Cookie PolicyWe use cookies to enhance your experience while using our website. We will take your continued use of our website as consent to our use of cookies.






Data Protection

Module Leader: Louise Connacher


This interactive full-day training session (which combines theory-based learning with a series of interactive group sessions) gives an understanding of the duties imposed on organisations by the Data Protection Act 1998 (“DPA”) and also looks ahead to the requirements of the General Data Protection Regulation (“GDPR”), which will come into force in May 2018.

Module aims

The DPA imposes duties on those who collect, store, manage and destroy data, and is relevant to virtually all organisations in the UK.  From May 2018, the DPA will be replaced by new legislation deriving from the GDPR.

This module aims to provide participants with:

  • an understanding of the main concepts of the DPA:
    • data
    • personal data
    • sensitive personal data
    • data processing
    • the eight data protection principles
  • the knowledge to enable managers to ensure compliance with the DPA at a practical level, including:
    • how to ensure that the organisation can demonstrate lawful purposes for processing data
    • how to draft consent forms and privacy notices
    • what should be included in a Data Protection Policy
    • whether the organisation’s security arrangements are sufficiently robust
    • when it is legal to monitor the activities of employees and third parties – CCTV, emails, internet access
    • how to handle subject access requests
    • what should be considered when drafting a retention/destruction policy
    • an understanding of the current enforcement regime, including court action and enforcement by the Information Commissioner’s Office
    • an overview of the GDPR and the steps that they should be taking now to prepare for compliance in May 2018

Learning outcomes 

By the end of this module, participants will: 

  • understand the key concepts relating to data protection within their own organisation
  • be able to utilise their newly gained knowledge to prepare and implement an effective policy
    • understand the current enforcement regime
  • understand the main steps to take now to prepare for the GDPR

Data Protection: Course Agenda

09:30 - 10:00  Coffee and Registration
10:00 - 10:05   Introduction to the day
10:05 - 10:15   Overview of current and future legislation and guidance
  • Data Protection Act 1998
  • Guidance from the Information Commissioner’s Office
  • General Data Protection Regulation
10:15 - 10:45  Key definitions
  • Data
  • Personal data
  • Sensitive personal data
  • Data processing
10:45 - 11:00 Case study in groups
11:00 - 11:15  Coffee Break
11:15 - 11:45  The eight data protection principles
  • Principle one – fair and lawful processing
  • Principle two – lawful purposes
  • Principle three – adequate, relevant and not excessive
  • Principle four – accurate and up to date
  • Principle five – not to be kept for longer than is necessary
  • Principle six – data subjects’ rights
  • Principle seven – security of data
  • Principle eight – transferring data overseas
 11:45 – 12:00  Privacy notices and consent
  • When they are required
  • What they should contain
  • What does “consent” mean?
12:00 - 12:15  Drafting exercise in groups
12:15 - 12:30  Drafting a Data Protection Policy
  • Where to start
  • What to include
  • How to implement
12:30 - 13:15   Lunch
13:15 - 13:30  Security arrangements
  • Physical security
  • Computer systems
  • Hardware
13:30 - 13:45  Monitoring
  • Emails
  • Internet use
  • Other electronic monitoring
  • CCTV
13:45 - 14:00 Case study in groups
14:00 - 14:15 Subject access requests
  • Obligations
  • Time limits
  • Locating personal data
  • Redacting data
14:15 - 14:30 Drafting a retention/destruction policy
  • Where to start
  • How long should data be retained?
  • How to implement
14:30 - 14:45 Group exercise
14:45 - 15:00  Coffee Break
15:00 – 15:15 Enforcement
  • ICO enforcement
  • Criminal penalties
  • Civil actions
15:15 – 15:45   Preparing for the General Data Protection Regulation
  • Legal timetable
  • ICO Guidance
  • Headline changes
  • Next steps
15:45 – 16:00 Recap of the day and learning outcomes

The cost         

Our standard charge is £200 plus VAT per delegate for a full day course, if it is being held at our premises or a venue close to our offices.  In addition, we do offer three for the price of two rates.

For a half day course, our fees are £125 plus VAT per delegate.

Should you require the course to be held in-house at your premises, then the fee would be £2,000 plus VAT for up to 12 attendees.  Should your premises be in London, then the fee would be £2500 plus VAT plus travel and hotel costs. 

For a half day course, our fee would be £1250 or £1500 for London plus travel costs.

If you are interested in reserving a place, please contact our Events Manager, Emma Holehan on 0113 280 2035 or


Get in Touch

With Lupton Fawcett on your side, you're taking control. Contact us today.

Delegate testimonials

“ I just want to add that yesterday’s seminar was absolutely brilliant, the speakers, their subject knowledge and content was exceptional and it was delivered in such a way that an otherwise difficult and sometimes ‘dry’ subject came across in manageable and enjoyable format.” Kate Swinton, Sweet Squared

“This was one of  only a handful of courses that I have  ever been on where I have walked away having thought that it was time well spent, and that I had  learnt something"  Gemma Gill, Call Credit Information Group Leeds  

“Well presented with  especially useful discussions about real case studies. Excellent training day throughout“. Saoirse Cowley, Government Legal Department

“Pitched at the right level; not too detailed but sufficient to enable an overall understanding of key aspects of employment law”.  Chris Brewster, Animal Care Plc 

“Excellent presentation, clear learning outcomes and very good case studies”. Attendee Chaucer Foods Limited 

“Excellent and entertaining delivery“.  Bred Duncan, Duncan Chartered Accountants 

“Very well presented. All information detailed and very well put across”.  Mathew Chafer, Begbies Traynor  

“Excellent presenters, dynamic case studies and examples”.  Camilla Reece, Financial Force  

“Really enjoyed the day ; learned something new ! Excellent facilitators“. Sarah Kelly, HR Manager CPP 

“Very well presented and very informative”.  Shanna Pindair, Yorkshire Energy Partnership 

“Detailed , very informative, great use of case studies to illustrate examples”. Alexandra Myer, Morrisons Supermarket Plc 

Get in Touch