Data Protection Training


As well as training and support we can also offer a retainer / backup service to support Manager/Champions with any queries or challenges.
  • Information Governance
  • Home working guidance
  • Policies and Procedures
  • Physical and environmental security
  • Compliance Checks and Audits
  • Processor Contracts
  • Data Sharing Agreements
  • Data Protection Assessments
  • Record of processing and corresponding Risk Register
  • Privacy Notice
  • Training Courses and Videos


Audience: Training for the Board Time: 30 mins to 1 hour including Q&A specific to the organistion Purposes: To brief the Board on GDPR / Data Protection, the requirements, their role, their responsibilities and the organisational capability and compliance. This may include a roadmap (project plan) of what to do or a traffic light report (audit) indicating progress and issues. Content:
  • Data Protection Principles and Requirements
  • Roles, Responsibilities, Compliance (both JFSC and OIC)
  • Records Management Policy and Procedures
  • Information Security Policy and Procedures
  • Communication and Training to staff / managers
  • Dashboard: A summary of all the tasks of Manager/Champions and their status


Audience: Training for the Data Protection Manager(s)/Champions Time: 2hours including Q&A specific to the organistion Purposes: To brief the Manager/Champions on GDPR / Data Protection, the requirements, their role, their responsibilities both upward to the Board and to the clients, customers in relation to their personal data and to the suppliers, staff, colleagues in relation to their roles, actions, queries etc. This may include a task list of what to do [daily, weekly, monthly, annually] or audit reports indicating progress and issues (or checking and confirming compliance) Content: All the elements outline for Board plus …
  • Record of processing activities (ROPA)
  • Document Classification / Categorisation
  • Retention Policy, Procedures, Logs
  • Breach Policy, Procedures, Logs
  • Subject Access Policy, Procedures, Logs
  • Data Protection Impact Assessments Policy, Procedures, Logs
  • Data Sharing Agreements
  • Processor / Controller Agreements
  • Supplier and Systems Due Diligence
  • Privacy Notices


Audience: Training for the Front Line Staff / Colleagues Time: 30 mins including Q&A specific to the organistion Purposes: To brief the make staff aware of policy, procedures, standards, the role and responsibilities or the Manager/Champions and the staff role in terms of day-to-day confidentiality, data protection and information security. Content:
  • Policy, procedures, standards including…
  • Data Protection
  • Cyber Security and Confidentiality
  • Document Classification / Categorisation and Retention


Customised solution Additionally this can be customised so that is not generic, but specific to the business and jurisdiction with relevant examples and guidance relating to real-life policy, procedures and practice. My experience is that this really improves understanding and engagement over boring web-based training which is seen as theoretical at best and rarely practical. Validation of learning Further we can link this to a quiz, test or other validation of learning, understanding and compliance so that you have a log of both who has been trained, but also confirmation that they have understood. This is useful for audit/compliance as part of “regular reading and viewing” to evidence on-going update and refresher training. Video guidance Further we can break key elements of the training into small videos of 5 to 15minutes which allow people to pick and mix their training and have it on demand for refresher training or reference. Examples of 5 to 15minutes could be…
  • How to handle a Subject Access Request
  • How to report a Breach (to the in-house Manager/Champions)
  • How to do a Data Protection Impact Assessment
  • What are the Document Classification / Categorisations
  • What is the Retention Policy and how to securely dispose of paper or electronic data
  • Data Protection and Working from Home
For the above you pick a topic and I would write a script and send to you to review and approve (or edit / amend). You can then use me or volunteer actors from your business to star in the video (Typically .mp4 TEAMs or Zoom Recording with people, images, graphics etc). This process would be £100/hour and a typical video may follow this process.
  • Draft script and send to client
  • Update / amend script (as necessary)
  • Rough Version 1 for feedback/review
  • Better Version 2 to accomodate any changes
  • Final Version 3 ready for you to host on your systems
Typical Cost £500 per video Clearly if you wanted to film on-premises with volunteer actors that would cost more, but we would be willing to provide a quote.


As well as training we can provide an audit/check function using objective YES/NO assessment of key requirements against the following criteria/themes. Data Protection Factors
  • Policies and Procedures
  • Management Structures
  • Central Action Plan and KPIs
  • Compliance Checks and Audits
  • Record of processing (ROPA) and corresponding Risk Register
  • Data Protection Officer
  • Lawful basis of processing
  • The use of “Consent” as the lawful basis for processing
  • Overarching Information Governance Training
  • Processor Contracts
  • Processors of the Organisation
  • External Accrediation
  • Information Steering Group
  • Online Services for Children
  • Data Protection by Design and Default
  • Transparency
Cyber Security Factors
  • Information security policies
  • Organisation of information security
  • Human resource security
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security
  • Communications security
  • System acquisition, dev. and maint.
  • Supplier relationships
  • Security incident management
  • Business continuity management
  • Compliance