ICO reporting, the time and effort required to respond to complaints and potential fines means Regular Data Protection Training, PECR Training and GDPR Training is essential. 

Regular data protection training, GDPR training, PECR training, helps avoid data protection breaches. Our high value high impact training is recommended

Our guide on data protection training frequency should be read and our suggestions considered. 

Our data protection training courses are high quality and high impact, They deliver real understanding and improved compliance. They are very affordable and offer high value.

We cover provide all aspects of Data Protection Training including – GDPR, PECR, DUAA, Privacy by Design and Data Protection Impact Assessment Training.  

What is Data Protection?

Data protection is the process of safeguarding important information from corruption, compromise, or loss, while ensuring personal data is handled lawfully, transparently, and securely. It involves adherence to legal frameworks and approaches, that help organisations to process data in a responsible manner and give individuals control over their personal data.  Key legislation and good practice includes:

• The Data Protection Act 2018,
• The GDPR (General Data Protection Regulation)
• The Privacy and Electronic Communications Regulations (PECR) 2003)
• The DUAA (Data (Use and Access) Act 2025
• Privacy by Design
• Impact Assessment

We provide high quality training on all of the above

What is the Data Protection Act 2018?

The Data Protection Act 2018 (DPA 2018) is the UK’s primary legislation governing data protection, working alongside the UK GDPR to regulate how personal information is used. It empowers individuals with rights over their data, mandates secure handling, and holds organizations accountable for processing personal information

What is The UK GDPR (General Data Protection Regulation) ?

GDPR stands for General Data Protection Regulation. It is a comprehensive data protection law that came into effect on 25 May 2018, replacing the outdated Data Protection Directive from 1995. It is one of the toughest privacy and security law in the world.  It harmonises European data privacy laws, protect citizens’ personal information, and governs how organizations manage and use data. It applies to any organization targeting or collecting data from people in the EU/EEA.

What is the UK PECR (The Privacy and Electronic Communications Regulations (PECR) 2003?

This legislation is less well known than the UK GDPR.  It derives from European law and sits alongside the GDPR. It governs electronic marketing, cookies, and communications security. The legislation applies to all businesses sending marketing emails/texts, making calls, or using tracking technologies (cookies). Compliance is enforced by the Information Commissioners Office (ICO). More fines and penalties are issued for PECR breaches than GDPR breaches

What is The Data (Use and Access) Act 2025 – DUAA?

The Data (Use and Access) Act 2025 (DUAA) is a UK law that updates the UK GDPR, Data Protection Act 2018, and PECR to promote economic growth, reduce administrative burdens for businesses, and facilitate data sharing while maintaining protection standards. It introduces “recognized legitimate interests,” simplifies Subject Access Requests (SARs), and sets new rules for automated decisions.

What is Data Protection Privacy by Design?

Privacy by Design is an approach to data protection where data protection considerations are considered at every stage of any new policy, procedure, process or activity.  That is to say data privacy is embedded into the very design and operation of any or all business process, rather than data privacy and compliance being reviewed after the policy and procedure is written. 

What is a data protection impact assessment?

Data Protection Impact Assessment (DPIA) is a structured process that enables organisations to evaluate, identify and minimise data protection risks for any policy, procedure, process, project or activity. It is particularly useful for high-risk projects. It requires documenting the data processing, assessing necessity and proportionality, managing risks to individuals’ rights, and implementing mitigation measures.

Why is Data Protection Training Important?

Data protection training is important because most breaches occur due human error, the legislation not being understood, company policies and procedures being ignored or data protection not thought about.  Regular training increases data protection awareness and understanding and in doing so reduces the risk of data protection breaches.  We recommend annual training for all staff with repeat training after any breach, the nature, focus and duration of the training being risk assessed.  Training is very low cost compared with the potential fines for data protection breaches being £17.5 million or 4% of global turnover. 

Whilst most of the headline news around GDPR/PECR breaches and fines relates, to website hacking behind the scenes analysis of the actions and fines issued by the Information Commissioners Office (ICO) shows that most breaches are down to human error.   That is to say poor understanding, a lack of adherence, bad judgments and naivety remain common place drivers behind the penalties imposed by the ICO.

The huge number of data protection breaches that occur each year coupled to the follow-on consequences, in terms of time, cost and adverse publicity mean that high quality annual data protection training, especially for data protection officers and management, is essential.

What does Concrew Training Offer in terms of Data Protection Training?

Concrew Training has been delivering data protection training since 2014.  We offer one-day courses that cover each of the above aspects of legislation and good practice.  These can be delivered online or at your premises.  We can tailor content to the needs of Data Protection Officers, Directors, Senior Leaders, Line Managers and Staff.   We can combine individual one-day modules to create more comprehensive training courses or condense to key issues, such as breach prevention for staff.

What Free Data Protection Resources does Concrew Training Provide?

All our courses are supported by reference documents and toolkits.  These are copyright protected and not in the public domain, we also provide a small range of publicly available  “free guides” – see our website to download PDF versions

• GDPR – necessary, fair and transparent explained
• Data Protection Complaints Policy Template
• How often should GDPR training be done

Summary

Our high quality GDPR training helps management and staff understand the danger points and how they, individually and as teams, can help prevent breaches and the time and reputational damage that follows. Breaches need to be investigated, those at risk notified and, in many cases, reported to the ICO. As a minimum, organisations can expect to be instructed to strengthen procedures and train staff so it makes sense to act proactively and train staff in data protection before the breaches occur.