Overview
One hour a year that keeps every training record current
When a data breach is investigated, one of the first questions is simple: when was this person last trained? Training from years ago carries little weight — the ICO expects it to be refreshed regularly, and the threats themselves have moved on. Phishing no longer announces itself with spelling mistakes; it arrives AI-polished, by text and QR code as often as email, and it targets people rather than systems.
This refresher keeps the whole workforce current in about an hour. It brings the UK GDPR essentials back to front-of-mind — the principles, personal data in everyday work, and what to do in the critical first hour of a suspected breach — then pairs them with the cyber habits that prevent most incidents in the first place: spotting today’s phishing and social-engineering tactics, and keeping passwords, devices and home working secure. Data protection and cyber security are two halves of the same risk, so one short course covers both training records at once.
Pass the short closing assessment and a CPD-certified certificate is generated straight away — a fresh, dated record for every member of staff, every year. Volume licensing makes the annual whole-workforce renewal simple, with completion tracking and consolidated invoicing.
Fully Online
Around 1 Hour
Annual All-Staff Renewal
What you’ll learn
What you’ll be able to do
By the end of this course you will be able to:
Recall the UK GDPR principles and what counts as personal and special category data.
Handle, share and dispose of personal data correctly in everyday work.
Recognise a personal data breach and report it fast — the 72-hour clock starts immediately.
Spot phishing, smishing and voice-scam attempts, including AI-polished ones.
Resist social-engineering tactics: urgency, authority and impersonation.
Use strong authentication and keep devices secure in the office, at home and on the move.
Recognise a subject access request and other individual rights, and route them correctly.
Know where your organisation’s policies and reporting routes are when something looks wrong.
Course content
Six short modules to work through
Each module ends with a knowledge check. Work through the modules in any order and return to the content at any time during your twelve-month access window.
1Data Protection Essentials, RefreshedThe UK GDPR principles and definitions — back to front-of-mind.⌄
- The data protection principles in one page
- Personal data and special category data — including the edge cases
- Accountability: why your organisation must evidence compliance
- What’s changed recently in guidance and enforcement
- Your personal responsibility as a member of staff
2Personal Data Day to DayHandling, sharing, storing and disposing — the habits that prevent incidents.⌄
- Collecting only what’s needed and keeping it accurate
- Sharing safely: emails, attachments, CC vs BCC
- Retention — why hoarding data is a liability
- Secure disposal of paper and digital records
- Screens, printers and conversations in shared spaces
3Data Breaches: Spotting and ReportingThe first hour matters most — what to do and who to tell.⌄
- What counts as a personal data breach — it’s wider than hacking
- Misdirected emails, lost devices and wrong attachments
- The 72-hour ICO reporting window and why speed matters
- Report, don’t hide: your role in the first hour
- What happens after you report
4Phishing and Social EngineeringToday’s attacks — email, text, phone and QR — and how to catch them.⌄
- Phishing red flags — and why AI has removed the spelling mistakes
- Smishing, vishing and QR-code scams
- Urgency, authority and impersonation tactics — including CEO fraud
- Checking before you click, pay or reset
- Reporting suspicious messages — even after you’ve clicked
5Passwords, Devices and Remote WorkingPractical security for the office, home and everywhere between.⌄
- Strong passwords, password managers and multi-factor authentication
- Locking, updating and looking after work devices
- Home working: networks, shared computers and household ears
- Public Wi-Fi, working on the move and shoulder surfing
- USB sticks, personal devices and approved software only
6Individual Rights and SARs in BriefRecognising a rights request and routing it — fast.⌄
- The rights individuals have over their data
- Recognising a subject access request — it doesn’t have to say “SAR”
- The clock starts when anyone in the organisation receives it
- Routing requests to the right person immediately
- What not to do: deleting, delaying or ignoring
Who it’s for
Is this course a good fit?
Everyone who touches personal data or a work device — which is the whole workforce. It’s designed to be renewed annually across the organisation.
All office staff
Anyone working with emails, documents, spreadsheets or customer records.
Remote & hybrid workers
Staff working from home, where device and network habits matter most.
Customer-facing teams
Sales, service and support staff handling customer data all day.
Finance teams
The prime target for payment fraud and CEO impersonation.
HR & payroll
Handlers of the most sensitive employee data in the business.
Annual renewals
Organisations refreshing all-staff training records every year.
Assessment
How it’s assessed
The course is assessed by a single online multiple-choice test taken at the end of the modules. It can be retaken as many times as you need at no extra cost.
End-of-course assessment
Study details
You can pause and resume at any point — your progress is saved automatically. There is no time limit on the assessment itself.
Certification
Your CPD-certified certificate
GDPR Refresher & Cyber Security Awareness — CPD Certified
On passing the assessment, your CPD-certified digital certificate is available to download and print immediately, with your name, the course title and completion date. For employers, an annually renewed certificate for every member of staff is exactly the training evidence the ICO, auditors, insurers and client due-diligence questionnaires ask for. Renew every twelve months to keep records current.
Instant download
ICO-ready training record
Renew annually
FAQs

