Data Protection by Design and Default Workshop

A notice on COVID-19:

Given the heightened concerns surrounding the novel coronavirus (COVID-19), we want to take this opportunity reassure you that DQM GRC is delivering its data protection and privacy services in line with the latest guidance from the World Health Organisation and government authorities.  

If you’re considering our Privacy by Design training course, rest assured that we can deliver these courses remotely for your organisation via e-learning.

We are more than happy to accommodate your specific business needs and put together a plan that works for your organisation. Our high-quality services can be delivered in most scenarios, however extraordinary, whilst minimising the potential disruption to your business in this current climate.

You can find more information on our COVID-19 policy here.

Privacy by Design training courses 

Our interactive, creative and practical Privacy by Design programme won at the 2019 DMA Awards - you can find out all the details here.

Privacy by Design is an essential obligation under the GDPR and DPA18, and ensures privacy is baked into your processes and products right from the start.

We can help your whole organisation develop a privacy-first mindset.

This course aims to deliver the following objectives:

  • Highlight the risks and opportunities presented by GDPR
  • Summarise the organisational benefits of a Data Protection by Design approach
  • Outline the key strategies which can be implemented
  • Build a privacy-centric thought process, whilst being a fun and engaging learning experience

Our Approach:

This workshop’s content was designed using the principles of Kolb’s & Kolb’s Experiential Learning. We looked at how different teaching styles can be applied to increase engagement and ensure that learners understand how to implement the training in their everyday working roles.

Each session is broken down into 3 phases:

  • Experience the challenge
  • Learn a concept
  • Make the change

Centred around active discussions and team-based activities (involving lemons, playdoh, and blindfolds), this learning-by-doing approach makes privacy training fun and ensures teams in every function develop a Data Protection by Design attitude.

Course Overview:

  Course Length:
2 days.

  Shared or Bespoke Courses:
We offer bespoke courses that can be delivered to your team on-site or smaller organisations can join shared sessions with other companies

  Number of Attendees:
Up to 20 per session.

Anyone involved in the design, development or delivery of products or services within your organisation.

  Course Requirements:
A basic understanding of privacy is useful but not essential.

Course Content:

The delivery is split into 4 sessions which are each ½ day in length.

The workshops include:

The session starts with reviewing case studies and examples of what can go wrong when organisations have not fully considered all the implications and risks associated with data protection across the organisation.

The fundamental concepts of data protection are reviewed: Confidentiality, Integrity and Availability.

Group discussion engages the attendees in thinking about how your organisation approaches data protection, how practices are kept up to date and how this is then communicated to data subjects.

The initial session is then finished by reviewing the rights that data subjects have under the regulations and how these might be reflected in the daily duties the attendees undertake. This includes discussions on the basis for processing and practical exercises to help visualisation of the rights in a business context.

The concept of Data Protection by Design is introduced in Article 25 and includes 7 key concepts which are reviewed in detail.

Interactive discussions engage the attendee’s in thinking about these concepts in relation to current practices and thoughts around changes which might need to take place to incorporate a Data Protection by Design culture across the organisation.

To fully embed the key concepts one of the key areas that organisations must include is a DPIA. The afternoon session also includes a review of how these should be undertaken and worked into a development process across the organisation.

The DPIA template discussed in the training can either be aligned to existing processes within your organisations or suggested templates can be used.

The second day of the workshop is focused on communication and how Data Protection by Design might impact the organisation with relation to specific projects.

The first area for discussion is a standard project lifecycle and specifically in relation to data protection and transparency.

The workshop will provide attendees with a checklist of requirements which should be considered for all projects.

The checklist includes: data protection, transparency, data minimisation, data retention, data subject access requests, data rectification and accuracy, data erasure and information security standards. The legal basis for processing is also revisited in relation to consent.

Data protection should be considered not only during the planning process, but throughout the on-going live phase and into business-as-usual. This last part of the workshop revisits some of the previous fundamental principles and looks at project management in relation to data protection and the tools that could be considered, as well as the testing of methodology to ensure all key risks are addressed.

Third-parties also play a key role in safeguarding data used across an organisation; they might be data controllers, joint controllers, or data processors. There are specific requirements under the regulations which may need to apply - these are reviewed.

The workshop to this point has been focused on proactive activities and steps that can be taken to reduce and mitigate risks to personal data throughout an organisation and specific projects. However, incidents and breaches will occur, so it is important that not only is there a process in place but that all individuals involved are aware of their responsibilities in relation to documentation, tasks and incident reporting.

Our Fantastic Results:

  • 100% of attendees say privacy will feature more heavily in their thinking because of our training
  • 100% of attendees from across different functions found it relevant to their job
  • 100% of attendees felt the training met with their expectations

What our attendees say:

"I have applied the different concepts in my everyday work life... ...this [training] has been inspiring."

"This course was innovative and refreshing. The approach on how we should protect the data of our users and how that will generate a great value on our products was quite new for me."

"This has helped me to ensure I change my focus on the internal products, and make sure privacy is at the heart of our designs."

Discuss your needs today

To find out more about how we can help your organisation, call us now on 01494 442900 or complete our enquiry form:

Stay informed

Enter your e-mail and get the latest data news & advice straight to your inbox.

Find out more?

Leave your contact details below and one of our expert team will be in touch

We will only use the contact details you supply on the basis of our legitimate interest to respond to your query and contact you about DQM GRC. You will always be given the opportunity to opt-out from future communications. Please read our privacy policy for more details.


Find out more..

If you are interested in any of our services then please either use the contact form or contact us via of the methods below:

  •   Telephone
  •   E-mail

  •   +44 (0)1494 442900