Skip to content

General Data Protection Regulation (GDPR)

Data protection relates to how all organisations collect, use, and store personal and sensitive data. That includes the government, companies, service providers and anyone who manages data.

Data protection legislation, which includes the General Data Protection Regulation (GDPR), aims to help prevent data misuse and inflicts penalties on those in breach of the law.

Our Data Protection Online Training Course will help your employees understand what personal and sensitive data are, why they need protection, and how to comply with the GDPR.
Start your trial Course details
  • 30 Minutes
  • All staff

Learning objectives

  • Distinguish between non-personal, personal and special category ('sensitive') data
  • Recognise how our Company complies with the General Data Protection Regulation (GDPR) and other data protection legislation
  • Take appropriate action to safeguard personal and special category data
  • Identify how and when to report breaches

    What can you expect your employees to learn?

Introduction

What is Data Protection?

  • You decide: The importance of data protection
  • You decide: Breaches of data protection law
  • Crossing the line: Breaches of data protection law
  • Who is involved in data protection?
  • Personal data
  • Special category ('sensitive') data
  • You decide: Types of data


Data protection legislation

  • The GDPR
  • Rights of the data subject
  • Scenarios: Rights of the data subject

The data protection principles

Principle: Lawfulness, fairness & transparency

  • Lawful bases
  • Lawful basis: Consent
  • Scenario: Getting consent
  • Scenario: A customer withdraws consent
  • Scenario: Passing on contact details
  • Lawful basis: Legitimate interests
  • Legitimate interest assessments
  • You decide: LIAs
  • Documenting & reviewing LIAs
  • Data protection impact assessments

Principle: Data limitation

  • Scenario: An offer for a new service
  • Scenario: Contacting customers' connections

Principle: Data minimisation

  • Scenario: Information from job applicants
  • Scenario: Information from customers

Principle: Accuracy

  • You decide: Keeping data accurate & updated

Principle: Storage limitation

  • Scenario: Retaining job applicants' details
  • Scenario: Keeping details of former customers

Principle: Security, integrity & confidentiality

  • International transfers of personal data
  • Scenario: Gina's data transfer
  • You decide: Are additional safeguards required?

Data subject access requests

  • Dealing with DSARs
  • You decide: Is it a valid DSAR?

Personal data breaches

  • Scenarios: Personal data breaches
  • Notification of breaches
  • Scenario: Stolen data

Accountability & governance

  • Records of processing activities
 

Penalties

  • Crossing the line: Further breaches of data protection law

Your responsibilities

Summary

Affirmation

Assessment

Start your compliance e-learning journey with a free trial

Our no-obligation free trial gives you access to our libraries and compliance platform. 

Ready to start your free trial? Complete the form, and a member of the Skillcast team will be in touch with further details.

Your questions, answered

Data Protection (GDPR)

Common FAQs

Where can I track incidents involving personal data?

Tools such as a Data Breach Register enable you to log, track, and respond to data breaches and similar incidents efficiently. Skillcast offers this tool, making it easy to document and manage incidents in line with compliance requirements.

How can I ensure that employees formally attest to our internal Data Protection Policy?

Our Policy Hub tool allows you to easily assign policies, track when employees read them, and capture their attestation with a simple digital acknowledgement. The tool also provides automated reminders to employees who haven't yet acknowledged the policy, ensuring full compliance and a clear audit trail.

What makes a password secure?

A secure password is long (ideally 12+ characters), contains a mix of letters, numbers, and symbols, and avoids obvious choices like names, birthdays, or simple sequences.

What is a passphrase, and is it better than a password?

A passphrase is a string of unrelated words (e.g., "BlueMonkeySkyLadder!") that's easier to remember but harder to crack. It’s often more secure and user-friendly than traditional complex passwords.

How can organisations help staff manage secure passwords?

Encourage the use of password managers, provide cybersecurity training, and implement policies that support strong, unique password creation.

Are Skillcast courses SCORM-compliant?

Yes. This means they can be delivered via the Skillcast Portal or any other SCORM-compliant Learning Management System.

What other tools are needed beyond training?

A comprehensive compliance solution often needs more than just training. Alongside e-learning, tools like declarationssurveys, and registers that track compliance tasks are usually essential. Skillcast provides full support to help you set up these additional tools.

Is our training content still compliant with the latest legislation?

  • You can check the latest course content updates in our library updates page: https://www.skillcast.com/compliance-course-library-updates
  • For major legislative changes, we:
    • Will send you email alerts to ensure you are notified
    • Offer you a free trial of newly created or updated content
    • Host webinars with compliance experts to explain the changes and how our training supports your ongoing compliance

Can you translate our content into other languages?

Yes, we offer translations in a wide range of languages. Let us know your needs, and we’ll confirm availability or work with you to plan translations for your selected modules.

What file types are supported by the Skillcast system?

