Description
GDPR Refresher & Cyber Security Awareness
A CPD-certified annual refresher for all staff, combining data protection and cyber security in one short course. Refresh the UK GDPR essentials, sharpen everyday data-handling habits, and stay alert to phishing and the other attacks aimed at your people — in about an hour, fully online.
About this course
Training that only counts if it’s current
Data protection training is not a one-off. The ICO expects staff training to be refreshed regularly — and when a breach happens, one of the first questions asked is when the person involved was last trained. Stale training records are treated much like no training at all. The same logic drives cyber security: phishing and social-engineering attacks target people, not systems, and the tactics change constantly, so awareness has a shelf life.
This course is built for exactly that renewal cycle. In around an hour it refreshes the UK GDPR essentials every member of staff needs — the principles, what counts as personal data, everyday handling and sharing, and what to do in the critical first hours of a suspected breach — and pairs them with practical cyber awareness: spotting phishing in all its current forms, and keeping passwords, devices and home working secure. Data protection and cyber security are two halves of the same risk, and training them together is both cheaper and more effective than running two separate courses.
On passing the short end-of-course assessment, a CPD-certified digital certificate is issued instantly — giving your organisation a fresh, dated training record for every member of staff, every year. Volume licensing makes annual whole-workforce renewals simple, with completion tracking and consolidated invoicing.
What you’ll learn
Learning outcomes
By the end of this course you will be able to:
Recall the UK GDPR principles and what counts as personal and special category data.
Handle, share and dispose of personal data correctly in everyday work.
Recognise a personal data breach and report it fast — the 72-hour clock starts immediately.
Spot phishing, smishing and voice-scam attempts, including AI-polished ones.
Resist social-engineering tactics: urgency, authority and impersonation.
Use strong authentication and keep devices secure in the office, at home and on the move.
Recognise a subject access request and other individual rights, and route them correctly.
Know where your organisation’s policies and reporting routes are when something looks wrong.
Course content
Six short modules — around an hour of learning
Each module ends with a knowledge check. Work through the modules in any order and return to the content at any time during your twelve-month access window.
1Data Protection Essentials, RefreshedThe UK GDPR principles and definitions — back to front-of-mind.⌄
- The data protection principles in one page
- Personal data and special category data — including the edge cases
- Accountability: why your organisation must evidence compliance
- What’s changed recently in guidance and enforcement
- Your personal responsibility as a member of staff
2Personal Data Day to DayHandling, sharing, storing and disposing — the habits that prevent incidents.⌄
- Collecting only what’s needed and keeping it accurate
- Sharing safely: emails, attachments, CC vs BCC
- Retention — why hoarding data is a liability
- Secure disposal of paper and digital records
- Screens, printers and conversations in shared spaces
3Data Breaches: Spotting and ReportingThe first hour matters most — what to do and who to tell.⌄
- What counts as a personal data breach — it’s wider than hacking
- Misdirected emails, lost devices and wrong attachments
- The 72-hour ICO reporting window and why speed matters
- Report, don’t hide: your role in the first hour
- What happens after you report
4Phishing and Social EngineeringToday’s attacks — email, text, phone and QR — and how to catch them.⌄
- Phishing red flags — and why AI has removed the spelling mistakes
- Smishing, vishing and QR-code scams
- Urgency, authority and impersonation tactics — including CEO fraud
- Checking before you click, pay or reset
- Reporting suspicious messages — even after you’ve clicked
5Passwords, Devices and Remote WorkingPractical security for the office, home and everywhere between.⌄
- Strong passwords, password managers and multi-factor authentication
- Locking, updating and looking after work devices
- Home working: networks, shared computers and household ears
- Public Wi-Fi, working on the move and shoulder surfing
- USB sticks, personal devices and approved software only
6Individual Rights and SARs in BriefRecognising a rights request and routing it — fast.⌄
- The rights individuals have over their data
- Recognising a subject access request — it doesn’t have to say “SAR”
- The clock starts when anyone in the organisation receives it
- Routing requests to the right person immediately
- What not to do: deleting, delaying or ignoring
Is this course right for you?
Who should take this course?
Everyone who touches personal data or a work device — which is the whole workforce. It’s designed to be renewed annually across the organisation.
All office staff
Anyone working with emails, documents, spreadsheets or customer records.
Remote & hybrid workers
Staff working from home, where device and network habits matter most.
Customer-facing teams
Sales, service and support staff handling customer data all day.
Finance teams
The prime target for payment fraud and CEO impersonation.
HR & payroll
Handlers of the most sensitive employee data in the business.
Annual renewals
Organisations refreshing all-staff training records every year.
How you’ll be assessed
Assessment
The course is assessed by a single online multiple-choice test taken at the end of the modules. It can be retaken as many times as you need at no extra cost.
End-of-course assessment
Study details
You can pause and resume at any point — your progress is saved automatically. There is no time limit on the assessment itself.
Your certificate
CPD-certified digital certificate
GDPR Refresher & Cyber Security Awareness — CPD Certified
On passing the assessment, your CPD-certified digital certificate is available to download and print immediately, with your name, the course title and completion date. For employers, an annually renewed certificate for every member of staff is exactly the training evidence the ICO, auditors, insurers and client due-diligence questionnaires ask for. Renew every twelve months to keep records current.
Common questions
Frequently asked questions
We did GDPR training when it came in — why train again?⌄
How is this different from the full GDPR course?⌄
Why combine data protection with cyber security?⌄
How long does it take and how long do I have access?⌄
Can we set this up as an annual renewal for all staff?⌄
Ready to enrol?
Keep every training record current with one short annual course. Fully online, self-paced, with your CPD-certified certificate issued instantly on completion.





