Awdurdod annibynnol y Deyrnas Unedig a sefydlwyd i gynnal hawliau gwybodaeth er budd y cyhoedd, annog cyrff cyhoeddus i fod yn agored a hybu preifatrwydd data i unigolion.

Everyone in your business is responsible for complying with information rights laws. We’re here to help.

We’ve taken the information governance and legislation training modules we provide to ICO staff as part of their internal training and made them available for you to reuse. This is a good place for your business to start.

You can select the modules that fit the needs of your business and add them to your existing training materials. You can also amend the modules to suit your business if you need to.

Please note: there may be some terminology which needs updating in some of these modules, which we will update over time. However you should still find the content useful in training your staff in the key points of the relevant legislation. To make sure you're accessing the latest content, use the resources on our website rather than downloading them.

UK General Data Protection Regulation (UK GDPR)

What is personal data?

The first two modules look at the different data protection terms and what they mean. They provide a basic understanding of data protection and help you assess the types of data your business uses.

Module 1: What is personal data?

Module 2: Definitions

Handling more sensitive personal data

These two modules take an in-depth look at special category and criminal offence data, and the measures you need to have in place if your business processes this type of information.

Module 4: Special category data

Module 5: Criminal offence data

Data protection principles

These three modules look at the principles which underpin the UK’s data protection laws. Understanding the principles will help you take the right steps to make sure you’re handling people’s data correctly.

Module 3: Principles (Part 1) – Lawful processing

Module 6: Principles (Part 2) – Purpose limitation, data minimisation, accuracy and storage limitation

Module 7: Principles (Part 3) – Security, accountability and governance

People’s rights and exemptions

People have rights when it comes to how their personal data is used. In this section we look at those rights, and what your business needs to do to make sure you uphold them.

Module 8: Rights of individual (Part 1)

Module 9: Rights of individual (Part 2)

Not all rights are absolute. In these modules, we explain the circumstances when individual rights might not apply. We also explain when you can do something you wouldn’t normally be able to do.

Module 10: Exemptions (Part 1)

Module 11: Exemptions (Part 2)

Role and powers of the Information Commissioner

This explains the role of the Information Commissioner, and the responsibilities and powers held by their office. It will be useful if you want to know more about what the ICO does.

Module 13: Role and powers of the Commissioner

Data Protection Act 2018 – Parts 3 and 4

These two modules are relevant for controllers and processors who process personal data in connection with law enforcement or the intelligence services. They explain the purposes for using personal data in this way and when people’s rights relating to their data may be restricted.

Module 12(a): Data Protection Act 2018 (Part 3)

Module 12 (b): Data Protection Act 2018 (Part 4)

Privacy and Electronic Communications Regulations (PECR)

This module provides information about what to do if you want to reach your customers through electronic marketing. We also look at the use of cookies, and how to let people know what you’re doing with the information you collect.

Module 14: Privacy and Electronic Communications Regulations (PECR)

Freedom of Information Act (FOIA) and Environmental Information Regulations (EIR)

Public authorities, or businesses who work on behalf of a public authority, may find our introduction to the FOIA and EIR useful.

Introduction to FOI/EIR

Module 1: Overview of FOIA and EIR

Module 2: Requests under FOIA and EIR

Module 3: Responsibilities of the ICO under FOIA and EIR

Information governance annual refresher

ICO staff have annual information governance training to keep our knowledge up to date and make sure we all know what to do to handle personal data correctly. This is good practice for all businesses and the below materials may help you with this. 


Latest updates

15 July 2022 - all training materials added to the website