Further to completion of GDPR 1, this course is designed to give health and social care workers a developed knowledge and understanding of the General Data Protection Regulation (GDPR), and their responsibilities relating to this.

It is suitable for managers and workers in health and social care organisations particularly if you are a manager, senior or are responsible for decisions about personal data collection in your organisation.

The course begins by reflecting on the learning from GDPR 1 by reminding learners what GDPR is, how it relates to the Data Protection Act 2018, details about the Regulator – Information Commissioners Office (ICO) and what is meant by ‘Personal Data’. Additional information regarding ICO data protection fees is also included within this module.

Module 2 shows how to prepare to process data and what initial steps are required. The course describes the 6 Lawful Bases necessary to process personal data and the additional conditions for special category data processing. The module asks learners to consider whether processing is necessary and the importance of demonstrating compliance by recording the outcome.

Module 3 explores Privacy Notices and Data Protection Impact Assessments; why they are necessary and what to include. We also ensure that any differences processing children’s data are identified and explained, providing a holistic package for all health and social care workers.

In the final stage of the course, you will learn about the roles and responsibilities necessary for health and social care workers and those in a data protection role. This includes information around Data Protection Officers, Data Controllers and Processors, contracts, record keeping and identifying / reporting data breaches.

Course duration: up to approx. 1 hour, dependent on learner’s skills and abilities.