DATA PRIVACY AND PROTECTION

THE PROTECTED FRAMEWORK

INTRODUCTION

Handling data about people carries legal duties, ethical judgement, and real world consequences. Organisations rely on data to operate, analyse, and plan, but misuse can cause harm to individuals and serious damage to trust, reputation, and compliance standing.

This one day course introduces the PROTECTED framework, a practical structure for understanding and applying data protection responsibilities in everyday work. The session focuses on lawful use of data, safeguarding responsibilities, ethical judgement, governance, and accountability under the UK GDPR and Data Protection Act 2018.

Participants will work through real scenarios involving personal, de identified, and anonymous data. They will learn how to assess lawful purposes, understand data origin and quality, classify data correctly, manage sharing and transfers, and meet enforceable obligations through clear documentation.

This John Varlow | Training and Consultancy course will cover:

 ✔ Understanding why data privacy matters and the risks of misuse
 ✔ Applying the PROTECTED framework to real data use scenarios
 ✔ Identifying lawful, fair, and transparent purposes for using data
 ✔ Understanding individual rights and organisational responsibilities
 ✔ Assessing data origin, provenance, and quality
 ✔ Building and maintaining trust through transparency and good practice
 ✔ Recognising ethical and unethical data use beyond legal compliance
 ✔ Classifying data by identifiability and applying appropriate controls
 ✔ Sharing and transferring data safely within and across borders
 ✔ Understanding enforcement, individual rights, and the role of the ICO
 ✔ Meeting accountability requirements through effective documentation


COURSE OBJECTIVES

By the end of this one day course, participants will:

✔ Understand the legal framework governing data protection in the UK
 ✔ Apply the PROTECTED framework when using or sharing data
 ✔ Identify appropriate lawful bases for data processing
 ✔ Recognise different categories of data and associated risks
 ✔ Assess whether data use is fair, transparent, and ethical
 ✔ Understand roles such as Controller, Processor, DPO, and IAO
 ✔ Manage data sharing and international transfers responsibly
 ✔ Demonstrate accountability through records, notices, and governance


TRAINING METHODOLOGY

This course is interactive and scenario based, combining explanation with applied exercises. Participants will:

✔ Work through realistic case studies drawn from health, research, and public sector settings
 ✔ Classify datasets and assess identifiability risks
 ✔ Practice evaluating lawful basis and purpose limitation
 ✔ Discuss ethical dilemmas and reputational risks
 ✔ Explore governance tools such as the Five Safes model
 ✔ Review how enforcement and documentation work in practice

By the end of the session, participants will be able to apply data protection principles confidently within their own organisational context.


WHO SHOULD ATTEND?

This course is suitable for anyone who accesses, analyses, manages, or shares data about people. It is particularly relevant for:

✔ Data analysts and researchers
 ✔ Managers and decision makers using reports or dashboards
 ✔ NHS, public sector, and local authority staff
 ✔ Information governance and compliance professionals
 ✔ Project leads working with external data partners
 ✔ Anyone responsible for approving or requesting data access

Pre requisites:

 ✔ No technical background required
 ✔ No prior legal knowledge assumed


COURSE OUTLINE

1. Why Data Privacy Matters

 ✔ Risks of misuse and real world harms
 ✔ Trust, dignity, and public confidence
 ✔ Overview of UK GDPR and Data Protection Act 2018

2. The PROTECTED Framework Overview

 ✔ How the framework supports safe data use
 ✔ Linking daily practice to legal and ethical duties

3. P – Purposes

 ✔ Lawful bases for processing personal data
 ✔ Consent, contracts, public task, legal obligation, and legitimate interests
 ✔ Purpose limitation and privacy notices
 ✔ Operational and analytical uses of data

4. R – Responsibilities

 ✔ Roles and accountability under GDPR
 ✔ Controllers, processors, joint controllers, and DPOs
 ✔ Individual rights and organisational duties
 ✔ The Five Safes model for governing data use

5. O – Origin

 ✔ Understanding where data comes from and why it was collected
 ✔ Data quality, provenance, and linkage
 ✔ Impact of pre processing and de identification

6. T – Trust

 ✔ Transparency and communication with stakeholders
 ✔ Building and maintaining public confidence
 ✔ Managing concerns, complaints, and media scrutiny

7. E – Ethics

 ✔ Legal does not always mean ethical
 ✔ Identifying potential harm and stigma
 ✔ Ethical decision making in data projects

8. C – Categories

 ✔ Personal, pseudonymised, de identified, and anonymous data
 ✔ Spectrum of identifiability
 ✔ Applying appropriate safeguards and controls

9. T – Transfer

 ✔ Sharing data safely within organisations
 ✔ International data transfers and impact assessments
 ✔ Contracts, permissions, and security measures

10. E – Enforce

 ✔ The seven GDPR principles
 ✔ Role and powers of the ICO
 ✔ Data protection impact assessments

11. D – Document

 ✔ Accountability and record keeping
 ✔ Registers, privacy notices, and audit evidence
 ✔ Why documentation protects both organisations and individuals


DURATION

⏳ 1 Day

This course provides a clear and practical grounding in data privacy, giving participants the confidence to use data responsibly while meeting legal, ethical, and organisational expectations.


CERTIFICATION

Upon successful completion of this course, participants will receive a John Varlow | Training and Consultancy Certificate of Completion.