This course is designed to give health and social care workers the underpinning knowledge and understanding of the General Data Protection Regulation (GDPR), and their responsibilities relating to this.

It is suitable for managers and workers in health and social care organisations. If you are a manager, senior or are responsible for decisions about personal data collection in your organisation then you are advised to also complete the GDPR 2 which describes in more detail how to comply with the regulations.

The course begins by explaining what the GDPR is, how it relates to the Data Protection Act 2018 and details about the Regulator – Information Commissioner’s Office (ICO). This includes the rights that an individual has including right to access information, to have it erased or rectified and their right to object to processing.

Module 2 defines some of the terminologies used in the Regulations, including ‘Personal Data’, ‘Special Category Data’, ‘Data Protection Officers’, ‘Data Controllers’ and ‘Data Processors’. The course then describes the seven main principles of the GDPR: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity; confidentiality and accountability.

In the final stage of the course you will learn about some of the responsibilities necessary for health and social care workers, including the requirements for obtaining consent, details around privacy notices, data breaches and how to report them.

Course duration: up to approx. 1 hour, dependent on learner’s skills and abilities.