector and Strategic Accounts.

In this role Will and his team are assisting their clients in transforming their existing data environments to meet the ongoing challenges of data management.

Lynn Richmond

Associate, Data Protection Team, BTO Solicitors LLP

Lynn has a particular interest in data protection, freedom of information and both contentious and non-contentious intellectual property matters. A member of BTO’s Data Protection Team, Lynn advises clients on issues ranging from data protection and cyber security to FOISA and information law. Lynn is also part of BTO’s specialist GDPR Team advising clients on how best to adapt their businesses to comply with the requirements of GDPR.  She has made countless successful appearances in sheriff courts throughout Scotland including appeals before the Sheriff Principal and Sheriff Appeal Court. Lynn is described by her clients as a versatile and able civil litigator with strong advocacy, negotiating and drafting skills.

Frederic Saunderson

Rights and Information Manager, National Library of Scotland

Fredric Saunderson is Rights and Information Manager at the National Library of Scotland, where he leads strategic development in copyright, data protection and records management and acts as Data Protection Officer. Fred is currently leading a project to implement the Library’s records management plan and co-leading a series of Royal Society of Edinburgh-funded research workshops on text and data mining. He was recently industry supervisor for a collaborative PhD studentship on copyright licensing in cultural heritage and has published on copyright and open licensing. Fred chairs the Libraries and Archives Copyright Alliance (LACA), is on the Archives and Records Association Legislation and Standards Working Group, and contributes to a number of related committees and steering groups. 

Stuart Skelly

Sector Consultancy Manager (Professional Services Team), IT Governance Ltd

Stuart is one of IT Governance’s most experienced GDPR consultants.  A Scottish solicitor for more than 20 years before joining IT Governance in 2017, Stuart worked in private practice for some large law firms in Scotland and England, and in in-house roles for multinationals including Europcar, Lafarge and NCH.  Stuart brings to the role of sector consultancy manager the legal practitioner’s forensic focus on detail as well as the in-house lawyer’s commercial ability to see the legislation ‘in the round’ – understanding the Regulation’s practical effects on businesses.  And a little humour – in the rare instances where the GDPR affords it!

Fiona Stuart

Data Protection Officer, Fife Council

Fiona Stuart is the Data Protection Officer for Fife Council and has been working as a data protection practitioner in local government for 10 years.

Fiona is a solicitor, specialising in Data Protection and Freedom of Information Law and has gained the Data Protection Practitioners qualification.

On a day to day basis Fiona provides advice on whether information can be shared with other organisations; drafts and reviews Data Protection Impact Assessments, Data Sharing Agreements and Data Processing Agreements; and carries out reviews of Subject Access Requests.

Fiona is a member of the SOLAR DP/FOI/Human Rights Working Group and has contributed to a number of national data sharing initiatives. She also regularly delivers Data Protection Training to staff within Fife Council.