Health & Safety Courses

Data Protection & GDPR Awareness Training

The Online Data Protection and GDPR Awareness Training Course is designed to help employees and employers understand their responsibilities when handling personal data — in line with the UK GDPR, the Data Protection Act 2018 and current ICO guidance.

Accredited by CPD certified

CPD accredited — recognised UK-wide
Instant digital certificate the moment you pass
Around 30 minutes · learn at your own pace, any device
Free unlimited retakes until you pass

Duration Around 30 mins

Modules 12 modules

Pass mark 80% · free unlimited retakes

Certificate Instant digital certificate

Accreditation CPD

Format 100% online

Level Awareness

Assessment Multiple-choice

Course overview

Understand your data protection responsibilities

The Online Data Protection and GDPR Awareness Training Course is designed to help employees and employers understand their responsibilities when handling personal data. The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 set out strict rules on how personal information must be collected, stored, used, and shared — and every organisation that processes personal data is required to comply.

Suitable for all UK organisations — including businesses, charities, schools, healthcare providers, local authorities, and sole traders — this course covers the data protection principles, lawful bases for processing, data subject rights, consent, privacy notices, data breaches, and the role of the Information Commissioner's Office (ICO). It is relevant to any employee who accesses, handles, or processes personal data as part of their role, regardless of sector or seniority.

The course is delivered fully online, allowing learners to complete training at their own pace. Upon successful completion, learners receive a digital Data Protection and GDPR Awareness Certificate, accredited by CPD, providing recognised evidence of training.

There are no formal entry requirements for this course. No prior learning, pre-course reading, or previous data protection qualifications are required.

Why take this course?

Data protection failures can result in serious consequences for organisations and individuals alike. The ICO has the power to issue fines of up to £17.5 million or 4% of annual global turnover for the most serious breaches of the UK GDPR. Beyond fines, a data breach can cause lasting reputational damage, loss of customer trust, and significant operational disruption. Most data breaches are caused by human error — an email sent to the wrong person, a lost device, or a failure to follow basic procedures. Effective awareness training is the most practical step an organisation can take to reduce this risk.

This course helps organisations build a culture of data protection awareness and demonstrate the accountability the ICO expects to see.

Learning outcomes

What you'll learn

By the end of this course you will understand how to handle personal data lawfully, securely and in line with the UK GDPR.

✓What the UK GDPR and Data Protection Act 2018 require of organisations and employees
✓The seven key data protection principles and how they apply in practice
✓What constitutes personal data and special category data
✓The six lawful bases for processing personal data
✓Data subject rights — including the right of access, right to erasure, and right to rectification
✓When and how consent must be obtained
✓The role of data controllers, data processors, and Data Protection Officers
✓What constitutes a personal data breach and how to report one
✓The 72-hour breach notification requirement to the ICO
✓Practical steps for protecting personal data in everyday work
✓The consequences of non-compliance, including ICO enforcement and fines

Training you can trust

Accredited, up-to-date and built for the workplace

This data protection and GDPR awareness course is CPD accredited, ensuring it meets recognised standards for quality and relevance. It is developed in line with the UK GDPR, the Data Protection Act 2018, and current ICO guidance, making it suitable for a wide range of job roles and industries. Training material is delivered through structured modules with clear explanations, practical examples, and defined learning outcomes.

✓Accredited by the CPD Certification Service
✓Aligned to the UK GDPR & Data Protection Act 2018
✓Reflects current ICO guidance and good practice

Curriculum

Course content

The course is structured into 12 clear modules, finishing with a short final assessment.

1. Introduction to Data Protection and GDPR

This opening module sets out why data protection matters and how it affects everyone who handles personal information at work. You will learn what the General Data Protection Regulation is, where it came from, and the everyday situations in which it applies. It gives you the foundation needed to understand the more detailed legal rules covered later in the course.

2. Key Data Protection Principles

Here you explore the core principles that underpin all data protection law, including fairness, transparency, accuracy, storage limitation and security. Understanding these principles helps you make sound judgements when collecting, using and storing personal data. They act as a practical checklist for staying compliant in day-to-day tasks across any role or organisation.

3. The UK GDPR and Data Protection Act 2018

This module explains how the UK GDPR works alongside the Data Protection Act 2018 to form the legal framework that governs personal data in the United Kingdom. You will see how these laws fit together and what they require of employers and employees. Knowing this framework helps you recognise your obligations and apply them correctly in a UK workplace.

4. What is Personal Data and Special Category Data

Not all information is treated the same, and this module helps you tell the difference. You will learn how to identify personal data and the more sensitive special category data, such as health, ethnicity or religious belief. Recognising these categories is essential because special category data needs extra care and stronger safeguards whenever it is handled.

5. Lawful Bases for Processing Personal Data

Every use of personal data must have a valid legal reason, and this module covers the six lawful bases available under the UK GDPR. You will learn how to choose the most appropriate basis for a given situation, from consent to legitimate interests. Getting this right is fundamental to lawful processing and protects both your organisation and the people whose data you hold.

