This eLearning course provides comprehensive training on the General Data Protection Regulation (GDPR) as it applies in the UK through the UK GDPR and the Data Protection Act 2018. The GDPR represents a significant strengthening of data protection law, imposing substantial obligations on organisations that process personal data and granting enhanced rights to individuals. Every employee who handles personal data needs to understand their responsibilities under the legislation.
The course begins by explaining the key concepts of data protection, including the definition of personal data, special category data, data controllers, and data processors. It covers the seven principles of data protection — lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; and accountability — and explains how these principles apply in practice.
The training addresses the rights of individuals under GDPR, including the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, and the right to object. It covers the lawful bases for processing personal data, including consent, legitimate interests, and contractual necessity, and explains when each is appropriate. The course also covers the specific requirements around data breach notification, including the obligation to notify the Information Commissioner's Office within 72 hours of becoming aware of a breach that poses a risk to individuals.
The course provides practical guidance on complying with GDPR in day-to-day work, including data handling best practices, the importance of privacy by design, and the requirement to conduct data protection impact assessments for high-risk processing activities. Upon completion, learners will understand their obligations under GDPR and be able to handle personal data in compliance with the law.
