28 January 2026

New Year’s Resolutions for Data Protection

By Jess Pembroke, Director of Information Law Services

It’s the time of year when many of us set New Year’s resolutions and perhaps a few have already slipped. As for me, I’m looking forward to continuing to help organisations meet their goals while balancing the risks and responsibilities of using data securely, ethically, and effectively (oh and eating more plants too).

If you’re looking to “shape up” your compliance in 2026, here are my suggested New Year’s resolutions:

1. Do More for the Environment (Data Retention)

We often think about environmental impact in terms of paper use and yes, not printing confidential information is a great start. But one of the biggest environmental pressures today comes from data centres. Every time we create, store, or share data, these cloud providers use energy and water.

If your organisation has retention policies, make this the year you act on them. Clearing out old physical files and deleting unnecessary digital records reduces storage needs, cuts carbon usage, and improves data security.

A clean inbox and a clean shared drive are good for compliance and the planet.

2. Learn a New Skill (Training & Upskilling)

When was the last time you completed data protection training? Was it useful, engaging, or relevant to your role?

If not, set yourself a goal this year to build confidence in an area you’ve been curious about take a look at our courses on AI & Data Protection Law, Lawful Digital Marketing or Data Sharing & Contracts.

3. Exercise Rights (Data Subject Rights Readiness)

Just like regular exercise keeps us healthy, right of access helps people understand what organisations hold about them, if it is correct and what decisions have been made and why.

Ask yourself:

• How confident are we in handling access requests?
• Do staff know what to do if someone asks to have data erased or corrected?
• Are our timelines achievable?
• Could we respond today if someone submitted a complex request?

People have a right to ask for information about them, and if you receive such as request contact your Data Protection Officer for support and advice.

4. Give Back (Data Sharing for Public Good)

Data sharing, done lawfully and transparently, can create enormous social value.

From systems that help identify dementia patients at risk of wandering, to projects that speed up access to public services, sharing information can protect people, improve services, and planning.

If you think data could be used for the greater good in your organisation speak to your Data Protection Officer. They can help implement data sharing agreements that enable safe and effective data sharing across organisations.

5. Keep an Eye on Your Finances (Preventing Fraud After a Breach)

Accidental disclosure or loss of data can sometimes lead to identity theft. If you believe personal and financial information has been involved in a breach, it’s important to take practical steps.

Top tips for financial security include:

• Monitoring bank accounts and online financial services for anything unusual.
• Check your credit reports (Experian, Equifax, and TransUnion) to ensure no credit has been taken out in your name.

Looking for Support in 2026?

If you would like any support or guidance on putting these suggestions into practice, we are here to help. Whether you need training, a fresh look at your policies, support responding to rights requests, or strategic advice on upcoming regulatory changes, please get in touch.

Looking to increase your confidence in your organisation’s approach to data sharing and processor contracts? Join our Information Sharing, Data Processors and Contracts course on 5 February (or 12 March) to be  equipped to draft and review agreements, understand compliance requirements, and ensure your data sharing practices are robust and lawful!