Data Protection Awareness eLearning

Data protection has never been more important. In the past few years, a number of countries have updated and enhanced their data privacy laws – in particular, the European Union’s ground-breaking General Data Protection Regulation (GDPR) has strengthened protections in relation to personal data and increased the potential penalties for breaches of the law.

In addition, individuals are becoming increasingly aware of their personal data and how it is being used, so it is vital that organisations get it right - personal data should always be handled in a way that is fair and provides the appropriate degree of privacy.

Training on the regulations is vital for staff – everybody needs to be aware of what is expected in relation to personal data and there is an ever-present danger of reputational damage and significant financial penalties for breaches.

This eLearning module puts the data protection law and regulations into context, highlighting the core requirements in a way that is sufficiently comprehensive and practical to be suitable for all staff needing training on their purpose and impact.

This module and the end assessment can be tailored to incorporate client-specific content.

This course is suitable for all staff. Other versions of this data protection eLearning module are also available to reflect the laws of the relevant jurisdiction (such as the DIFC or the ADGM).

The training module will take around 40 minutes to complete, and is made up of 8 subsections:

Introduction

• The aim of the Law
• Why it is necessary
• Who it applies to
• When it applies

General Requirements

The principles of the Law:

• Lawful, fair and transparent processing
• Purpose limitation
• Data limitation
• Data subject rights
• Accuracy
• Data retention period
• Data security
• Accountability

Lawful Processing (incl consent)

• The main instances that provide organisations with the legal basis they require
• What makes consent valid

Individual Rights

• Right to be informed
• Right of access
• Right to rectify
• Right of erasure
• Right to data portability

Accountability

• Privacy by design
• Data protection impact assessments
• The Data Protection Officer (DPO)
• High risk processing activities

Breaches and notifications

• Notification requirements of a personal data security breach

Data Transfers

• Restriction on the transfer of personal data outside of the DIFC except in limited circumstances
• The limited circumstances in which personal data may be transferred

Assessment

• 10 multiple choice questions