6. Data Subject Rights

This module looks at the rights that individuals have over their own personal data, including the right of access, rectification, erasure and objection. You will learn how to recognise these requests and respond to them appropriately and within the expected timescales. Understanding data subject rights helps your organisation treat people fairly and avoid common compliance failures.

7. Consent and Privacy Notices

Consent must be freely given, specific and informed, and this module explains what valid consent actually looks like in practice. You will also learn the purpose of privacy notices and what information they should contain. Together, these tools ensure people understand how their data is used, which builds trust and supports transparent, lawful processing.

8. Data Controllers and Data Processors

This module clarifies the difference between a data controller and a data processor and the distinct responsibilities each one carries. You will learn how these roles apply in real working relationships, including when third parties or suppliers are involved. Knowing where responsibility sits helps you handle contracts, agreements and shared data correctly and lawfully.

9. Data Breaches and Reporting Requirements

Data breaches can happen to any organisation, so this module shows you how to recognise one and what to do when it occurs. You will learn the steps for containing a breach, assessing the risk and meeting the reporting requirements. Acting quickly and correctly can limit harm to individuals and reduce the consequences for your organisation.

10. The Role of the Information Commissioner's Office (ICO)

The ICO is the UK's independent regulator for data protection, and this module explains what it does and how it enforces the law. You will learn about its guidance, its powers and how organisations are expected to work with it. Understanding the ICO's role helps you appreciate the importance of compliance and where to turn for authoritative advice.

11. Data Protection in Practice – Everyday Responsibilities

This module brings the theory together by focusing on the practical habits that keep personal data safe at work. You will learn about secure handling, sensible storage, careful sharing and good password and email practice. These everyday responsibilities turn data protection knowledge into real, consistent behaviour that protects both individuals and your organisation.

12. Final Assessment

The course concludes with a short final assessment that checks your understanding of the key data protection and GDPR topics covered throughout. It confirms that you can apply the principles, rights and responsibilities in everyday situations. Passing the assessment demonstrates your awareness of UK data protection requirements and supports your ongoing compliance.

Assessment & certificate

Pass the assessment, download your certificate

The course concludes with a multiple-choice assessment. The pass mark is 80%, and retakes are included at no extra cost — so you can revisit the material and try again until you pass.

Upon successfully passing the final assessment, you will receive an instant digital Data Protection and GDPR Awareness Certificate confirming CPD accreditation. Certificates are issued immediately upon successful completion and confirm CPD certification. There is no need to wait for anything in the post — your certificate is available to download straight away.

✓80% pass mark · free unlimited retakes until you pass
✓Instant digital certificate, downloadable as a PDF
✓Confirms CPD accreditation for your training records

Who it's for

Who should take this course?

This awareness-level course is suitable for anyone who handles personal data as part of their role, across any sector.

✓Employees who handle, access, or process personal data
✓Managers, supervisors, and team leaders responsible for data handling
✓Office, retail, healthcare, education, and public sector staff
✓HR, finance, marketing, and customer service teams
✓New starters, induction, and annual refresher training
✓Organisations demonstrating GDPR compliance to clients and regulators

For teams

Training your whole team? Mix, match & save.

Buy any combination of our 22 courses in a single order, assign them to staff from your dashboard, and track completion in real time. Every seat counts toward the same total, so the bulk discount applies across your whole order.

10+courses10% off

50+courses20% off

100+courses30% off

500+courses40% off

For managers

Roll out GDPR training across your organisation

Assign Data Protection & GDPR Awareness to every member of staff, mix in any other courses, and let discounts apply automatically based on your total — no quote needed for standard orders.

Assign seats to staff by email, any time
Track who's started, in progress and passed
Download every certificate from one account

25Data Protection & GDPR£14.00 each

15Manual Handling£14.00 each

10Risk Assessment£14.00 each

£560.00£700.0020% off · save £140.00

Buying for a large team? We also do custom quotes, purchase orders and invoicing. Talk to our team →

Pricing

Simple per-learner pricing, bigger savings for teams

A single licence is £14.00. Buy more and the per-course price drops automatically — discounts can be mixed and matched across your entire order.

Quantity	Discount	Price per course
1–9 courses	—	£14.00
10–49 courses	10% off	£12.60
50–99 courses	20% off	£11.20
100–499 courses	30% off	£9.80
500+ courses	40% off	£8.40

Why train with us

Trusted online training the whole team can rely on

Online CPD Academy is a UK provider of accredited online training, helping individuals and businesses meet their legal obligations and keep people safe. Every course is written by subject specialists, independently accredited, and built to be completed online at your own pace.

From a single certificate to training hundreds of staff, our courses are designed to be fast to complete, easy to evidence and genuinely affordable — with the same certificate recognised by employers, insurers and local authorities across the UK.

