Handle personal data lawfully in everyday work — recognising what counts as personal data, applying lawful basis and data minimisation, honouring subject-access and erasure rights, and reporting a breach inside the 72-hour clock.
A scenario-driven privacy course that turns GDPR from a policy PDF into daily habits, built on the 2026 four-phase model. It is the fourth course in the Cybersecurity Awareness Track and builds on Deepfake & Vishing Defence, extending the verify-and-escalate reflex from impersonation attacks to the personal data you touch every day. In Engage you meet a real-world over-sharing breach and rate your own data-handling confidence; in Share you learn what counts as personal data, the lawful-basis and minimisation rules, and subject rights; in Practice you triage an over-broad export, a misdirected email, a Subject Access Request and a suspected breach with feedback at every step; in Perform you prove the report-it reflex on a written case, pass a knowledge gate, and log a real breach-notification drill.
Meet an everyday data slip that became a regulator-reported breach, and surface where your own data-handling habits leak.
Learn what personal data actually is, the lawful-basis and minimisation rules, and the rights people can exercise over their data.
Apply the rules with feedback — challenge an over-broad export, handle a misdirected email, recognise a SAR, and sequence a breach response.
Prove the reflex — a written case on calibrated handling, a GDPR knowledge gate, and a logged breach-notification drill.
Book a demo and we'll run "GDPR Everyday: Handling Personal Data" end to end on your people — the AI asks, your people think — or point the Forge at your own material instead (a pre-pilot capability preview).