4 February 2026

The Essentials of Data Protection

By Jess Pembroke, Director of Information Law Services

We’ve already had a busy start to the year delivering our CPD UK accredited training courses. After more than 15 years of training staff in data protection, I’ve noticed a welcome shift, people now have a broader awareness of what privacy means, why it matters, and how it affects them as both individuals and employees of organisations.

During our Essentials course, I often joke that if you only take two things away, let them be the principles and the data subject rights. While this is certainly an oversimplification of a complex, historically law woven from decades of international privacy considerations those two areas provide a strong foundation.

Below are some of the core topics we explore:

Understanding Key Terms

We begin by defining essential concepts such as special category data and lawful bases for processing. These terms can be confusing, especially around when consent is required and which types of data need additional protection and why.

The Seven Data Protection Principles

Data protection is far more than just security. We spend time exploring all seven principles, including fairness, purpose limitation, minimisation, and accountability. Fairness and transparency[1] are key, especially with clear, thorough privacy notices.

Roles and Responsibilities

Many people struggle to distinguish between Data Controllers and Data Processors. Smaller organisations can feel overwhelmed when dealing with large global software providers, especially during due diligence or when attempting to review terms and conditions of use.

Data Subject Rights

Most delegates have heard of rights such as access or erasure, but few have handled a request from start to finish. We walk through what a request looks like, common issues to consider, and how to manage the relationship with the requestor.

Data Breaches and the ICO

Data breaches are always a hot topic. Many delegates believe that every incident must be reported to affected individuals, even for low harm or near miss situations. Meanwhile, the rules around when to notify the Information Commissioner’s Office (ICO) are less well understood. We talk through requirements and timelines for reporting and look at some examples of data breaches.

I am grateful to be able to share this knowledge with others, and I’m always appreciative of the questions that challenge me and help me continue to expand my own understanding.

If you would benefit from a refresh on data protection, I’d be delighted to welcome you to one of our upcoming courses.

In Data Protection Essentials, you’ll explore the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 and leave with the skills to apply them in real-world situations. This course helps you build a proactive approach to data privacy and ensures you’re ready to manage data breaches, requests, and policies with confidence. The course is next running 11 & 12 February (9:30am-1pm both days). Please contact us at info@naomikorn.com with any queries.

[1] See also In All Fairness… Understanding the Fairness Principle in Data Protection – Naomi Korn Associates

Recent News

London Library Back Stacks © Simon Brown
31 March 2026

Generally Recognised Standards for use in the data protection purpose ‘archiving purposes in the public interest’

read story
Horace Bénédict de Saussure and others ascending Mont Blanc. Coloured aquatint. Wellcome Collection.
25 March 2026

Data Subject Access Requests: A Burden for Small Businesses?

read story
A Battle between Animals, Divs and Hindu Deities, Unknown Artist, Wellcome Collection, via ArtUK
18 March 2026

Get a Grip on Copyright – Understanding the Basics

read story
Salford Quays, Jason Jeandron via Unsplash
12 March 2026

Data Breach News: Salford City College Group

read story

Back to News

Discover more from Naomi Korn Associates

Subscribe now to keep reading and get access to the full archive.

Continue reading