020 3026 4629 4.7 rated on Google
CPD Certified

GDPR Refresher & Cyber Security Awareness (Annual)

Annual all-staff refresher combining UK GDPR essentials with practical cyber security awareness — one short course, two current training records.

Around 1 hour

Overview

One hour a year that keeps every training record current

When a data breach is investigated, one of the first questions is simple: when was this person last trained? Training from years ago carries little weight — the ICO expects it to be refreshed regularly, and the threats themselves have moved on. Phishing no longer announces itself with spelling mistakes; it arrives AI-polished, by text and QR code as often as email, and it targets people rather than systems.

This refresher keeps the whole workforce current in about an hour. It brings the UK GDPR essentials back to front-of-mind — the principles, personal data in everyday work, and what to do in the critical first hour of a suspected breach — then pairs them with the cyber habits that prevent most incidents in the first place: spotting today’s phishing and social-engineering tactics, and keeping passwords, devices and home working secure. Data protection and cyber security are two halves of the same risk, so one short course covers both training records at once.

Pass the short closing assessment and a CPD-certified certificate is generated straight away — a fresh, dated record for every member of staff, every year. Volume licensing makes the annual whole-workforce renewal simple, with completion tracking and consolidated invoicing.

CPD Certified
Fully Online
Around 1 Hour
Annual All-Staff Renewal

What you’ll learn

What you’ll be able to do

By the end of this course you will be able to:

Recall the UK GDPR principles and what counts as personal and special category data.

Handle, share and dispose of personal data correctly in everyday work.

Recognise a personal data breach and report it fast — the 72-hour clock starts immediately.

Spot phishing, smishing and voice-scam attempts, including AI-polished ones.

Resist social-engineering tactics: urgency, authority and impersonation.

Use strong authentication and keep devices secure in the office, at home and on the move.

Recognise a subject access request and other individual rights, and route them correctly.

Know where your organisation’s policies and reporting routes are when something looks wrong.

Course content

Six short modules to work through

Each module ends with a knowledge check. Work through the modules in any order and return to the content at any time during your twelve-month access window.

1Data Protection Essentials, RefreshedThe UK GDPR principles and definitions — back to front-of-mind.
  • The data protection principles in one page
  • Personal data and special category data — including the edge cases
  • Accountability: why your organisation must evidence compliance
  • What’s changed recently in guidance and enforcement
  • Your personal responsibility as a member of staff
2Personal Data Day to DayHandling, sharing, storing and disposing — the habits that prevent incidents.
  • Collecting only what’s needed and keeping it accurate
  • Sharing safely: emails, attachments, CC vs BCC
  • Retention — why hoarding data is a liability
  • Secure disposal of paper and digital records
  • Screens, printers and conversations in shared spaces
3Data Breaches: Spotting and ReportingThe first hour matters most — what to do and who to tell.
  • What counts as a personal data breach — it’s wider than hacking
  • Misdirected emails, lost devices and wrong attachments
  • The 72-hour ICO reporting window and why speed matters
  • Report, don’t hide: your role in the first hour
  • What happens after you report
4Phishing and Social EngineeringToday’s attacks — email, text, phone and QR — and how to catch them.
  • Phishing red flags — and why AI has removed the spelling mistakes
  • Smishing, vishing and QR-code scams
  • Urgency, authority and impersonation tactics — including CEO fraud
  • Checking before you click, pay or reset
  • Reporting suspicious messages — even after you’ve clicked
5Passwords, Devices and Remote WorkingPractical security for the office, home and everywhere between.
  • Strong passwords, password managers and multi-factor authentication
  • Locking, updating and looking after work devices
  • Home working: networks, shared computers and household ears
  • Public Wi-Fi, working on the move and shoulder surfing
  • USB sticks, personal devices and approved software only
6Individual Rights and SARs in BriefRecognising a rights request and routing it — fast.
  • The rights individuals have over their data
  • Recognising a subject access request — it doesn’t have to say “SAR”
  • The clock starts when anyone in the organisation receives it
  • Routing requests to the right person immediately
  • What not to do: deleting, delaying or ignoring

Who it’s for

Is this course a good fit?

Everyone who touches personal data or a work device — which is the whole workforce. It’s designed to be renewed annually across the organisation.

All office staff

Anyone working with emails, documents, spreadsheets or customer records.

Remote & hybrid workers

Staff working from home, where device and network habits matter most.

Customer-facing teams

Sales, service and support staff handling customer data all day.

Finance teams

The prime target for payment fraud and CEO impersonation.

HR & payroll

Handlers of the most sensitive employee data in the business.

Annual renewals

Organisations refreshing all-staff training records every year.

This is a refresher: it assumes staff have met data protection basics before, though it stands alone perfectly well for new starters. For deeper first-time training, see our full GDPR & Data Protection Training course. Annual whole-workforce renewals are exactly what volume licensing is for — per-seat prices reduce with team size, with completion tracking and consolidated invoicing.

Assessment

How it’s assessed

The course is assessed by a single online multiple-choice test taken at the end of the modules. It can be retaken as many times as you need at no extra cost.

End-of-course assessment

FormatMultiple choice
Questions20 MCQs
Pass mark80%
MarkingInstant, automated
ResitsUnlimited, free

Study details

Study timeAround 1 hour
Access period12 months
Delivery100% online
DeviceAny — phone, tablet, PC
CertificateInstant on passing

You can pause and resume at any point — your progress is saved automatically. There is no time limit on the assessment itself.

Certification

Your CPD-certified certificate

GDPR Refresher & Cyber Security Awareness — CPD Certified

On passing the assessment, your CPD-certified digital certificate is available to download and print immediately, with your name, the course title and completion date. For employers, an annually renewed certificate for every member of staff is exactly the training evidence the ICO, auditors, insurers and client due-diligence questionnaires ask for. Renew every twelve months to keep records current.

CPD Certified
Instant download
ICO-ready training record
Renew annually

FAQs

Questions people often ask

We did GDPR training when it came in — why train again?
Because training ages. The ICO expects regular refreshers, and after a breach the age of the training record is one of the first things examined — training from years ago carries little weight. Threats have also changed: AI-polished phishing, QR scams and hybrid-working risks didn’t exist when most staff were first trained.
How is this different from the full GDPR course?
Our GDPR & Data Protection Training course is the deeper first-time grounding. This refresher condenses the essentials into about an hour and adds practical cyber security awareness, so one short annual course keeps both training records current for the whole workforce.
Why combine data protection with cyber security?
Because in practice they’re the same risk. Most data breaches start with a phishing email, a weak password or a lost device — and most cyber incidents become data protection incidents the moment personal data is involved. Training them together is shorter, cheaper and reflects how incidents actually happen.
How long does it take and how long do I have access?
The course takes around an hour to complete. You have twelve months’ access from the date of enrolment, and you can work through it at your own pace, pausing and resuming whenever you like.
Can we set this up as an annual renewal for all staff?
Yes — that’s what it’s designed for. Volume licensing covers whole-workforce enrolments with per-seat discounts, consolidated invoicing and a manager dashboard to track completions year on year. Please contact us on 020 3026 4629 or email info@nationalcompliancetraining.co.uk to set up your renewal cycle.
Get 10% OFF All Products!

Special Offer!

Exclusive Discount

10% OFF

Use code NCT10 at checkout

*Valid on all products. Does not include examination resits.

X
X