More about Online CPD Academy →

What you get

✓Accepted by UK employers & local authorities
✓Aligned to the UK GDPR & Data Protection Act 2018
✓Instant digital certificate on completion
✓Learn at your own pace, on any device
✓Free reassessments until you pass
✓UK-based support & outstanding service

Frequently asked

Data protection & GDPR training FAQs

Everything people ask us before buying — all in one place.

Do the course credits expire? +

No — your course credits never expire until they're used. Buy now and assign them to staff whenever you're ready.

What is GDPR awareness training? +

GDPR awareness training teaches employees how personal data must be handled, stored, and processed in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It covers the core data protection principles, what counts as personal data, the rights of data subjects, and what employees must do to keep personal information safe. This is awareness-level training — it gives all staff the knowledge they need to handle data responsibly in their day-to-day work, not to become data protection specialists.

Is GDPR training a legal requirement? +

The UK GDPR does not use the word 'training' explicitly, but Article 39 requires the Data Protection Officer to assign and monitor staff training relating to data protection. More broadly, Article 5(2) — the accountability principle — requires organisations to demonstrate compliance, and the Information Commissioner's Office (ICO) has made clear that appropriate staff training is one of the key measures it expects to see. In practice, if a data breach occurs and you cannot demonstrate that relevant staff were trained, the ICO is likely to treat this as an aggravating factor when determining enforcement action. Training is not optional for any organisation that processes personal data.

What is the difference between the UK GDPR and the Data Protection Act 2018? +

The UK GDPR sets out the core rules for processing personal data — the principles, the rights of data subjects, the obligations on controllers and processors, and the rules on international transfers. The Data Protection Act 2018 sits alongside the UK GDPR and supplements it with UK-specific provisions, including exemptions, rules on law enforcement processing, and the role and powers of the Information Commissioner's Office. Together, the two pieces of legislation form the UK's data protection framework. This course covers both.

What is personal data under the UK GDPR? +

Personal data is any information that relates to an identified or identifiable living individual. This includes obvious identifiers like names, email addresses, phone numbers, and national insurance numbers, but also extends to less obvious data such as IP addresses, location data, online identifiers, and any information that could be combined with other data to identify someone. Special category data — including information about health, ethnicity, political opinions, religious beliefs, biometric data, and sexual orientation — is subject to additional protections. This course explains both categories clearly with practical examples.

What are the data protection principles? +

The UK GDPR sets out seven key principles that govern how personal data must be handled: (1) Lawfulness, fairness, and transparency — data must be processed legally and openly. (2) Purpose limitation — data should only be collected for specified, legitimate purposes. (3) Data minimisation — only collect what is necessary. (4) Accuracy — personal data must be kept accurate and up to date. (5) Storage limitation — data should not be kept longer than needed. (6) Integrity and confidentiality — data must be kept secure. (7) Accountability — organisations must be able to demonstrate compliance. This course covers all seven principles in detail.

What happens if there is a data breach? +

Under the UK GDPR, certain personal data breaches must be reported to the Information Commissioner's Office (ICO) within 72 hours of the organisation becoming aware of the breach. If the breach is likely to result in a high risk to the rights and freedoms of individuals, those individuals must also be notified directly. Failure to report a notifiable breach can result in significant fines. This course explains what constitutes a data breach, how to recognise one, and the steps employees should take if they suspect personal data has been compromised.

Is this course CPD accredited? +

Yes. This course is accredited by the CPD Certification Service, confirming that the content has been independently reviewed and meets recognised standards for structured professional development. A CPD-accredited certificate provides credible, documented evidence of training that can be presented to employers, auditors, clients, and regulators.

Can I complete the course online? +

Yes. The course is delivered entirely online. There are no scheduled sessions, classroom attendance, or booking required — you can start immediately after purchase and complete the training at a time and pace that suits you. You can pause at any point and pick up where you left off, making it easy to fit around a busy working day.

How long does the course take? +

The course takes approximately 30 minutes to complete. There are no time restrictions, so you can work through it at your own speed. This makes it practical for staff induction, annual refresher training, or rolling out GDPR awareness across an entire organisation quickly.

Will I receive a certificate? +

Yes. Upon successfully passing the final assessment, you will receive an instant digital Data Protection and GDPR Awareness Certificate confirming CPD accreditation. The certificate can be downloaded, printed, or stored electronically as part of your training records. There is no need to wait for anything in the post — your certificate is available immediately after you pass.

Does the GDPR Awareness Certificate expire? +

The certificate does not carry a fixed expiry date. However, the ICO expects organisations to provide regular refresher training to ensure staff knowledge remains current. Annual GDPR refresher training is widely considered best practice and is the standard most employers, clients, and auditors expect. Given the low cost and short duration of this course, annual refresher training is a simple and effective way to maintain compliance and demonstrate accountability.

Ready to get certified?

Get GDPR-aware in around 30 minutes

CPD accredited Data Protection & GDPR Awareness training — learn at your own pace and download your certificate the moment you pass.