GDPR (Stage 1)

Course description


General Data Protection Regulation (GDPR) (Stage 1)


For all staff

Course Aims: 

This course aims to introduce you to the principles of the European General Data Protection Regulation (GDPR). It is suitable for managers and workers in health and social care organisations. If you are a manager, senior or are responsible for decisions about personal data collection in your organisation then you are advised to also complete the Stage 2 module which describes in more detail how to comply with the regulations.

The course begins by explaining what the GDPR is, and also how it relates to the new Data Protection Act 2018. It also explains why there is a need for the new regulations and gives an outline of what will change.  

The course then defines some of the terminologies used in the Regulations, including ‘Personal Data’, ‘Special Category Data’, ‘Data Controllers’ and ‘Data Processors’.

The course then describes the seven main principles of the GDPR: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity; confidentiality and accountability.

The next stage of the module details the rights that an individual has under the GDPR and explains how this relates to individuals in health and social care. This includes an individual’s right to access information, to have it erased or rectified and their right to object to processing.

In the final stage of the course you will learn about some of the additional requirements under the GDPR, including the requirement for employing a Data Protection Officer (DPO), the additional requirements for obtaining consent, privacy and breach notifications and the sanctions that can be imposed under the GDPR.

Learning Outcomes: 

The learning outcomes for this course are:

  • To know what the GDPR is
  • To know what is meant by the term ‘personal data’
  • To know who is in charge of implementing the regulations
  • To know the difference between a ‘data controller’ and a ‘data processor’
  • To know the seven main principles of the GDPR
  • To be aware of the eight rights an individual has in relation to their personal data
  • To know what a Data Protection Officer is and when they are required
  • To know what is required for consent under the GDPR
  • To know about privacy notification and breach notifications
  • To know the sanctions that can be imposed under the GDPR.