Features

Supported file types and details

File Exchange

File types: PDF, Excel spreadsheets, Word documents, SCORM and xAPI files, and compressed zip files. Max file size: Default is 1GB, can be increased to a max of 2GB

SCORM files

Versions: SCORM 1.2, SCORM 1.2 for Moodle, SCORM 2004 2nd, 3rd and 4th Edition. Max file size: 1024MB

xAPI file

Max file size: 2GB

Videos

File types: MP4 or MOV. Videos must be optimised, with a max file size of 100MB. If the file is bigger, our Design Team can help

Images

File types: jpg, png and gif. The file size should ideally be 100KB, but it can be up to 250KB

CPD evidence

File types: Word, PDF, Excel and CSV. File size: the limit should be whatever the portal config option is set to. Servers are set to max 2GB

Policy documents

PDF or Word File size: the limit should be whatever the portal config option is set to. Servers are set to max 2GB

Offline activities evidence

File types: PDF, DOC, DOCX, XLS, XLSX, CSV, PNG, GIF, JPEG, JPG, PPTX and MSG. File size: the limit should be whatever the portal config option is set to. Servers are set to max 2GB

Client logo files

File types provided by client: EPS, PDF, AI and SVG

Registers

PDF, DOC, DOCX, XLS, XLSX, CSV, PPT, PPTX, POT, PPA, PPS, JPG, JPEG, PJEPG, PNG, BMP, GIF, MP4, MOV, WMV, CPTX, CP, TXT, ZIP and MSG files

Declarations

JPG, JPEG, PNG, GIF, XLS and XLSX files

 

Related courses

Boost your compliance efforts with our range of courses. Varying in length and topic, our courses equip you with the tools to create an ethical and resilient workplace.

Data Protection

Data protection relates to how all organisations collect, use, and store personal and sensitive data.

Read more

In-depth 45 Minutes Data Protection (GDPR) All staff

Data Protection

Data protection relates to how personal and sensitive data is collected, used and stored by all organisations.

Refresher 15 Minutes Data Protection (GDPR) All staff

Privacy and Electronic Communications Regulations (PECR)

PECR are new regulations that, along with the GDPR and Data Protection Act 2018 (in the UK), give consumers specific rights in respect of electronic communications.

Express 15 Minutes Data Protection (GDPR) All staff

Understanding the GDPR

Bring "Understanding the GDPR" online learning to life using animation characters and storylines.

Microlearning 5 Minutes Data Protection (GDPR) All staff

Personal Data Breaches

Bring "Personal Data Breaches" online training to life using animation characters and storylines.

Microlearning 5 Minutes Data Protection (GDPR) All staff

Data Protection Impact Assessments

Bring "Data Protection Impact Assessments" online training to life using animation characters and storylines.

Microlearning 5 Minutes Data Protection (GDPR) All staff

Controllers and Processors

The differences between data controllers and data processors are crucial to understanding data protection obligations.

Microlearning 5 Minutes Data Protection (GDPR) All staff

Special Category Data

In many workplaces, sensitive data, including special category data, is collected and requires extra care.

Microlearning 5 Minutes Data Protection (GDPR) All staff

GDPR Principle 1

The first principle of the GDPR requires that personal data must be processed lawfully, fairly and transparently.

Microlearning 5 Minutes Data Protection (GDPR) All staff

GDPR Principle 2

The second principle of the GDPR, purpose limitation, requires that personal data be collected for specified, explicit and legitimate purposes.

Microlearning 5 Minutes Data Protection (GDPR) All staff

GDPR Principle 3

The third principle of the GDPR, data minimisation, requires that personal data collected must be adequate, relevant and limited to what is necessary.

Microlearning 5 Minutes Data Protection (GDPR) All staff

GDPR Principle 4

The fourth principle of the GDPR, accuracy, requires that personal data must be correct, up to date and not misleading.

Microlearning 5 Minutes Data Protection (GDPR) All staff

GDPR Principle 5

The fifth principle of the GDPR, storage limitation, requires that personal data be retained only for as long as necessary for its intended purpose.

Microlearning 5 Minutes Data Protection (GDPR) All staff

GDPR Principle 6

The sixth principle of the GDPR, integrity and confidentiality, requires that personal data be protected against unauthorised access, loss or damage.

Microlearning 5 Minutes Data Protection (GDPR) All staff

GDPR Principle 7

The seventh principle of the GDPR, accountability, requires organisations to take responsibility for compliance and demonstrate good governance in data protection.

Microlearning 5 Minutes Data Protection (GDPR) All staff

GDPR and Consent

Consent is one of the six lawful bases for processing personal data under the GDPR, requiring individuals to give clear, informed and voluntary agreement.

Microlearning 5 Minutes Data Protection (GDPR) All staff

GDPR Lawful Bases for Processing

The General Data Protection Regulation (GDPR) requires organisations to have a lawful basis for processing personal data, chosen from six legal grounds.

Microlearning 5 Minutes Data Protection (GDPR) All staff

GDPR Legitimate Interests

Legitimate interests is a flexible lawful basis for processing personal data, but it requires balancing business needs with individuals' rights.

Microlearning 5 Minutes Data Protection (GDPR) All staff

GDPR International Transfers

The international transfer of personal data is restricted to ensure individuals' privacy rights are protected when data is sent abroad.

Microlearning 5 Minutes Data Protection (GDPR) All staff

GDPR Individual Rights

The General Data Protection Regulation (GDPR) grants individuals eight specific rights over their personal data, ensuring transparency and control.

Microlearning 5 Minutes Data Protection (GDPR) All staff

GDPR Subject Access Requests

Individuals have the right to access their personal data and organisations must respond to subject access requests (SARs) within legal timeframes.

Microlearning 5 Minutes Data Protection (GDPR) All staff

Legitimate Interest Assessments

When relying on legitimate interests as a legal basis for processing personal data, you are taking on additional responsibility for protecting people's rights and interests.

Express 10 Minutes Data Protection (GDPR) All staff

PCI Data Security Standard

PCI Data Security Standard (PCI-DSS) is the information security standard for organisations that process credit card payments.

In-depth 60 Minutes Data Protection (GDPR) All staff