How often should I train my staff in data protection?

31st March 2021

There are two types of training to consider – the initial training and refresher training.

Of course, it is essential that a person new to the role is given robust training initially by a suitably experienced and qualified individual. However, many organisations overlook the crucial requirement to provide individuals with regular, refresher training.

The Information Commissioner’s Office (The ICO – The UK’s Data Protection Authority) spells it out very clearly – staff must be trained regularly:-

Excerpt from the ICO Guide to the GDPR

What about our staff?

The GDPR requires you to ensure that anyone acting under your authority with access to personal data does not process that data unless you have instructed them to do so. It is therefore vital that your staff understand the importance of protecting personal data, are familiar with your security policy and put its procedures into practice.

You should provide appropriate initial and refresher training . . .  Your staff training will only be effective if the individuals delivering it are themselves reliable and knowledgeable.

How can I ensure my staff are kept refreshed?

We recommend that each member of your team with access to personal data do some refresher training at least once per year.  This is, we feel, the minimum that should be done.

Annual options

We have created a GDPR Awareness workshop which is half a day and priced at just £50, and covers all of the basics.  This offers you some protection against the most fundamental data protection risks, as well as ticking the due diligence box for keeping your team refreshed.   This course is taught live and can be delivered remotely via Zoom, or once circumstances allow, it can be delivered to groups in person (maximum of 15 learners as it is an interactive, fun course).

Alternatively, you may wish to refresh your staff more regularly by using some online resources.  Our e-learning platform provides an online Data Protection Refresher Training course.  These courses are very cost-effective, starting at just £10 per user.  This is a quick and snappy course that takes about an hour to complete and can be done at the learners’ own convenience and pace.


We suggest monthly top-ups.  For this, we have created a series of free resources for you, entitled ‘Compliance Elementals’.  This is a growing library of easy-to-digest videos that learners can watch over a cup of coffee.  These videos help keep their data protection knowledge ‘topped-up’ and help your organisation remain compliant.   This resource grows every month, so keep popping back.

At the moment, you can select from these videos.

These are all free resources; please help yourself to as many as you like and share with your colleagues.

Of course, another option as part of your refresher training strategy could be to utilise the ICO’s website, which contains a myriad of information.

If you are unsure of the best training strategy or resources for your organisation please give us a call on 01673 885533.  There is no obligation, and I am sure I can help or point you in the right direction.  We are, as the ICO recommends, both reliable and knowledgeable!

Let us ease your mind

If you have any queries, questions or requests then please get in touch. We’re always very happy to talk, you’ll find a friendly voice on the end of the line or simply fill out the form below.

    Your Contact Details

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.