UK GDPR & Data Protection - A Box Set of 6 Essential Modules

Introduction

Following Brexit, the UK has adapted the General Data Protection Regulation, developed its own rules on international data transfers, implemented internet safety laws and produced guidance on risk assessments for data protection, AI and protection of children online.

The Data (Use & Access) Act 2025 adds amendments to the UK GDPR.

This boxset includes 6 x 30-minute modules and aims to provide an introduction and summary of the current UK Data Protection regime.

What You Will Learn

This webinar series will cover the following:

Module 1: Introduction to the UK GDPR, Data Protection Act 2018 and Data (Use & Access) Act 2025 (‘the UK DP Law’)

This module will examine key aspects of the UK DP Law and will include:

• Definitions
• Applicability
• Principles
• Grounds for processing
• Data subject rights
• Enforcements and fines

Module 2: Data Protection Principles & Grounds for Processing

This module will cover:

• Fair and lawful processing and transparency
• Accountability
• Data subject rights
• Data security
• The six lawful grounds for processing

Module 3: Data Subject Rights

Under the UK DP Law individuals have a range of rights from information and access to portability and erasure and to rectification and objection and compensation. There are strict timelines in which to respond to data subject requests and a limited but important number of exemptions.

This module will look at the six grounds for processing and highlight:

• Right to information
• Right of access
• Right of erasure and portability
• Right to object
• Right to complain
• Use of exemptions

Module 4: Managing Data Incidents & Investigations

It is not a matter of if but when a data breach will happen. Not all data incidents are reportable data breaches, but they are all an issue to be planned for. Data incidents may be the result of internal or external actions or inactions. Preparing for and responding to data incidents are as important as preventing them.

This module will cover:

• Examples of internal and external threats
• How to minimise risks
• Internal and external due-diligence
• Reporting an incident
• The cost of non-compliance

Module 5: International Data Transfers

The UK DP Law restricts transfers of personal data from the UK to countries that do not adequately protect the rights of individuals. Apart from consent, contractual necessity and other limited exceptions, transfers have to be controlled by approved solutions including the UK International Data Transfer Agreement (IDTA), Binding Corporate Rules (BCR), Standard Contractual Clauses (SCC) or the UK-US Data Bridge.

This module will cover:

• UK-US Data Bridge
• IDTA
• SCC
• BCR
• Codes of Conduct
• Seals and certifications

Module 6: Data Protection Impact Assessments & Data Protection by Default

Data Protection Impact Assessments (DPIA) and Data Protection by Default are key requirements of the UK DP Law. Other risk assessments are essential for use of AI, for compliance with the Online Safety Act and when processing children’s personal data.

This module will advise on how to adhere to data protection by default and how and when to use a DPIA and other risk assessments and will cover:

• Implementing Data Protection by Design and Default
• What is a DPIA
• When to use a DPIA
• AI Assessments
• Online Safety Assessments
• Other risk assessments

This pre-recorded webinar will be available to view from Wednesday 20th May 2026

Alternatively, you can gain access to this webinar and 1,900+ others via the MBL Webinar Subscription. Please email webinarsubscription@mblseminars.com for more details.