12 Days of Data Protection: Essential UK GDPR Tips

December 19th 2025

Each year, as the festive season approaches, we launch the ‘12 Days of Data Protection’ campaign on LinkedIn – sharing daily data protection tips, reminders, and practical advice for organisations across the UK. This annual tradition is designed to help businesses strengthen their approach to data protection and boost cybersecurity, keeping compliance front of mind during a busy time of year. Whether you followed along this year or are catching up now, here’s a recap of the essential steps to support your organisation’s privacy and security.

12 Days of Data Protection

1. Plan for Absences

Ensure your organisation has data protection cover during holidays. Train additional staff and communicate clearly who to contact for urgent data protection queries.

2. Clean Out Your Emails

Emails often contain personal data. Regularly review your inbox, delete unnecessary messages, and securely store important attachments. Routine email clear-outs help minimise risk and support UK GDPR compliance.

3. Set a Strong Password

Cybersecurity starts with strong passwords. Use at least 12 characters, mixing cases, numbers, and symbols. Never share your password.

4. Beware of Phishing and Quishing

Phishing and ‘quishing’ (phishing via QR codes) are rising threats. Provide regular cybersecurity training so staff can spot and report suspicious activity.

5. Get Rid of What You No Longer Need

Review files and documents for secure deletion/destruction according to your data retention policy. If you don’t have a policy, make it a New Year’s resolution to create one.

6. Remember to BCC

Protect privacy by using BCC for group emails. This simple step helps prevent accidental data breaches.

7. New Year, New Data Protection Law

With the Data (Use and Access) Act now in force, stay updated with ICO guidance and review your compliance practices regularly.

8. Know What to Do in the Event of a Data Breach

Log all breaches internally, even if not reportable to the ICO. Ensure staff know how to recognise and report incidents, and maintain a clear breach process.

9. Have a Clear Desk Policy

Implement a clear desk policy to prevent unauthorised access to sensitive information and support data protection best practices.

10. Ctrl+Alt+Delete

Lock your screen whenever you step away from your desk, and set computers to auto-lock after inactivity. This simple action helps prevent unauthorised access.

11. Know What to Do if You Get a Subject Access Request (SAR)

Under UK GDPR, individuals can request access to their personal data. Staff should know how to recognise SARs and follow a clear process to ensure timely compliance.

12. Boost Your Cybersecurity

Use antivirus software, apply updates, enable multi-factor authentication, back up your data, and monitor third-party access. Strong cyber hygiene is essential for effective data protection.

Looking Ahead

Our ‘12 Days of Data Protection’ campaign was about building habits that last all year. By following these steps, organisations can reduce risk, stay compliant with UK GDPR, and foster a culture where privacy and security are everyone’s responsibility.

Thank you to everyone who engaged with our LinkedIn posts and helped spread the word. Let’s keep the momentum going into 2026!

What’s Next?

In the new year, we’ll be launching a blogpost series dedicated to exploring different types of UK GDPR supporting documentation – what they are, when they’re needed, and how to create them effectively.

Get In Touch

If you’re a cultural organisation looking for tailored support, plain English policies, or practical training that empowers your team, we’d love to help. Get in touch for a free 30-minute consultation.

Leave a Reply