Skip to main content

Data Protection Week 2026: Beyond the dry legal updates

·3 mins
Privacy Culture Employee Engagement Workshop Facilitation Data Protection Day Privacy by Design AI Ethics

As we gear up for Data Protection Week 2026, our diverse schedule of interactive sessions, ranging from Lego® Serious Play® to AI ethics, shows that data protection has evolved far beyond a legal box-ticking exercise.

Data Protection Week 2026

If you still think data protection is strictly the domain of legal professionals, a look at our schedule for Data Protection Week 2026 might change your mind. The week centres around Data Protection Day (or Data Privacy Day if you prefer to use the more US-centric term) that occurs each year on 28 January.

While compliance is the baseline, the real work happens in culture, design, and human behaviour. During the week around 28 January 2026, companies are moving away from dry legislative updates and asking Purpose and Means to facilitate sessions that drive real engagement.

Here is a taste of what we have lined up so far:

  • Building culture with Lego®: We are running a half-day workshop for a UK financial services company where the data protection leader gathers her team online across 30+ European entities. Instead of PowerPoint, we are using Lego® Serious Play® to establish a cohesive team identity and visualise what “working well” actually looks like.

  • Real Lives, Real Stories: The events/cases that contributed, or triggered the need for specific data subject rights (right to access, right to be forgotten, right to data portability, etc)

  • Navigating AI ethics: We are helping employees at a US medical devices corporation address risks in the workplace and in their personal lives with a targeted session on recognising and avoiding AI deception.

  • Embedding Privacy by Design: We are facilitating an interactive Miro session for a US healthcare company, ensuring privacy considerations are baked into the architecture of a fictitious digital health app. I’m hoping to get the scope signed off this week so I can begin developing the Miro board.

  • Strategic horizon scanning: We’ll be updating a European financial services company through a strategic review of the significant shifts of 2025 and helping them prepare for what’s coming in 2026.

Don’t limit awareness to one week (let alone one day)

I always say to data protection leaders that this annual event is a tremendous opportunity for them to kick-off their strategy or plan for the coming year, and ideally it’s the start of a cadence of employee engagement activities that should run throughout the year - not just on one day.

We still have a limited number of slots available during Data Protection Week. However, data protection or privacy culture isn’t built in five days.

Why not schedule a session before or after the rush? Whether you need to develop a compelling theme, deliver a keynote, or run an interactive workshop, Purpose and Means is ready to help you take data protection beyond the legal department and into the heart of your business.

Contact us today to book a call to get some ideas for your session.

Author
Tim Clements
Tim Clements is Business Owner of Purpose and Means, a data protection and GRC consultancy based in Copenhagen, operating globally. He helps data protection and GRC leaders simplify complexity into actionable strategies, providing tools, training, and support to engage and influence across the organisation. Tim is a Chartered Fellow of the BCS (British Computer Society).

Browse by Topic

access controls accountability accountability frameworks ai act ai ethics ai governance ai infrastructure sovereignty ai literacy ai regulation article 12 article 13 article 22 article 25 article 28 article 30 article 32 article 35 article 46 article 5 article 6 article 7 audit and assessment automated decision-making awareness awareness campaigns behaviour change beyond legal board level board reporting case law change management chief people officer cloud infrastructure compliance monitoring consent cookie compliance cross-border transfers customer success dark patterns data accuracy data breach notification data flows data mapping data minimisation data processing agreements data protection data protection by design data protection culture data protection day data protection hero data protection leader data quality data residency data retention data science data sovereignty data subject rights datatilsynet deceptive design design thinking direct marketing dora dpia education employee data employee engagement enterprise architecture eprivacy esg executive communication external legal counsel finance and banking gdpr gdpr at 10 generative ai governance grc healthcare horizon scanning hr and data protection hr and employment incident response information security intellectual property internal communications international transfers lawful basis leadership lego serious play machine learning marketing nis2 passwords privacy by design privacy culture product management profiling public sector purpose limitation quantum computing records of processing regulatory guidance risk management risk reduction ropa sales security software development special category data standard contractual clauses strategic planning sub-processors supply chain sustainability system design third-party risk training design transparency trend radar ux design vendor management visual communication weak signals workshop facilitation

Related Posts