Colin Rooney

I’m Colin Rooney, Partner and Head of the Technology and Innovation Group at Arthur Cox. At today’s Data and Digital Leadership Forum, we will be hearing from a range of voices in relation to data and digital matters, including in relation to data protection, AI, cyber resilience, and tech regulation more generally.

Malcolm Byrne

I’m Malcolm Byrne, and I’m Chair of the Joint Oireachtas Committee on Artificial Intelligence.

Olivia Mullooly

My name is Olivia Mullooly. I’m a partner in the Technology and Innovation Group in Arthur Cox. The Data and Digital Leadership Forum is an important event for us because it brings together clients across a range of different sectors. So the laws pertaining to data and technology and the digital environment, these are not issues that just pertain to the tech sector, they are increasingly touching on clients across a range of other sectors also. So today is an opportunity for us to reflect and break down some of the key laws in these areas and also to hear from the key regulators about what their strategies and priorities are in the months and years ahead.

Michael Egan

I’m Michael Egan. I’m at the Conrad Hotel for the Data and Digital Leadership Forum. Events like these are important because they bring technical, legal, and risk perspectives together around real data challenges. That shared understanding helps organisations shape how they use technology in advance before the pressure hits.

Malcolm Byrne

For Ireland, it’s critical that we’re a leader in the AI space, and that means both getting the appropriate level of regulation in place to maintain public trust and confidence, but also to support innovation, to be able to use this new technology to ensure that we can better deliver goods and services. For the State, that means how do we safely use AI to deliver public services better to citizens. But for companies and for organisations, it’s about using this technology to be able to improve business processes.

Colin Rooney

Events like the Data and Digital Leadership Forum are important because I think they provide an opportunity for us to bring together different important voices in the data and digital landscape. So for example, it’s a great opportunity for us to present to our clients in relation to new and novel and emerging areas of law. But it’s equally a fantastic opportunity for us to hear from the clients in relation to the things that are coming across their desks, which are occupying them, which are maybe perhaps occupying senior leadership within their organisations as well. So it’s a great opportunity to have that conversation. And I think it’s also a nice context to meet clients and maybe to have a friendly discussion over a cup of coffee.

Aoife Mac Ardle

I’m Aoife Mac Ardle. I’m an of counsel in the Technology and Innovation Group in Arthur Cox. So in a world where digital regulation has become, especially in the last five years, increasingly complex, events like today where we can gain a regulatory insight as well as insights from our client and insights from the wider Technology and Innovation Group, I think they’re really important in terms of navigating what has become increasingly complicated terrain.

Colin Rooney

For more information, please visit arthurcox.com/dataanddigitalleadership

My name is Ian Duffy, and I’m a partner in the Technology and Innovation Group at Arthur Cox. So there was a number of key messages coming out of our panel session on negotiating win-win technology contracts today. Firstly, understanding the regulatory implications and regulatory requirements that are relevant to your contractual negotiations is really important, and engaging with your counterparty in relation to these regulatory requirements at the outset is key as well, and ultimately that should help you deliver a better outcome. Another key theme coming out of today’s session was the importance of ensuring that there’s appropriate alignment and buy-in from your key stakeholders involved in the contractual negotiations. And by doing this, you should be able to ensure that the competencies and the expertise that exist across your legal, business, and procurement teams involved in the negotiation process are effectively harnessed to deliver a constructive outcome in the negotiation.

A third key theme coming out of today’s session was the increasing importance of AI tools to contractual negotiations, and how clients are starting to see that these tools can help them to conduct their negotiations in a more efficient and a more consistent manner. So being alive to the value that these sort of AI tools can deliver to your contractual negotiations and starting to experiment with them to realise that value was another key message. For more information, please visit arthurcox.com/dataanddigitallleadership

I’m Aoife Mac Ardle, I’m an Of Counsel in the Technology and Innovation Group in Arthur Cox, and we’re here today at the Data and Digital Leadership Forum 2026. The Data Act does a wide variety of things, but when you’re looking at just contracts, it’s Chapter 6 and what it does for data processing services and the right to switch that’s really significant. So just to break down some of the terminology there, when you’re talking about data processing services in the context of the Data Act, what you mean are cloud computing services providers and when you’re talking about a right to switch, what you mean is a right to terminate on notice so the Data Act in Chapter 6 says you have to remove obstacles for a service recipient’s ability to exercise this right to terminate on notice, you actually also have to put in place a regime in your contract to allow them to exercise that right.

So when you’re thinking of changes in the Data Act, this ability to exercise a right to terminate on notice in a business to business as well as a business to consumer context, that’s what’s really significant. From a data protection perspective, your first question is always, is there personal data being processed under this arrangement?

