Understanding Data Protection Law

Short Course
Duration: 1 day   /   Level: General   /   Suitable for in-house

Get everything you need to ensure you're prepared for GDPR and get up-to-speed with the key data protection issues facing HR.



Dates and Availability

Add to Wishlist
Start Date Location Availability Non-members Members Delegates  
01 October 2019
Duration: 1 day
London Spaces available
£490.00 + VAT Book places now

Booking information and ways to pay

  1. If you are making your booking online at checkout you can either pay online using a credit/debit card, cheque or BACS transfer, or you can request to pay by invoice. The invoice option is only available for bookings where a UK company name and address has been provided at checkout.
  2. If you need to book more than four places on one date, please contact us on +44 (0) 20 8612 6202 or email us
  3. If you prefer to complete a paper booking form, you can download and print it here (PDF 128KB)
  4. If you’re working for a charity, you can get 20% off CIPD Training short courses booked between 1 April and 31 July 2019. This offer can be redeemed by supplying charity number and address if booking by email or telephone. Please note, the offer cannot be redeemed through booking your short course online. T&Cs apply.
expand all

The General Data Protection Regulation (GDPR) became EU law in May 2017 and came into effect in the UK on 25 May 2018. While the scope of GDPR is similar to the Data Protection Act 1998, the requirements and penalties are considerably greater. The CIPD Understanding Data Protection Law course addresses the principles and conditions of collecting, processing and retaining personal data, with reference to GDPR requirements, providing delegates with the direction they need to comply with GDPR. The course is updated monthly, to include any further guidance provided by the Information Commissioner's Office before then.

Run as it features here, or run in-house where the content can be tailored to suit your organisational needs; cost effective if a number of people require training.  Call our in-house training team to discuss your particular requirements on +44 (0)20 8612 6202.

If you prefer to learn online, you may also be interested in the GDPR for the HR Professional: MeLearning online course created in association with MeLearning. That comprehensive online course will equip you with a working knowledge of the new data protection regime and ensure your HR team is compliant. Find out more >

Course Tutors

Mr James Bryan

James Bryan has spent over 25 years working in learning, human resources and organisational development including time as a director in the NHS; on a Borough senior management team in the Metropolitan Police and leading education for the RNLI at the Lifeboat College. He currently shares his time between heading up the organisational development department at City, University of London, managing a consulting and training business and leading a community interest organisation providing leadership development to young people and adults in uniformed youth organisations.


James has qualifications in occupational psychometric testing, organisational development and workplace mediation and is a Chartered Fellow of the Institute. His research interests include leadership and followership in voluntary organisations and gender equality. James has received a Herbert Lott Naval Trust award for his contribution to training in the Royal Navy and became a Freeman of the City of London in 2014.

Who is it for
HR practitioners responsible for employment law issues within their organisation. No prior knowledge of data protection law is required.

By the end of the Understanding Data Protection Law course, you'll be able to:


  • understand the key provisions of data protection legislation and how to apply it to your organisation
  • ensure the confidentiality of employee personal data throughout the employment relationship
  • advise on the key principles applying to the collection, access and use of personal data
  • apply these principles to policies and procedures in particular areas such as management of sickness records and monitoring of email and Internet usage
  • understand the implications of non-compliance.



Data Protection Overview

  • The Data Protection Act 1998
  • What is personal data?
  • The difference between sensitive and non-sensitive data
  • Who is responsible for applying the Data Protection Act?
  • The main principles of the Data Protection Act
  • Collecting personal information – fair collection notices, rights and obligations
  • Freedom of Information Act 2000

Data Protection Codes of Practice

  • Understanding and applying the codes
  • Employees health
  • Drug and alcohol testing at work

Beginning and During Employment

  • Recruitment and selection
  • Including advertising, applications, shortlisting, selection testing, references, medical records, vetting, verification, validation, access to interview notes, retention of records
  • Collection and storage of information
  • Equal opportunities monitoring
  • Pensions and insurance schemes
  • Disclosure policy

Monitoring and Surveillance

  • Link to human rights issues
  • Regulation of Investigatory Powers legislation and privacy
  • Changes to improve the protection of workers’ personal data
  • Monitoring communications – telephone, internet and email policies

Social Media

  • Networking, tweeting, blogging, Facebook
GDPR (EU legislation effective May 2018)
  • Requirements
  • Personal data
  • Employee rights

Programme is subject to change pending new developments.

Run this programme in-house

Got a question?

Speak to one of our highly knowledgeable course advisers on ​ +44 (0)20 8612 6202​ .



People who have been on this course say