Loading...
We deliver mandatory UK GDPR, EU GDPR, and broader data privacy training across your workforce β Data Protection Act 2018, ICO guidance, lawful basis, data subject rights, and breach response. Managed rollout, audit-ready evidence accepted by the ICO, EU supervisors, and customer due-diligence reviewers. Live for your team in under a week.
Tell us your team size β receive a tailored proposal within 1 business day.
Trusted by Compliance Teams at Leading Organizations
Staff training is your first line of defence β and the first piece of evidence regulators ask for.
The UK GDPR (incorporating the EU GDPR into UK law via the Data Protection Act 2018) and the EU GDPR both make data protection accountability a controller obligation. The ICO's Accountability Framework explicitly lists 'adequate, regular and refreshed' staff training as a documented control. ICO investigations and EU supervisory authority decisions consistently cite inadequate training as an aggravating factor. Customer audits, ISO 27001 certifications, SOC 2 reviews, and procurement due-diligence reviews all require evidence of staff training.
ICO Accountability Framework β adequate, regular, refreshed staff training is a documented control
UK GDPR / DPA 2018 β controllers must demonstrate compliance under Article 5(2) accountability
EU GDPR Article 39(1)(b) β DPO is responsible for staff training; supervisors expect documented evidence
Customer audits, ISO 27001 (A.6.3), and SOC 2 reviews routinely require training evidence
Curated from our full library and tailored to your jurisdictions (UK, EU, multi-jurisdiction), your sector, and your role mix β you don't pick modules from a menu, we propose the right curriculum.
UK GDPR + Data Protection Act 2018 β what changed since Brexit
EU GDPR β Article 5 principles, lawful basis, accountability
Data subject rights and DSAR handling (UK + EU timelines)
Lawful basis for processing β consent, contract, legitimate interests
Special category data and criminal-offence data conditions
International transfers β SCCs, IDTA (UK), adequacy decisions
Privacy notices, transparency, and Article 13/14 obligations
Breach response β 72-hour ICO notification and EU equivalent
Records of Processing Activities (ROPA) and Article 30 obligations
Data protection impact assessments (DPIAs) and legitimate interests assessments
Dedicated customer success manager handles enrolment, role mapping, kickoff communications, and reminder cadence.
Dated certificates per learner, exportable completion logs, and role-mapped curriculum records that meet ICO Accountability Framework expectations and EU supervisor documentation requirements.
Track completion across teams, jurisdictions, and entities. Export evidence packages for ICO investigations, EU supervisor queries, and customer due-diligence.
SAML 2.0, OIDC, and SCIM provisioning. New joiners enrolled automatically. Leavers de-provisioned. Zero admin overhead.
Multi-year licensing rolls learners forward each year with content updates as the ICO, EDPB, and member-state supervisors release guidance and the UK Data Protection and Digital Information Bill progresses.
Your logo on certificates, co-branded learner emails, and the option to attach your privacy policy, ROPA, breach response procedure, or DSAR handling playbook to any module.
We don't sell self-checkout seats to enterprises. We propose a curated curriculum based on your jurisdictions and risk profile, manage the rollout, and hand you an evidence package the ICO and EU supervisors will accept on first review.
βWe have UK and EU operations and our DPO needed evidence of consistent training across both. The single rollout covered UK GDPR for our London office and EU GDPR for our Munich and Paris teams β same dashboard, jurisdiction-aware reports, ICO-ready and BfDI-ready in one package.β
βAn ICO complaint surfaced and we needed evidence of staff training within 14 days. The dashboard exported the package in under an hour. The complaint was closed without enforcement action.β