From 1st July the Council of Mortgage Lenders is integrated into a new trade association, UK Finance. For the time being, all UKF mortgage information will continue to be published on this website, and UKF member-only mortgage information will only be available here.

UK Finance represents around 300 firms in the UK providing credit, banking, markets and payment-related services. The new organisation takes on most of the activities previously carried out by the Asset Based Finance Association, the British Bankers’ Association, the Council of Mortgage Lenders, Financial Fraud Action UK, Payments UK and the UK Cards Association. Please go to for wider content and updates from UK Finance.

  1. Home
  2. Events
  3. Mortgages and the General Data Protection Regulation (GDPR)

Mortgages and the General Data Protection Regulation (GDPR)


4 July 2017

Time: 9:30am – 1:30pm
Venue: UK Finance (formerly Council of Mortgage Lenders), London
Price: £145 members
£145 associates
£199 non-members
Mortgages and the General Data Protection Regulation (GDPR)

About this event

The General Data Protection Regulation (GDPR) was formally adopted on 4 May 2016 and is set to replace most data protection legislation. This half day seminar explored the GDPR and the practical considerations for lenders. Delegates learned how the regulation will apply in the UK context.  Notwithstanding UK’s Letter triggering Article 50 to leave the EU, the GDPR will still be relevant in the UK, it will apply from 25 May 2018. 

See the full programme for this event.

Topics included:

  • An overview of the legal implications of the GDPR
  • UK applications of the new guidance
  • Processing and handling of data under the GDPR
  • Challenges of financial crime in the GDPR environment
  • How does open banking fit in the GDPR?

This event was aimed at:

Those who deal with data protection issues in their day-to-day roles.

Download a list of organisations that attended in 2016

Feedback from 2016 attendees:

"Really informative"

"Clear and good overall knowledge gained"

"I found this high-level overview very useful and it has set me on the right path to coordinate a gap analysis and project to enable compliance"

"Very good clear overview of new regulation"

*This event was closed to press*


0930 - 1000


Registration and refreshments

1000 - 1010


Welcome and introduction
Mark Hickabottom, Regional Data Protection Officer, Computershare

1010 - 1030


Overview of the legal implications of the GDPR
Wendy Rainbow, Partner, Shoosmiths

1030 - 1100


UK applications of the new guidance
Del Heppenstall, Director, Cyber Team, KPMG LLP

1100 – 1120  


1120 - 1150  

Processing and handling of data under the GDPR
Lorraine Mouat, Senior Regulatory Consultant, TCC Group
Andy Sutherland, Managing Director of Advisory Services, TCC Group

1150 - 1220  

Challenges for lenders in the GDPR environment
Jennifer Bourne, Senior Policy Adviser, UK Finance

1220 - 1240  

How does open banking fit in the GDPR?
Peter Davey, Regulatory and Legal Workstream Lead, Open Banking Implementation Entity

  • Threat or opportunity 
1240 - 1245  

Chair's closing remarks

1245 – 1330  



Chair: Mark Hickabottom

Regional Data Protection Officer, Computershare

Mark Hickabottom is the Data Protection Officer for Computershare’s UK and Ireland businesses, including the loan services business. Following the recent appointment to service the mortgage book of UK Asset Resolution and the acquisition of HML in 2014, Computershare Loan Services is the largest player in the outsourced mortgage servicing market with over £70 billion of mortgage assets under management.

Mark has extensive experience of data protection, information security and operational risk management, having previously held the role of Head of Operational Risk at UK Asset Resolution and worked for big four accounting firms.


Jennifer Bourne

Senior Policy Adviser, UK Finance

Jennifer Bourne joined the Council of Mortgage Lenders in 2010, and covers legal, financial crime, valuation and new-build issues. She is admitted as a Barrister and Solicitor in her home country of New Zealand, where she held a number of policy and advocacy roles. Since arriving in London, Jennifer worked briefly for a criminal defence law firm, before joining the Association of British Insurers as a policy adviser.







Peter Davey

Regulatory and Legal Workstream Lead, Open Banking (OB) Implementation Entity

Peter Davey is in charge of all of the Regulatory and Legal aspects of the UK Open Banking initiative.  This involves working within the Programme to help ensure that OB helps banks/ASPSPs, TPPs to comply with the CMA Order, PSD2, as well as GDPR. 

Peter has a wide variety of experience having worked at a variety of firms in Regulatory Compliance in the payments space (First Data, VocaLink, Earthport); at a regulator, the Dubai FSA, as head of Market Regulation; at KPMG Consulting and PWC; as well at Exchange Clearing House (ECHO), a precursor to CLS, where he was one of the core team who helped build ECHO from a concept on two sheets of A4 to a fully functioning and authorised FX clearing house.  

Peter has an MA from Cambridge University, a Law degree from the Open University, and is a chartered accountant.

Del Heppenstall

Director, Cyber Team, KPMG LLP

With over 20 years’ direct experience in Information and Cyber Security, Del Heppenstall has built up a wealth of experience in advising clients on topics ranging from security strategy and organisational design through to technical security solution implementation and operation.

Del has led some of the UK’s largest security transformation programmes, delivering multi-million pound change agenda’s at Aerospace & Defence major’s, Central Government and leading UK retail sector organisations. Del is currently advising a number of clients in the Financial Services sector on their approach to achieving compliance with the GDPR.

He has led a number of engagements on GDPR ranging from Gap Analysis and development of roadmaps to remediation of the gaps. Del will use his slot to present on the challenges and pitfalls of tackling GDPR compliance and highlight a number of approaches to achieving it in a risk balanced way.

Lorraine Mouat

Senior Regulatory Consultant, TCC Group

Lorraine Mouat's experience spans 15 years and various sectors, particularly retail lending and consumer finance. With a background in risk management frameworks and systems and controls, Lorraine specialises in helping firms prepare their data management systems and controls and policies and procedures ready for adherence with the GDPR.   




Wendy Rainbow

Partner, Shoosmiths LLP

Wendy Rainbow is a partner with Shoosmiths LLP and has previously worked for the CBI, in-house for HSBC and as a lecturer.  Wendy has over 20 years’ experience in banking and finance litigation; the last 10 years with Shoosmiths specialising in mortgage recoveries.

Wendy is a member of her practice group’s working party looking at the implementation and impact of the GDPR on clients and their customers from a recovery perspective.


Andy Sutherland

Managing Director of Advisory Services, TCC Group

Andy Sutherland has over 20 years experience within financial advice and retail lending, guiding firms in effective management of risk and regulation. Andy’s specialism lies within retail conduct risk regulation across the spectrum of advice products. His detailed FCA knowledge, combined with a keen commercial awareness, helps clients manage conduct risk whilst maintaining business growth.


UK Finance (formerly Council of Mortgage Lenders)

3rd Floor Bush House, North West Wing
London WC2B 4PJ

Nearest tube stations:

Holborn (Piccadilly and Central lines)
Charing Cross (Bakerloo and Northern lines)
Waterloo (Jubilee, Waterloo & City, Northern and Bakerloo lines)

Nearest overground station:

Waterloo (Connects to Jubilee, Waterloo & City, Northern and Bakerloo lines)

Contact us

Laura Marshall

Telephone: 0845 373 6771