Online or Classroom

Every course purposefully designed

Data Breach Management – When the Big One Hits

When a major data breach hits, it rarely arrives with warning and the consequences can be far-reaching. Customer trust is shaken, operations are disrupted, regulators demand answers, and the clock starts ticking on decisions that can define an organisation’s reputation for years to come. In these moments, preparation is not optional; it is critical.

Data Breach Management is about far more than an IT response. It requires clear leadership, coordinated decision-making, legal and regulatory awareness, effective communication, and the ability to act decisively under pressure. Organisations that have planned and practised their response are measurably better at containing damage, meeting legal obligations, and maintaining stakeholder confidence when the worst happens.

Data Breach Management – When the Big One Hits equips leaders and response teams with the practical skills, frameworks, and confidence to manage a serious data breach end-to-end. By understanding what to do, who needs to be involved, and how to make the right calls at speed, organisations can move from reactive crisis to controlled response—protecting their people, their data, and their reputation when it matters most.

By the end of this workshop you will be able to:

•    identify what constitutes a personal data breach and assess when notification obligations arise
•    respond appropriately to a personal data breach in line with ICO and other relevant regulatory expectations
•    manage communications (internal and external) and the media
•    support and advise senior management on breach preparedness and risk mitigation strategies
•    implement practical preparatory measures, including incident response planning and internal escalation processes
•    maintain and use an internal personal data breach register effectively to demonstrate accountability and compliance
•    improve cyber resilience

Key Topics

  • The definition of a personal data breach and the types of incidents that give rise to notification obligations
  • The steps organisations should take following a personal data breach, including regulatory expectations of the ICO and other relevant supervisory authorities
  • Preparatory actions organisations should be implementing now, including strategies for securing senior management engagement and support
  • Incident response planning and practical opportunities to mitigate legal, operational, and reputational risk
  • The requirement to maintain an internal personal data breach register and guidance on how to manage it effectively
  • How to improve cyber resilience
  • How to implement their Business Continuity Plan in the event of a large breach
  • Managing communications (internal and external) and the media in event of a large breach
  • Mitigating risks of dealing with data on the dark web and ransomware groups
  • Managing contact from thousands of data subjects who may have been affected

Dates & Cost

Online

£449 plus VAT

Classroom

£499 plus VAT

Timings: 10am to 4pm

 
Date: 19 May 2026
Location: Online
BOOK
Date: 09 Jul 2026
Location: Online
BOOK
Date: 30 Sep 2026
Location: Online
BOOK
Date: 01 Dec 2026
Location: Online
BOOK
More dates
Advanced search
Download Flyer
Download Flyer

Course tutors

All our associates are experienced information governance professionals who have been training and advising in this field for many years.

  • Philip Jones

    Course Tutor


    Philip has 40 years of information management experience in the public and private sectors both as a practitioner and at a senior management level. He was Head of Information Governance at Staffordshire Council. Philip holds a masters degree in information management and an MBA. He is a senior associate for Act Now and Chair of the Exam Panel.

  • Scott Sammons

    Course Tutor


    Scott is an information governance specialist with over 15 years of experience. He has delivered a number international projects for Act Now Training and is a senior tutor on the Advanced Certificate in GDPR Practice. His previous roles include European Data Protection Lead for a bank and GDPR Implementation lead for a council. He is a former Chair of the IRMS.

  • Susan Wolf

    Course Tutor


    Susan holds a judicial position as a Fee Paid Member of the Upper Tribunal (Information Rights). She spent ten years teaching the LLM in Information Rights Law at Northumbria University and developed their Postgraduate Certificate in Data Protection Law and Information Governance. Susan is one of the senior curriculum developers for Act Now Training.

  • Lynn Wyeth

    Course Tutor


    Lynn is the Head of Information Governance for a large local authority and has over 20 years of experience as a practitioner. She holds a post graduate diploma in Information Rights, the CISMP certificate and is an accredited HSCIPP privacy practitioner. She is the author of two books and is currently undertaking a PhD. Her experience is across GDPR, FOI and RIPA.

  • Iain Harrison

    Course Tutor


    Iain is currently an Information Governance Risk Manager for a large local authority and has over 20 years of experience. He has been delivering training for Act Now for over 7 years in GDPR and FOI for public, private and charitable organisations. His extensive experience in planning and implementation of Information Rights legislation allows him to bring training sessions to life.

  • Kirsty Squires

    Course Tutor


    Kirsty is currently a DPO for a number of local authorities and has over 15 years of experience in Data Governance. She has led the IG Project Team on transformation projects to deliver local government restructure in Northamptonshire, dealing with issues including information sharing, data protection by design and leading on training and policy development.

  • Naomi Matthews

    Course Tutor


    Naomi is a local authority lawyer and holds a judicial position as a Fee Paid Member of the Upper Tribunal (Information Rights). She has extensive experience in all areas of information compliance and RIPA. Her training has been commended by RIPA inspectors and her advice has helped many local authorities understand the law and practicalities of covert surveillance.

  • Suzanne Ballabás

    Course Tutor


    Suzanne Ballabás, is a privacy professional with over ten years of practical experience in implementing privacy practices across various international organisations, in addition to acting as a compliance officer for multiple regulated entities within the UAE’s financial districts of DIFC and ADGM.

  • Olu Odeniyi

    Course Tutor


    Olu Odeniyi is a Cyber Security, Information Security and Digital Transformation Trusted Advisor who has 30 years' experience helping organisations maximise gain from technology solutions, including optimisation of business operations and processes. During this time, Olu held several key senior leadership, strategic and operational positions, in the public and private sectors.

  • Robert Bateman

    Course Tutor


    Robert Bateman is a trainer and writer specialising in privacy, data protection, security, and AI. He is a respected voice on privacy and has been writing, researching, and leading conversations in the field since 2017.

  • Craig Geddes

    Course Tutor


    Craig is a qualified archivist and records manager, with 28 years experience working across the range of information governance activities. He has worked for several Scottish local authorities as Archivist, Records Manager, and Senior Information and Improvement Officer.

What our clients say about us

    I would highly recommend the GDPR Practitioner Course. The Tutor was extremely knowledgeable and gave plenty of chance for group conversation or individual questions. A great course for anyone wanting to expand their knowledge of GDPR and understand putting the principles into practise.
    SL, BCH

    I would highly recommend the GDPR Practitioner Course. The Tutor was extremely knowledgeable and gave plenty of chance for group conversation or individual questions. A great course for anyone wanting to expand their knowledge of GDPR and understand putting the principles into practise.
    SL, BCH

    I learned so much! The course was just the right balance of theory and practical, and was very well delivered.
    CB, CHAS

    The course was very useful as an IG Officer. The trainer was knowledgeable and explained some complex aspects of the legislation using interesting examples and real life scenarios. As a refresher, even with lots of work experience behind me, it was very useful to undertake the Practitioner course. The course materials and handbook are invaluable and I know I will re-use them in conjunction with my usual resources.
    NC, Lincolnshire County Council

    A very practical and all-encompassing coverage of the UK GDPR provided over 4 days. Although 4 days is not enough time to cover this whole subject in depth, there was just enough covered with further resources and links provided within the sessions to cover all aspects of the GDPR to a level at which I now feel a lot more confident in my role. Thank you, Kirsty!
    SW, Norwich University of the Arts