Data Protection – Updated for the GDPR
This e-learning course is intended to emphasise the importance of processing information effectively, securely and according to set policies and procedures.
Learners will explore the different ways in which they process data through the course of their work and identify the reasons why it must be handled and managed correctly. They will also be given the opportunity to familiarise themselves with, and gain a better understanding of, the guidelines, policies and legal requirements in place which set out how information must be governed in their workplace.
The online materials include quizzes and exercises to help reinforce learning. There is also an online assessment to test students’ understanding of the topic on completion of the course.
Unit Titles and Descriptions
Unit 1 – An Introduction to Information Governance
This unit emphasises the importance of building and maintaining an effective information governance framework. After completing this unit learners will understand that organisations handling personal information belonging to service users and personnel must handle it securely and appropriately at all times and have a clear management accountability structure in place. The unit goes on to inform learners what their responsibilities are under the General Data Protection Regulation (GDPR), Freedom of Information Act and Caldicott principles.
Unit 2 – The Legal Framework
This unit explains how to comply with various legal requirements as stipulated by the Information Commissioner’s Office (ICO). After completing this unit, learners will understand the definition of ‘personal data’ and how the legal framework affects the way organisations handle and manage this type of information.
Unit 3 – Maintaining Confidentiality
This unit helps learners focus on how they can contribute to maintaining confidentiality during the course of their everyday work. Learners will look at:
- what makes information confidential
- how staff can safeguard against breaching confidentiality and consider the consequences of people failing to comply with the policies and procedures in place
- the purpose of a Confidentiality Statement.
Unit 4 – Information Security and Communication Policy
The purpose of this unit is to help learners familiarise themselves with their organisation’s Information Security and Communication Policy. The unit explains why all staff need to understand and comply with its requirements and that failure to do so could lead to disciplinary action.
Topics covered include:
- the purpose and requirements of an Information Management Policy
- responsibilities in relation to information governance
- definitions of the terms ‘confidential’, ‘personal’ and ‘sensitive’ in relation to data
- the purpose and requirements of the GDPR (General Data Protection Regulation) & the Freedom of Information Act 2000
- what is meant by ‘processing’ data
- the rights of clients/customers according to the GDPR
- an introduction to and explanation of the Caldicott principles
- the purpose and content of an organisation’s Confidentiality Statement and Information Security and Communication Policy and the consequences of failing to comply with them.