Skip to main content

Reflections on Data Protection Week: nine events, at least two thousand attendees, and one flu

·3 mins
Data Protection Day Training Design Workshop Facilitation Awareness Campaigns Visual Communication

Nine events, 2,000 attendees, interactive content, and a flu battle. Data Protection Week pushed preparation, technology, and resilience to the limit.

Various pieces of content created by Purpose and Means

Various pieces of content created by Purpose and Means

This year’s Data Protection Week has been a marathon.

Not just one event. Not just a couple of PowerPoints.

Nine different topics, covering everything from KSA data protection law to AI deception, ESG, personal data breaches, and the nuances of controller/processor relationships within the same group of companies.

Not just talks, either. Interactive books, videos, policy packs, dilemmas (branching scenarios), multiple formats, multiple languages.

And, of course, just to keep things interesting, halfway through the week, I went down with flu :-(

This meant I had to integrate several extended naps in between sessions, so yes, I was definitely napping on the job.

Content creation at scale (with a side of coughing) #

This kind of work isn’t just about sitting in front of a mic and webcam and talking for an hour.

It’s about months of preparation. It’s about making complex topics engaging. It’s about knowing that no one wants to sit through another dull compliance session.

So, I invested in new tools. New platforms. New ways to make content stick.

The goal? To make data protection feel relevant. To make privacy something people actually want to understand, not something they just endure.

And from the client feedback, it worked.

Technology, the unsung hero (or villain?) #

Over the years, I’ve learned a painful truth: when you need tech to work, that’s usually when it fails.

  • PowerPoint freezes.

  • Videos don’t play.

  • Slides don’t load.

So, I kept it simple. No fancy animations. Just a straightforward PDF when presenting the live sessions. (Thanks, Dylan Jones, for that tip many years ago. Still a lifesaver.)

And the PDF version of the slide contain few words, but lots of great visuals that I craft myself, and I absolutely love doing.

And it worked. No crashes, no panicked reboots. Just clear, uninterrupted delivery.

Reaching thousands (even while running on Paracetamol) #

I don’t know the actual total number of attendees across all sessions, but it’s in the region 3.000-4.000.

One client alone had a 1,000-person Teams limit per session and they could not get more people in. We ran two sessions on the Tuesday, one early-ish in the morning for EMEA & APAC, and one late afternoon for EMEA & Americas. So that was 2.000 for just one client.

The other clients? At least a few hundred for each client here and there.

The scale of engagement is clear. People care about this stuff. Not because they have to, but because they need to.

“Data Protection Day should be every day” #

A lot of people say this. And they’re right.

Which is why this kind of work isn’t just for one week a year.

It’s about continuous engagement. Making sure privacy, AI, and data protection aren’t just a box-ticking exercise. Embedding them into companies operational procedures and changing mindsets from top to bottom.

That’s exactly what my virtual comms service is designed to do.

So if you want to take data protection beyond just an annual event, let’s talk.

Because compliance isn’t just about rules. It’s about trust. And trust is built every day.

Author
Tim Clements
Tim Clements is Business Owner of Purpose and Means, a data protection and GRC consultancy based in Copenhagen, operating globally. He helps data protection and GRC leaders simplify complexity into actionable strategies, providing tools, training, and support to engage and influence across the organisation. Tim is a Chartered Fellow of the BCS (British Computer Society).

Browse by Topic

access controls accountability accountability frameworks ai act ai ethics ai governance ai infrastructure sovereignty ai literacy ai regulation article 12 article 13 article 22 article 25 article 28 article 30 article 32 article 35 article 46 article 5 article 6 article 7 audit and assessment automated decision-making awareness awareness campaigns behaviour change beyond legal board level board reporting case law change management chief people officer cloud infrastructure compliance monitoring consent cookie compliance cross-border transfers customer success dark patterns data accuracy data breach notification data flows data mapping data minimisation data processing agreements data protection data protection by design data protection culture data protection day data protection hero data protection leader data quality data residency data retention data science data sovereignty data subject rights datatilsynet deceptive design direct marketing dora dpia education employee data employee engagement enterprise architecture eprivacy esg executive communication external legal counsel finance and banking gdpr gdpr at 10 generative ai governance grc healthcare horizon scanning hr and data protection hr and employment incident response information security intellectual property internal communications international transfers lawful basis leadership lego serious play machine learning marketing nis2 privacy by design privacy culture product management profiling public sector purpose limitation quantum computing records of processing regulatory guidance risk management risk reduction ropa sales security software development special category data standard contractual clauses strategic planning sub-processors supply chain sustainability system design third-party risk training design transparency trend radar ux design vendor management visual communication weak signals workshop facilitation

Related Posts