Everyone in your business is responsible for complying with information rights laws. We’re here to help.
We’ve taken the information governance and legislation training modules we provide to ICO staff as part of their internal training and made them available for you to reuse. This is a good place for your business to start.
You can select the modules that fit the needs of your business and add them to your existing training materials. You can also amend the modules to suit your business if you need to.
Please note: there may be some terminology which needs updating in some of these modules, which we will update over time. However you should still find the content useful in training your staff in the key points of the relevant legislation. To make sure you're accessing the latest content, use the resources on our website rather than downloading them.
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018 – Parts 3 and 4
- Privacy and Electronic Communications Regulations (PECR)
- Freedom of Information Act (FOIA) and Environmental Information Regulations (EIR)
- Information governance annual refresher
What is personal data?
The first two modules look at the different data protection terms and what they mean. They provide a basic understanding of data protection and help you assess the types of data your business uses.
Module 1: What is personal data?
Module 2: Definitions
Handling more sensitive personal data
These two modules take an in-depth look at special category and criminal offence data, and the measures you need to have in place if your business processes this type of information.
Module 4: Special category data
Module 5: Criminal offence data
Data protection principles
These three modules look at the principles which underpin the UK’s data protection laws. Understanding the principles will help you take the right steps to make sure you’re handling people’s data correctly.
Module 3: Principles (Part 1) – Lawful processing
Module 6: Principles (Part 2) – Purpose limitation, data minimisation, accuracy and storage limitation
Module 7: Principles (Part 3) – Security, accountability and governance
People’s rights and exemptions
People have rights when it comes to how their personal data is used. In this section we look at those rights, and what your business needs to do to make sure you uphold them.
Module 8: Rights of individual (Part 1)
Module 9: Rights of individual (Part 2)
Not all rights are absolute. In these modules, we explain the circumstances when individual rights might not apply. We also explain when you can do something you wouldn’t normally be able to do.
Module 10: Exemptions (Part 1)
Module 11: Exemptions (Part 2)
Role and powers of the Information Commissioner
This explains the role of the Information Commissioner, and the responsibilities and powers held by their office. It will be useful if you want to know more about what the ICO does.
Module 13: Role and powers of the Commissioner
These two modules are relevant for controllers and processors who process personal data in connection with law enforcement or the intelligence services. They explain the purposes for using personal data in this way and when people’s rights relating to their data may be restricted.
Module 12(a): Data Protection Act 2018 (Part 3)
Module 12 (b): Data Protection Act 2018 (Part 4)
Module 14: Privacy and Electronic Communications Regulations (PECR)
Public authorities, or businesses who work on behalf of a public authority, may find our introduction to the FOIA and EIR useful.