UK GDPR places legal obligations on every person in your organisation who handles personal data — not just your DPO or IT team. Aursec's data protection training gives your whole team the knowledge they need to handle data correctly, recognise risks, and keep your organisation compliant.
Most data protection failures don't happen because of malicious intent. They happen because staff don't know the rules, don't recognise a breach when it happens, or don't know what to do when something goes wrong.
The ICO has the power to fine organisations up to £17.5 million or 4% of global annual turnover for serious breaches. Most enforcement action follows incidents that proper training would have prevented.
When a personal data breach occurs, organisations have 72 hours to notify the ICO. Staff who don't recognise a breach — or don't report it internally — make that deadline impossible to meet.
Data breaches are not rare events. Staff who understand their obligations and know how to respond are your first and most important line of defence.
Every session is delivered in plain English — no legal jargon, no dense policy documents. Real scenarios, practical guidance, and clear actions your team can apply immediately.
What UK GDPR is, why it exists, what it requires of your organisation, and what the consequences of non-compliance look like in practice. The foundation every member of staff needs before anything else.
The six lawful bases under UK GDPR, when each applies, and how to identify the correct basis for the data your organisation processes. Particularly relevant for marketing, HR, and customer data handling.
The rights individuals have over their personal data — access, erasure, rectification, portability, and objection. How to recognise a rights request and what your organisation is required to do when one arrives.
What constitutes a personal data breach, how to recognise one, the internal reporting process, and when and how to notify the ICO and affected individuals. The 72-hour clock starts when your organisation becomes aware — not when it's confirmed.
Building data protection into processes, systems, and products from the start — not bolted on afterwards. Relevant for anyone involved in designing processes, services, or technology that handles personal data.
What a ROPA is, why it's required, what it needs to contain, and who in your organisation is responsible for maintaining it. Practical guidance on building and keeping a ROPA current.
The rules governing transfers of personal data outside the UK, what safeguards are required, and how to identify when a transfer is happening — including transfers via cloud services and third-party suppliers.
Data protection training works best when it reflects your organisation's actual data — the systems you use, the data you hold, and the scenarios your team faces. Every Aursec session is tailored accordingly.
Ideal for: Annual compliance refresh, new starter induction, or responding to a specific incident or audit finding.
Per-person pricing available — contact us for a quote.
Ideal for: Covering different topics across different teams — all-staff fundamentals followed by deeper sessions for HR, finance, or DPOs.
Series pricing available — contact us for a quote.
Ideal for: Businesses needing documented annual training for compliance purposes — DSPT, ISO 27001, or ICO accountability requirements.
Annual pricing available — contact us for a quote.
Data protection obligations vary significantly by role. A receptionist handling patient enquiries needs different training to a DPO managing a ROPA. We tailor every session accordingly.
The baseline every employee needs — what personal data is, why it matters, how to handle it correctly, and what to do if something goes wrong. Delivered in plain language for non-technical audiences.
Deeper training for those with specific data protection responsibilities — ROPA management, DPIA process, rights request handling, breach management, and ICO engagement. Tailored to your organisation's processing activities.
HR and finance handle the most sensitive personal data in most organisations — payroll, employment records, bank details. Focused on the specific obligations and risks relevant to these teams.
Accountability under UK GDPR sits at the top. Board-level training covers strategic obligations, reputational risk, ICO enforcement, and the board's role in data protection governance.
Could not be happier with the services provided by Aursec in supporting the IT of my Business. From initial engagement, Aursec worked with me to understand my requirements and ensured an efficient rollout of my Company's IT solution. They took the stress out of achieving CyberEssentials Plus certification and now are fully embedded with my organisation as a partner to deliver long term IT Service Support. Aursec would be a great option for any size business but are particularly valuable for smaller businesses that require that additional hands-on knowledge and experience.
Tell us about your organisation, your team, and what's driving the need for training. We'll come back to you within one working day.