As well as the General Data Protection Regulation (GDPR), the new Data Protection Act 2018 came into force in May. The two pieces of legislation need to be read side by side as the Data Protection Act (DPA) is wider than GDPR.

This Understanding Data Protection training course has been designed to help you and your organisation understand and comply with the latest data protection legislation, in order to avoid hefty fines and reputational damage.

This public sector focused Understanding Data Protection training course helps your organisation understand the similarities and key differences between the DPA 2018 and GDPR.

On this Understanding Data Protection course work through best practice examples from the public sector and gain an information governance toolkit. Leave with the confidence that you can implement robust data protection processes.

What previous delegates said about Understanding Data Protection:

“The trainers approach is real world based with examples that are meaningful from regulations that one extremely complex so ideal for a mixed course with different knowledge levels” – Data & systems Officer, Cranston

“Accepting that this is a very dry subject Lynn Wyeth made he course interesting throughout. It was highly informative and her knowledge about the subject was excellent.” – Quality Lead, Metropolitan Police Service

“I really enjoyed the training and found it refreshing to hear from the expert advice from the trainer.” – Governance and Policy Manager, Revenue Scotland


Chair: Lynn Wyeth
Lynn is the Information Governance Manager at Leicester City Council. Having previously worked as an MP and MEP’s political assistant, Lynn moved to her local council where she now oversees the Council’s Information Governance agenda including data protection, FOI, information sharing, RIPA and CCTV.

She has also helped health organisations with their information governance procedures.

Lynn is the author of two books, A Practical Guide to Handling Freedom of Information Requests and Data Protection: Compliance in Practice.

09:15 - 09:45


09:45 - 10:00

Trainer's Welcome and Clarification of Learning Objectives

10:00 - 10:45

Understand the Latest Data Protection Legislation

  • Discuss how GDPR and DPA 2018 Act has impacted your organisation
  • Understand the key differences between the DPA 2018 Act and the GDPR
  • Learn how to put theory into practice
  • Identify and overcome the challenges to implementing the legislation
  • Overcome barriers to information sharing whilst being compliant
  • Learn from best practice examples
10:45 - 11:30

Privacy by Design

  • Assess the technical and organisational measures that show you have integrated data protection into your processing activities
  • Create a data protection impact assessment (DPIA)
11:30 - 12:00

Morning Break

12:00 - 12:45

Complying with Individuals Rights – Access, Rectification and Erasure

  • Ensure transparency about collection and use of personal data
  • Create privacy notices – tailoring your notices to the most relevant audience
  • Responding or refusing to comply with a request for rectification
  • Examine the ‘right to be forgotten’ and what that means in practice
  • Preparing and complying with requests for erasure – who has responsibility, timescale and ensuring all reasonable steps are taken
12:45 - 13:30

Securely Sharing Data

  • Ensure your data sharing procedures are fully compliant
  • Review your risk analysis, organisational policies, and physical and technical measures
  • Maintain and enhance the security of personal data sharing
  • Continuing effective data sharing across departments and organisations
13:30 - 14:30


14:30 - 15:00

Instilling a Good Data Protection Culture

  • Engender an appreciation of information governance across your organisation
  • Embed a data privacy culture by obtaining buy-in from stakeholders and senior management
  • Implement transparent internal data protection and security policies
  • Training staff to adhere to data protection policies and creating procedures non-compliance and data breaches
  • Demonstrating compliance to external stakeholders
15:00 - 15:15

Afternoon Break

15:15 - 16:00

Workshop: Design an Information Governance Toolkit

  • The role of Data Protection Officers
  • Consent
  • Sensitive personal data
  • Subjects’ rights
  • Data protection impact assessments
  • Privacy notices
  • Information sharing
  • Controllers and processors
  • Data breach reporting
16:00 - 16:15

Feedback & Close

Lynn Wyeth

Information Governance Manager, Leicester City Council

Lynn is the Information Governance Manager at Leicester City Council. Having previously worked as an MP and MEP’s political assistant,…

Read more

Central London

Q: Can I make a provisional booking?

A: Unfortunately, we do not accept provisional bookings. Registrations are subject to our terms and conditions. View terms and conditions here

Q: Can I book without a purchase order number?

A: Yes. Simply email [email protected] after you have booked the course, with your Purchase Order Number. Please quote your order number and the course you are booked onto.

Q: Is lunch included?

A: Yes, a two-course hot buffet is served at lunch. Tea and coffee are served throughout the day.

Q: I have special dietary requirements, how can I request this?

A: Special dietary requirements can be catered for, please ensure you include this in the further information box when registering your place. If you have forgotten to add this, you can also send your requirements to [email protected] or call 0800 542 9440. Please let us know as soon as possible so we can ensure your needs are met.

Q: I have just registered for the course, when will I receive the joining instructions?

A: You will receive the joining instructions and reminders, 2 weeks, 1 week and 3 days before the course date. Please check your spam box to see whether the joining instructions were sent there, if not please call 0800 542 9440 so we can have these sent to you immediately.

Q: I can no longer attend the course, can a colleague attend in my place?

A: Substitutions may be made at any time but must be made no later than 48 hours prior to the event. Please call 0800 542 9440 or email [email protected] with the replacement's details.

Q: What is your cancellation policy?

A: Cancellations must be received in writing 30 working days before the date of the event and will be subject to a £195+VAT administration fee. Cancellations received after this time will be subject to the full delegate fee.

Q: Why haven’t I received the speaker’s presentation?

A: Speakers presentations are sent a week after the event date. Please contact a member of the UMG team on 0800 542 9440 or [email protected] if it has been more than a week.

Q: Will there be WI-FI?

A: Yes, all our venues have the latest technology, offer full audio visual support and WI-FI.

Q: Can’t find what you are looking for?

A: Why not contact a member of the UMG team on 0800 542 9440 or email [email protected]