Book online

Event Summary

With the Data (Use and Access) Act 2025 now passed, it’s more important than ever to ensure your organisation’s data handling practices meet the latest legal standards.

Our Data Protection Essentials online training course gives you the practical knowledge and confidence to manage personal data securely, responsibly, and in full compliance with both general GDPR and the DUAA 2025.

This one-day course explores the key changes introduced by the DUAA, including new rules for automated decision-making, international data transfers, and cookie consent. Learn how to apply these updates in real-world scenarios to keep your organisation compliant and accountable.

Gain a clear understanding of individual data rights such as access, consent, and the right to be forgotten. Learn to respond to Data Subject Access Requests (DSARs) effectively and understand the lawful use of data for marketing and the updated rules around data sharing.

Through expert-led guidance, learn how to apply Data protection by Design and Default, conduct Data Protection Impact Assessments (DPIAs), and review your data collection and retention practices to reduce risk and support your business goals.

Our expert trainer will provide you with guidance on how to assess, identify and report potential data breaches. Review your data protection policies to ensure that they are compliant.

Take this opportunity to secure staff buy-in through data protection initiatives, engage stakeholders in data policy reviews and update your business processes to ensure your organisational practices adhere to the data protection principles.

Trainers

Tim Turner

Data Protection Expert and Trainer

Who should attend

This course is designed for the Public, Private and Not for Profit Organisations including:

Data Protection Officers and Compliance Officers
Data Teams
Information Risk Officers
CEOs, COOs
IT Managers and Database Managers

Online Training

Participate in live training online
Group work and practical scenarios
Course materials

The course has really developed my understanding on privacy and data protection, and I feel like I now have open channels to enquire through should I have a question in future.
Lou Abbott-Williams, Eurofins Agroscience Services

Enthusiastic and engaged trainer. Kept the pace / tempo going well.
Chenab Mangat, CLC

I got some really useful pointers out of the session. The trainer delivery was really good. Also he was informative and being able to ask questions throughout was useful.
Sarah Jones, Newport City Council

Course Outcomes

Understand the main changes introduced by the DUAA 2025, including AI, data transfers, and consent
Improve your organisation’s data collection, processing, and storage practices to meet DUAA 2025 and UK GDPR standards
Identify and reduce the risk of data breaches through proper assessments and effective data governance
Recognise your responsibilities and balance legitimate interest with rights of data subjects
Get organisational buy in, and make sure colleagues understand do’s and don’ts
Review and update your data protection policies to align with the latest legal requirements

Agenda

09:45 - 10:00

Course Introduction

Tim Turner

Data Protection Expert and Trainer

10:00 - 10:30

The Fundamentals of Data Protection and Compliance

Understanding your role as a data controller or processor
Core principles of data protection and good information governance
Mapping data collection and retention
Aligning data practices with organisational goals
Do we need a DPO?

10:30 - 11:45

Understanding Data Protection: GDPR, DPA 2018 & DUAA 2025

Overview of the UK’s legal frameworks: GDPR, DPA 2018, PECR, and DUAA 2025
DUAA 2025 updates:

– Transparency in automated decision-making and AI

– International data transfers

– Cookie consent and digital tracking

Risks of non-compliance
Marketing rules and lawful bases for processing

11:45 - 12:00

Morning Break

12:00 - 13:00

Data Protection by Design and Data Protection Impact Assessments (DPIA)

What data protection by design and default means under DUAA 2025
When and why DPIAs are required
Steps for conducting a DPIA
Identifying risks and applying mitigation (e.g. encryption, access controls)
Documenting and managing ongoing risk

Participants will engage in scenario-based discussion in this session, looking at real-life case studies and learning from good and bad practices.

13:00 - 14:00

Lunch Break

14:00 - 15:00

Updating the Three Ps of Data Protection: Policies, Processes and Procedures

Understanding your organisation’s risk appetite
Building and maintaining a record of processing activities
Managing third-party relationships and contracts
Drafting processor contracts and joint controller agreements
Reviewing and updating internal data protection policies
Engaging stakeholders and securing staff buy-in

15:00 - 15:45

Working with the Information Commission (formerly ICO)

Registering your organisation under the new regulatory structure
Handling complaints and breach reporting
Understanding enforcement actions, reprimands, and penalties

In this session, participants will have the opportunity to raise questions, engage in group discussion about their experience in dealing with ICO and get advice from the trainer on the best approach

15:45 - 16:00

Review of the Day

Useful resources
Final questions and feedback

16:00

Close of Course

Tim Turner

Data Protection Expert and Trainer

CPD

This training is CPD certified.

Contribute 7 hours towards your Continuing Professional Development (CPD)
Receive a certificate of attendance.

In-house Training

Westminster Insight provides bespoke training at a time and place to suit you and your organisation’s needs. All our courses can be provided online, at your place of work or a venue of your choice. Additionally, we can tailor or create a course to suit the exact needs of your organisation. We will discuss the learning outcomes with you and tailor the training to the needs of your organisation.

Benefits of in-house training:

Flexible – Schedule a course date and times that work best for you and your teams. Upskill your teams immediately as training needs arise. Choose from in-person or online and bring your teams together to learn in an interactive, friendly environment.

Cost-effective – Train groups of individuals working in the same organisation without incurring travel or accommodation costs.

Customised Content – Our experienced trainers work with you to ensure that the course content is tailored to meet the needs of your teams and organisation. Benefit from the opportunity to have in-depth discussions about scenarios in your organisation in a confidential forum.

Find out more about our tailored training solutions by contacting us at learning@westminsterinsight.com

Download Training Catalogue

Handling Data Subject Access Requests Online Training

Thursday 13th November 2025

Data and Technology Training Courses

Preventing and Responding to a Data Breach Online Training

Wednesday 13th August 2025

Data and Technology Training Courses

Freedom of Information (FOI) Requests and Exemptions Online Training

Monday 16th March 2026

Data and Technology Training Courses

Data Protection Essentials

Online Training

Event Summary

Course Outcomes

Agenda