Collyer Bristow’s Data Privacy team offers live, interactive, engaging and practical training sessions on a variety of privacy-related topics. Sign up now.

Our training sessions include:

  1. 1.Overview of the UK and EU General Data Protection Regulation and Privacy and Electronic Communications Regulations

  2. 2.How to negotiate controller-processor agreements

  3. 3.Handling data subject access requests

  4. 4.International data transfers: the new landscape

  5. 5.Recognising and dealing with data breaches

How we can support your business

Collyer Bristow’s Data Privacy team offer live, interactive, engaging and practical training sessions on a variety of privacy-related topics. You can use our training to refresh your staff on their legal obligations or to cover particular areas of interest. We can help ensure that you have the tools you need to handle your business’s compliance with applicable data protection laws with confidence.

Our standard training packages typically last between 45 and 60 minutes. Depending on your requirements, we are happy to deliver training either in person or remotely via video conference. We recommend in-person training, which provides better engagement and opportunities to ask questions and test understanding.

If you are interested in a particular topic that isn’t listed below, please contact us. We are happy to offer bespoke, tailored training to suit your business’s particular requirements and/or to suit the intended audience, whether that is your marketing team, your in-house counsel, your IT manager, or your HR department.

Register your interest

Please submit the form to sign up to any of our data protection training sessions.

By clicking on submit, you consent to providing the below information to Collyer Bristow. As detailed in our privacy policy, you may withdraw this consent at any time by contacting

Which training session(s) are you interested in?

You can find more information on our training sessions here

Why is data protection training important?Toggle

The Information Commissioner’s Office expect your data protection practices, procedures, and policies to be reviewed regularly, especially in a fast-changing privacy landscape that has resulted in several big-ticket fines for companies around the world. It is also a legal requirement that your employees receive up-to-date training. Making sure that they comply with the fast-evolving laws on data protection is not optional.

Failure to train and update employees will expose your business to an increased risk of a data breach. The ICO also has wide powers to enforce compliance with UK GDPR, ranging from enforcement notices up to very substantial fines. All enforcement action is published on the ICO website, so this can result in potentially lasting reputational damage. In an increasingly cautious economic environment, taking shortcuts when it comes to data protection compliance could also make it more difficult to secure the investment you need to grow your business.

Overview of the UK and EU GDPR and Privacy and Electronic Communications RegulationsToggle

This introductory training session covers the fundamental concepts of the UK and EU GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 1993. It is ideal for staff who handle personal data in their day-to-day functions, such as your HR or risk and compliance team.

You will learn about the rights of UK- and EU-based individuals in respect of their personal data, the implications for your business’s staff, the rules that apply to using special categories of ‘sensitive’ personal data, and how to make sure your organisation is compliant. We also highlight common privacy-related issues faced by businesses in relation to direct e-marketing to individuals.

How to negotiate controller-processor agreementsToggle

When a data controller appoints a data processor, UK and EU laws require a written contract to be in place between them. While it is a requirement that this contract contains certain mandatory provisions, sophisticated businesses typically take different approaches to negotiating their content and wording as a method of minimising their risk exposure and maximising their commercial leverage.

This training session is designed for businesses that frequently encounter controller-processor agreements and require the know-how to be able to negotiate these in-house, depending on whether they are a controller or a processor. We will cover the requirements of Article 28 of the UK GDPR and EU GDPR in detail, considering issues such as allocation of liability and costs apportionment, so that you have the confidence to negotiate these on a regular basis.

Handling data subject access requestsToggle

The failure of businesses to handle a data subject access request (DSAR) properly is one of the most common reasons why individuals complain about them to the UK’s regulator, the Information Commissioner’s Office. DSARs are also increasingly complex to manage, since the quantity of information that businesses are likely to hold about them will typically be increasing.

In this training session, we explain in detail the rights of individuals to gain access to their personal data, as well as exemptions that your business could rely on in order to withhold certain information. We also take a look how to avoid common pitfalls when handling a DSAR so that you are fully up to date with the requirements of the UK GDPR, the Data Protection Act 2018, and the ICO’s latest guidance on this topic.

International data transfers: the new landscapeToggle

Despite the globalised way in which many businesses operate today, UK and EU data protection laws restrict the transfer of personal data to countries outside of the UK and the European Economic Area that are not deemed to have an adequate level of data protection. This can present challenges not only when it comes to international commerce but also in respect of basic outsourced functions, such as using CRM systems or servers that are not located in the UK or the EEA.

In this session, we explain what constitutes an international transfer of personal data, how to determine whether a country is considered ‘adequate’, and what to do if you wish to transfer personal data to a country that does not have adequacy status. In particular, we will take a look at the implications of the much-publicised Schrems II judgment that invalidated the EU-US Privacy Shield and how this affects your transfer of personal data to countries such as the United States, as well as the latest set of ‘standard contractual clauses’ mandated by the European Commission and their UK equivalent.

Recognising and dealing with data breachesToggle

Data breaches can arise in a number of different circumstances, many of which may not be immediately apparent to a business unless it is aware of what to look out for. A data breach resulting in a risk of serious adverse consequences for data subjects must be reported to the Information Commissioner within 72 hours of its discovery, and individuals may also need to be notified. It is therefore very important that the managers of a business have trained their staff to identify when a breach may have occurred and to have a procedure to deal with any reporting that may be needed.

In this session, we will highlight the most common forms of data breach, including suggesting practical steps to minimise such breaches occurring. We will also set out the basic steps necessary to investigate the extent and assess the potential severity of the breach, to establish whether it was a one-off or a continuing event, and to progress to terminating the breach and dealing with any necessary reporting to the ICO and individuals.


Please add your details and your areas of interest below

Specialist sectors:

Legal services:

Other information:

Jurisdictions of interest to you (other than UK):

Message us on WhatsApp (calling not available)

Please note that Collyer Bristow provides this service during office hours for general information and enquiries only and that no legal or other professional advice will be provided over the WhatsApp platform. Please also note that if you choose to use this platform your personal data is likely to be processed outside the UK and EEA, including in the US. Appropriate legal or other professional opinion should be taken before taking or omitting to take any action in respect of any specific problem. Collyer Bristow LLP accepts no liability for any loss or damage which may arise from reliance on information provided. All information will be deleted immediately upon completion of a conversation.

I accept Close

Scroll up
ExpandNeed some help?Toggle

< Back to menu

I have an issue and need your help

Scroll to see our A-Z list of expertise

Get in touch

Get in touch using our form below.

    Business Close
    Private Wealth Close
    Hot Topics Close