GDPR (Stage 2)

Course description


General Data Protection Regulation (GDPR) (Stage 2)


Managers, seniors and staff with responsibility for managing data processing systems.

Course Aims: 

This course is a continuation of the GDPR Stage 1 course, aimed at managers, seniors, and other staff in health and social care organisations who have a responsibility for managing data processing systems. It is essential that you complete the GDPR Stage 1 course prior to completing this module as it assumes you already have some knowledge about the basic GDPR requirements.

The course begins by recapping information in the Stage 1 course to ensure that you have the knowledge base, before explaining the Data Protection Bill/Act and the differences between this and the GDPR.

Then the course explains the six lawful bases for processing personal data and helps you to understand what you need to document and how to comply with the GDPR requirements.

The course goes on to explain both Data Protection Impact Assessments and Data Protection Officers, to help you understand when these are required under the GDPR and also how they should be implemented.

The next stage focuses on the principles of accountability in the GDPR, including the requirement for contracts between controllers and processors, documentation requirements, privacy by design, data breaches and the fees you are required to pay. The final stage explains the additional requirements for processing personal data about children to help you understand what you must do if you process this type of information.

Learning Outcomes: 

The learning outcomes for this course are:

  • To know the difference between the GDPR and the Data Protection Bill/Act
  • To know how you can comply with the requirements for privacy notices under the GDPR
  • To know how to comply with the requirement for Data Protection Impact Assessments under the GDPR
  • To know what the role of a DPO is and when they should be appointed
  • To understand about your responsibilities for accountability and governance under the GDPR
  • To know when and how to report a data breach
  • To know the additional requirements for processing children's data.