UK GDPR and DUAA: 2025 - Foundation

Regulatory compliance - Data protection
What everyone who handles personal data needs to know

This course gives everyone in a UK workplace - employees, line managers, and anyone who handles personal data - a clear, practical orientation to the UK GDPR and the Data (Use and Access) Act 2025 and what they require.

You'll learn what counts as personal data, the data protection principles in plain language, how to keep data safe day to day, how to respond when someone asks for their data, and how to spot and report a personal data breach. By the end, you'll be able to recognise personal and special category data, apply the principles to everyday decisions, handle a subject access request correctly, follow the breach reporting steps, and know where to find trusted ICO guidance.

Access

Self-Paced Learning

Modules

10 Modules

Certification

Certificate of Completion

Price

€150
Learning Objectives
Course Benefits
Modules
By the end of this course, learners will be able to:

  • Explain what the UK GDPR and the Data (Use and Access) Act 2025 require, and why protecting personal data matters in every role
  • Recognise what counts as personal data, including special category data, in everyday work
  • Apply the data protection principles to the decisions you make about personal data each day
  • Keep personal data safe day to day and respond correctly when someone asks for their data
  • Spot a personal data breach and follow the right steps to contain and report it
  • Know your responsibilities under the DUAA 2025 and where to find trusted ICO guidance
Benefits for the Organisation

• Get every member of staff oriented to the UK GDPR and the Data (Use and Access) Act 2025 and their data protection duties
• Reduce the risk of breaches, complaints, and ICO enforcement caused by everyday data-handling mistakes
• Evidence completed data protection training across the organisation, with assessment results and certificates
• Standardise what your whole workforce understands about the new law, with no improvised handling of requests
• Save HR and owner-managers the time spent correcting avoidable mistakes under the new rules

Benefits for Learners

• Understand what the UK GDPR and the DUAA 2025 mean for the personal data you handle
• Apply the data protection principles confidently to your everyday decisions
• Recognise personal and special category data and handle subject access requests correctly
• Know how to spot, contain, and report a personal data breach without delay
• Pass the assessment knowing every answer reflects how data protection works in practice

Lesson 1: Welcome and how this works
Get oriented to the course and to UK data protection, see how the course works, and acknowledge the disclaimer before you begin.

Lesson 2: What counts as personal data
Learn what counts as personal data and special category data, with everyday workplace examples, so you can recognise it wherever it appears.

Lesson 3: The data protection principles
Walk through the data protection principles in plain language and see how each one shapes the decisions you make about personal data.

Lesson 4: Keeping data safe day to day
Build the everyday habits that keep personal data safe - strong passwords, careful sharing, locked screens - and avoid the mistakes that cause breaches.

Lesson 5: When someone asks for their data
Handle a subject access request correctly: recognise one, know the timescales under the DUAA 2025, and follow the right steps to respond.

Lesson 6: Spotting and reporting a breach
Spot the signs of a personal data breach, know what to do in the first hours, and follow the right route to report it without delay.

Lesson 7: Who enforces it - the ICO
Meet the Information Commissioner's Office, see how data protection is enforced and what penalties can follow, and learn which records to keep.

Lesson 8: Resources and where to get help
Build your reference shelf: the UK GDPR, the Data Protection Act 2018, the Data (Use and Access) Act 2025, and trusted ICO guidance to return to.

Lesson 9: Final assessment
Ten multiple-choice questions covering the whole course, with an 80% pass mark and two attempts, each question tied to a course outcome.

Lesson 10: Conclusion - feedback and certificate
Share your feedback on the course and claim your certificate of completion.

CORPORATE TRAINING

We Can Train Your Employees

Every organisation is different - and so are its learning needs.

Request a call back to talk through:


  • Your current onboarding or training challenges
  • Skills gaps across teams or roles
  • Compliance, wellbeing, or development priorities
  • How digital learning can support performance and retention
  • Special pricing options for multiple seats or team-wide access


We’ll help you explore practical, people-first solutions that fit your organisation.

Course FAQ's

Who is this course for?

Everyone in a UK workplace who handles personal data - employees, line managers, and HR across England, Wales, and Scotland. It is also a useful refresher for experienced staff and a sound baseline before any role-specific data protection training.

No prior knowledge of data protection law is required.

Where and when can I take this course?

The course can be taken at any time and from any internet-connected device.

Do I need prior knowledge or experience?

This is a foundation-level course, and all concepts are explained in a clear, simple, and practical way. Learners, do not require any previous training or background knowledge.

Can this course be used for company-wide training?

Absolutely. This course is designed to be rolled out across the whole organisation, making it suitable for every employee, line manager, and team member who handles personal data.

Do I get a discount if I buy multiple seats for this course?

Yes. Please contact us and we will issue a quote according to your needs.

Will managers be able to track progress and completion?

Yes. Branch managers and administrators can track learner progress, completion rates, and assessment performance across the course.

This gives clear visibility on engagement and outcomes, making it easier to monitor participation, support staff where needed, and evidence completed data protection training to auditors and the ICO.

Is this course part of a larger data protection programme?

Yes. This is Course 1 of the Auren UK GDPR and DUAA 2025 bundle - the Foundation course, the orientation that everyone who handles personal data starts from. It is followed by Course 2 (Intermediate), for the line managers who oversee data protection day to day, and Course 3 (Advanced), for the DPOs, HR leads, and senior managers who run the data protection programme.

All three courses in the bundle can be taken as stand-alone courses.