Data Security and Protection eLearning: Guide for managers and trainers

All staff working in adult social care should understand their data protection responsibilities. You can use this elearning course to improve and assess your staff’s understanding. The course has been specifically designed to meet the Data Security and Protection Toolkit (DSPT) training requirements every year and it also contributes towards staff’s continuing professional development (CPD).

It is open access and free to use. Managers, trainers and training leads should read this short guide before using the course or sharing it with colleagues. You may want to complete the course yourself.

You can also join our webinar on using the elearning resources – 12 December 2023.

The elearning course introduces why data security and protection is important and shows staff what they should do to keep data safe. There are four modules, each one takes between 10-20 minutes to complete. Your staff can work their way through all or just some of the modules. Click on the module titles for a summary of content, learning outcomes and approximate time to complete each one.

  • Read this guide before you share the elearning course with staff.
  • Encourage all your staff to complete this elearning course. That includes senior managers and admin staff as well as frontline care workers. They all have access to either clients’ or colleagues’ data.
  • Add this elearning course to your induction training. It will help to ensure that all staff have a shared understanding of data protection issues.
  • Schedule in an annual refresher course. You need to complete the DSPT at least once a year – that includes ensuring staff have been trained in the last 12 months.
  • If you have an LMS, add this course to it. Contact us to request a SCORM compliant version.
  • Add a link to this resource in your staff bulletin, noticeboard or shared documents system. See Information for your staff for suggested copy.
  • Record successful completion of this course against staff members’ training records. Ask your staff to send you a copy of their certificate, which will include the date they successfully completed their assessment.
  • Ensure training records are up to date by the time you submit your annual DSPT. 95% of your staff should have passed this elearning course, or similar, in the 12 months prior to your DSPT submission.


Module 1 Data protection rights and responsibilities: content and learning outcomes

15 minutes to complete sections on:

  • My responsibilities
  • People’s rights
Learning outcomes

By the end of this module, staff should:

  • Understand the importance of data security and protection in adult social care.
  • Understand how to keep information about an individual’s care and support safe and treat it as confidential.
  • Understand they are personally responsible for handling data safely and recording accurate and complete information.
  • Understand the rights that individuals have with regards to their personal data.
  • Know when and how to tell the people they support what their organisation is doing with their personal data.
  • Be able to respond appropriately to data subject rights requests.

Module 1: Rights and responsibilities –

Module 2 Keeping data secure: content and learning outcomes

15 minutes to complete sections on:

  • Sharing confidential data
  • Recording and disposing of data
Learning outcomes

By the end of this module, staff should:

  • Know how to keep information about an individual’s care and support safe and treat it as confidential.
  • Understand the need to share information with people who need to know it.
  • Be able to take simple precautions when they share data.
  • Be aware that care and support records must be accurate, up to date and clear enough to read.
  • Understand that they should always save records in the right place so that they are easy to find.
  • Know how to dispose of old paper records securely.

Module 2: Keeping data secure – 

Module 3 Threats to data security: content and learning outcomes

20 minutes to complete sections on:

  • Fraud and scams
  • Safe use of digital devices
  • Safe keeping of paper records
Learning outcomes

By the end of this module, staff should:

  • Understand the range of ways in which they could be scammed or ‘socially engineered’ relating to work.
  • Know what to avoid, what to look out for and what to do if they suspect something.
  • Understand the range of digital devices that might be used at work.
  • Know how to apply basic good practice when using digital devices, including: good password practice; locking devices; and keeping devices up to date.
  • Be aware of threats to data security relating to confidential paper records.
  • Know how to apply basic good practice when using paper-based records.

Module 3: Threats to data security – 

Module 4 Data breaches: content and learning outcomes


10 minutes to complete

  • What is a data breach?
  • Data confidentiality
  • Availability of data
  • Data integrity
  • Receiving data in error
Learning outcomes

By the end of this module, staff should:

  • Be able to identify the range of, and types of, data breaches or near misses that might occur.
  • Know what to do if a data breach happens.

Module 4: Data breaches –

Assessment and Certificate

There is one single assessment covering issues raised in all four modules. There are 20 questions in total. Students must get at least 80 per cent of them right in order to pass and receive a certificate. When someone answers at least 80% of the questions correctly, they will be prompted to add their Name and Date of assessment. This will produce a certificate as a PDF which they can download, save and send to their manager or training lead as appropriate. If they do not get 80% they will be advised to either retake the assessment or review the modules.


Students can complete the assessment without viewing all the modules – but we really recommend that everyone completes the modules.


Assessment –

Access to the course

Learning Management Systems - SCORM compliant

The modules are completely open access. You do not need to register or log in to use them and they do not sit within a Learning Management System.

If you have your own Learning Management System and want to download the resources into your own LMS, you can do that. Please contact us and we will give you access to a SCORM compliant version of the modules and assessment. Trainees who successfully complete the assessment via your LMS will receive a certificate. Contact us.

Meet DSPT training requirements

The course has been commissioned by the Better Security, Better Care programme to help care providers to meet the annual training requirements of the Data Security and Protection Toolkit (DSPT).

The DSPT requires at least 95% of care staff to have completed data protection training within the last 12 months, and to have achieved at least 80% in an assessment. This elearning course enables care workers to complete that training every year, and to provide you, as their employer, with a certificate confirming that they have reached the 80% pass mark. You can then collate that information as evidence for your DSPT assessment. You can also use it as evidence with the Care Quality Commission.

Format of the modules

The modules contain:

  • Short animation and films reflecting everyday issues that care staff face – including frontline care workers and administrative staff.
  • Interactive content to help staff work through the information in bite-sized pieces.
  • Multiple choice questions to embed learning. When people complete a question, they are told which ones they got right or wrong – and why. These questions are separate from the formal assessment.
  • Summaries of key learning points at the end of each module.

Technical issues

Most people will use the elearning course directly on our website, without the need to login or register.

You should tell staff that if they close the web page, switch off the device or log out of it, they will lose their place on the module or assessment and they will need to start again.

Shared devices

If staff are using a shared device – such as a computer in the office – you need to ensure that they are completing their own version of the modules and assessment.

You should tell staff to:

  • read the user guide on how to complete the course
  • complete at least one module in one session
  • complete the assessment, and save and send their certificate in one session
  • always close the web pages when they have completed the modules or assessment if they are working on a shared device.


Information for your staff

We have provided some copy about the course which you can adapt and send to your staff, or add to your intranet or shared documents systems.

Visit Information for staff

Related training and standards

This elearning course reinforces the requirements within the Data Security Standards and the Care Certificate.

Skills for Care were on the working group which developed this elearning resource. We are continuing to work with them on the next version of the Care Certificate.

We also have a useful discussion tool for managers to use with their staff on data protection.


Copyright and commercial usage

The elearning resources are available free of charge and are published by the Digital Care Hub under an under the Attribution-NonCommercial 4.0 International licence. This means that you cannot sell access to these courses. If you are a commercial training organisation, you can still use the resources, but you must acknowledge Digital Care Hub as the owners, and you cannot charge for the part of your training course which involves the use of these resources.

How the course was developed

This elearning course was commissioned by the Better Security, Better Care programme, developed by the Institute of Public Care at Oxford Brookes and produced by Fire Ant Creative. A working group of care managers, staff, training and IG leads were involved in its development and testing.