Custodia Continuity
data protection training session

Data Protection Training

Staff who understand their data protection responsibilities are worth more than any policy document.

A policy document sits in a shared drive. A member of staff who understands why data protection matters makes the right call in the moment, without needing to look anything up.

The gap between having policies and having a data-aware organisation is almost always a training gap. Staff who have never understood what a lawful basis actually means will make decisions based on common sense, which is not always the same thing as law. An unintentional disclosure, a mishandled subject access request, a delay in reporting a breach: these are the situations that generate Information Commissioner’s Office complaints, not deliberate wrongdoing.

We deliver training on data protection and security that is direct, practical and specific to your sector. Not a run-through of the legislation, but a focused session on the situations your staff actually encounter.

What We Cover

Staff handle personal data in predictable ways. They collect it on forms, store it in spreadsheets, share it by email, respond to requests and occasionally realise they have made a mistake. Our training is built around those situations, not around legislative theory.

  • Lawful basis in practice: what the six bases are, which one applies to what you do, and why “we need it” is not an answer
  • Individual rights: what a subject access request is, how long you have to respond, what exemptions exist and how to apply them correctly
  • Data minimisation: what you actually need to collect, what you definitely do not, and how to review existing data collection practices
  • Sharing personal data: when it is appropriate, what a data processing agreement is for, and what to do when you are not sure
  • Breach recognition and reporting: what counts as a reportable breach, what the internal process should look like, and why the 72-hour clock matters
  • Consent: what it actually means, how it must be obtained, and common examples of what does not count

Content is adapted for your sector and your data. A domestic abuse charity handles personal data very differently from a payroll bureau. Generic training leaves the gaps that matter most unfilled.

Format and Approach

Our standard data protection masterclass runs for 30 minutes and covers the practical ground that most staff need without overstaying its welcome. It is focused enough that people stay engaged and specific enough that they leave with things they can actually use.

For organisations that need more depth, we deliver half-day sessions covering UK GDPR, the rights of individuals, records of processing, and breach management in full. These are suited to staff who handle significant volumes of personal data or who take a lead role in data protection within their team.

Sessions are available online and in person. Online sessions are properly interactive with an open chat throughout, not a recording with a quiz attached. In-person sessions include small-group scenario work where participants work through real situations and reach their own conclusions, which is considerably more effective than being told the answer.

“Jae delivered a short online training session on Data Protection and GDPR which the attendees found a really beneficial recap of the complex topic. The facilitation was engaging and all information shared was very clear.”

Head of Human Resources and Training *

* We don’t reveal our clients’ names to cash in on our relationships, but many of our clients would be happy to have a call to talk through their experiences of working with us. Just ask and we’ll find someone in your sector.

Access to our standard data protection masterclass is included as part of the Custodia compliance service. Bespoke sessions and half-day programmes are available separately. For broader security awareness training covering phishing, ransomware and social engineering, see our security training programme.

Data Protection Officer (DPO) Awareness Training

Organisations that name a member of staff as their data protection officer often provide very little support for the role. The person gets the title but not the knowledge, and a subject access request arrives before anyone has worked out what to do with it.

Our DPO awareness programme is a four-hour session covering UK GDPR in sufficient depth to give a nominated officer a working understanding of their responsibilities: what records they need to maintain, how to handle subject access requests and breaches, when to escalate to the Information Commissioner’s Office, and what a programme of ongoing compliance looks like in practice.

This is not legal training. A DPO awareness session produces a member of staff who can manage day-to-day data protection effectively and knows when to ask for help. It does not produce a data protection solicitor, and it should not be confused with one.

For organisations that need ongoing external data protection officer support alongside their nominated officer, see our DPO support service.

Data Protection Training with Custodia

  • 30-minute data protection masterclass included in the compliance service
  • Half-day sessions covering UK GDPR, individual rights and breach management
  • DPO awareness programme for nominated officers
  • Sector-specific content tailored to your organisation
  • Online and in-person formats
  • Scenario-based exercises for in-person sessions

Find out how we can help your organisation

Get in touch with us today.

Book a Call

Or call us on

01629 369 250

Email us at

[email protected]