And if there is, which invariably that’s the case, you’re thinking firstly about what’s the processing relationship with this service provider? So if you’re sending data to your service provider and they’re processing data on your behalf, you’re going to need to be thinking about Article 28 of the GDPR and pulling in the requirements that are set out there. The second thing to think about is, I suppose, the destination that the personal data is going to once you transfer it out of your organisation. If it’s going to a country that’s not in the European Economic Area, you need to be thinking about what’s our mechanism to ensure appropriate safeguards are in place for this personal data. It’s going to a country like the UK, you have your adequency decision there. But if it’s going to a country that doesn’t have an adequency decision, you probably need to think about standard contractual clauses and pulling those into your contract. Those are the really two key things. For more information, please visit arthurcox.com/dataanddigitalleadership

Michael Egan

My name is Michael Egan, and I am a Director in the Legal Tech and Innovation Practice Group in Arthur Cox. The most valuable use of Gen AI that we’re seeing at the moment is in the front-end document review, helping teams understand their data much faster. In DSARs, for example, we’re using Gen AI to identify themes, locate personal data, and surface the high-risk documents earlier in the process. That enables our lawyers to make informed decisions, reducing the unnecessary document review without cutting any corners. The most important thing about all of this, it’s not replacing legal judgement, it’s augmenting it, so when Gen AI is used inside a structured and defensible workflow, there’s significant savings in terms of costs, efficiencies, and speed. And that’s what our clients have been asking us for. The one thing that organisations organisations are starting to fully appreciate is how broad their digital footprint can be. So in investigations, whether it’s cyber, employee misconduct, or investigations themselves, we’re collecting data from devices, cloud platforms, collaboration tools, and increasingly, AI systems themselves. During a cyber attack, the most important thing is not just containment, it’s understanding the impact. Organisations need to quickly understand who has been impacted, what personal data has been exposed, and whether it relates to their employees, their customers, or their third parties.

You’ll need this for your regulatory reporting, which you’ll also need to shape your communications with the affected individuals. By targeting the information with our lawyers and harnessing the power of AI, we are able to identify high-risk documents early, assess the individual risk, and prioritise communications, so we’re reaching out to the people who are most impacted first. The outcome is a clear and structured report, so people can make decisions with clarity and confidence. For more information, please contact us at arthurcox.com/dataanddigitalleadership

Colin Rooney

I’m Colin Rooney, Partner and Head of the Technology and Innovation Group at Arthur Cox. At today’s Data and Digital Leadership Forum, we’ll be hearing from a range of voices in relation to data and digital matters, including in relation to data protection, AI, cyber resilience, and tech regulation more generally. Our clients are encountering a wide range of different challenges in relation to the data and digital space. I think perhaps the most challenging for our clients is the sheer breadth of law that has been passed over the last number of years, over the last two, three years in particular. There is a wide range of data and digital legislation, the AI, cyber, and online safety space for example, which has had a significant impact on our clients. But underpinning this is still the fact that data protection and GDPR compliance remains a core requirement for a broad range of our clients. I think with the very, very quick movement that we’re having in relation to data legislation and case law, a strong existing GDPR Compliance Governance Framework can really help organisations to have a baseline from which to work to prepare themselves for AI compliance, to deal with the reporting aspects, for example, in relation to cyber, and to deal with the other issues that can arise in the new and emerging digital space.

For more information, please visit arthurcox.com/dataanddigitalleadership

Olivia Mullooly

My name is Olivia Mullooly. I’m a partner in the Technology and Innovation Group in Arthur Cox. We’re here in the Conrad Hotel for our annual Data and Digital Leadership Forum. The key themes of my session today are cyber, cyber risk, cyber readiness, cyber response. The session is designed to bring the benefit of our experience in navigating clients to the aftermath of a cyber attack, the investigation, the remediation, and the mitigation of the issues that will typically arise for clients when they’re dealing with such an unfortunate event. My colleague Vivian Spies is then going to touch on some of the emerging laws in the area of cyber resilience and cyber in this, and we’re delighted to again be joined by Paul Stanley, who’s head of engagement in the National Cyber Security Centre, to talk us through some of the priorities for his organisation in the months following implementation of the cyber security bill into Irish law.

The Data and Digital Leadership Forum is an important event for us because it brings together clients across a range of different sectors. So the laws pertaining to data, technology, and the digital environment, these are not issues that just pertain to the tech sector. They are increasingly touching on clients across a range of other sectors also. So today is an opportunity for us to reflect and break down some of the key laws in these areas, and also to hear from the key regulators about what their strategies and priorities are in the months and years ahead. For more information, please visit arthacox.com/dataanddigitalleadership, or contact any member of our team.