Level 2 GDPR and Data Protection
Pivotal University
The accredited training academy of Pivotal. Practical, certified courses that take you from new star...
A comprehensive Level 2 GDPR and Data Protection course for anyone who handles personal data at work — which is almost everyone. Covers the UK GDPR and the Data Protection Act 2018 in plain English, with the principles, rights and practical habits that keep an organisation compliant.
Across nine in-depth modules you'll learn the key roles and terms, personal versus special category data, the seven principles, the six lawful bases, the eight rights of individuals, accountability and governance, data security and the 72-hour breach rule, and the role of the ICO — each brought to life with clear, branded diagrams.
Finish with a final assessment (80% to pass, unlimited attempts, every answer explained) and earn your Certificate of Completion.
Please note: this is an awareness and CPD course giving every member of staff a solid working understanding of their responsibilities. It is not legal advice, and Data Protection Officers need deeper, role-specific training, with your organisation's own policies applying on top.
Across nine in-depth modules you'll learn the key roles and terms, personal versus special category data, the seven principles, the six lawful bases, the eight rights of individuals, accountability and governance, data security and the 72-hour breach rule, and the role of the ICO — each brought to life with clear, branded diagrams.
Finish with a final assessment (80% to pass, unlimited attempts, every answer explained) and earn your Certificate of Completion.
Please note: this is an awareness and CPD course giving every member of staff a solid working understanding of their responsibilities. It is not legal advice, and Data Protection Officers need deeper, role-specific training, with your organisation's own policies applying on top.
Course Curriculum
10 sections · 31 lessons · 12h
Introduction to Data Protection
Why Data Protection Matters
20 min
The UK Legal Framework: UK GDPR and the DPA 2018
25 min
Core Vocabulary: The Terms You Must Know
25 min
Personal Data and Special Category Data
What Counts as Personal Data?
25 min
Special Category Data Under Article 9
25 min
Criminal Offence Data, Pseudonymisation and Context
25 min
The Seven Principles
Principle 1: Lawfulness, Fairness and Transparency
20 min
Principles 2 & 3: Purpose Limitation and Data Minimisation
25 min
Principles 4 & 5: Accuracy and Storage Limitation
20 min
Principles 6 & 7: Security and Accountability
25 min
The Lawful Bases for Processing
The Six Lawful Bases at a Glance
25 min
Consent Done Right
25 min
Legitimate Interests and the Balancing Test
25 min
The Rights of Individuals
The Eight Rights Overview
20 min
Subject Access Requests in Practice
30 min
Erasure, Objection and the Other Rights in Depth
25 min
Accountability and Governance
Records of Processing Activities (ROPA)
20 min
Data Protection Impact Assessments (DPIAs)
25 min
Privacy by Design and by Default
20 min
DPOs, Processor Contracts and Suppliers
20 min
International Transfers
20 min
Data Security and Breaches
Technical and Organisational Measures
25 min
Everyday Security Habits
20 min
Phishing and Social Engineering
20 min
Recognising a Personal Data Breach
20 min
The 72-Hour Rule and Breach Response
30 min
The ICO and Enforcement
The ICO: Role, Powers and Tools
20 min
Fines, Reputation and Real Cases
25 min
Data Protection in Your Daily Work
Everyday Habits That Keep You Compliant
20 min
Capstone: Bringing It All Together
30 min
Final Assessment & Certification
Final Assessment
20 min