The ICO exists to empower you through information.

Recordings from the DPPC workshops are now available to watch:


Generative artificial intelligence and data protection: how organisations and their employees can use it appropriately and lawfully

The rise of generative artificial intelligence (GenAI) systems has brought exciting new capabilities, but also data protection risks that organisations and their employees need to be aware of. Employees may share commercially sensitive information with a chatbot, not knowing that the model will use this information for further training. There are also concerns about GenAI systems memorising and exposing private personal information used in training. As employees start leveraging GenAI tools for work, organisations will need clear policies on proper use and oversight to ensure personal information is not misused.

This workshop will provide an overview of how the technology works, as well as the data protection issues with using GenAI, while also offering practical guidance on mitigating risks for both organisations and staff. With the right safeguards, organisations can tap into the promise of GenAI while protecting people’s personal information.



Handling vexatious requests under FOIA

Handling vexatious requests for information can be challenging. This session is designed to support information access practitioners improve their understanding of applying the vexatious requests provision in section 14(1) FOIA. It will include an overview of the key elements of the provision and a practical consideration of good practice and common pitfalls through a series of case examples.



Balancing transparency and empathy in request and complaint handling

This workshop looks at the challenging behaviours presented during the handling of information requests or complaints and creates a case for empathy by examining this behaviour through the lens of vulnerability. It offers some tips to identify and to mitigate the effect of such requests as well as exploring some real-life examples and the choices that we made when handling them.

The examples in the session will be focused on the presenter’s experience handling information rights requests. However, the session will be of value to anyone working in a public-facing role, particularly those handling information rights requests and complaints.



Personal data breaches in the health sector: how to avoid them (and how to deal with them when they happen)

At this session we’ll talk in detail about how to report a breach, explaining what information the ICO needs to assess an incident. We’ll discuss how to contain breaches and mitigate the impact on individuals. We’ll also share tips for avoiding the most common breaches experienced in the health sector, based on incidents reported to us in 2022/23. This session is relevant to those working in the health sector in all parts of the UK.