We have updated this course to include expert-led videos, with a specific focus on the legal responsibilities surrounding sexual harassment in the workplace.

The course covers what qualifies as an AI system, understanding your role as provider or deployer, the four-tier risk-based approach (prohibited, high-risk, limited risk, minimal risk), conformity assessment requirements, and compliance timelines. Learners explore real compliance decisions including deployer verification of vendor documentation, effective human oversight implementation, and common mistakes like misclassifying systems or retrofitting compliance. The Act applies extraterritorially—if AI systems affect people in the EU, compliance is required regardless of company location.

This course explores the relationship between artificial intelligence and environmental sustainability, equipping UK professionals with the knowledge to make informed decisions about AI use in their organisations. Participants will examine AI's carbon footprint, understand emerging sustainability reporting requirements, and learn practical approaches for promoting environmentally responsible AI deployment. The course balances technical understanding with ethical considerations, emphasising that every professional—regardless of role or seniority—can contribute to sustainable AI practices.

This course provides you with a comprehensive understanding of the UK regulatory landscape for AI and data protection, the ethical considerations that go beyond legal compliance, and your personal responsibilities when using AI tools. Whether you're using AI for customer interactions, risk assessment, or operational processes, you'll learn how to navigate the complex intersection of innovation and regulation whilst safeguarding the interests of your customers and your organisation.

The course covers strategic supervisory authority engagement (proactive consultation, investigation response, cross-border cooperation), comprehensive Records of Processing Activities as the primary accountability tool, Privacy by Design implementation approaches, and strategic lawful basis selection. Learners explore industrial-scale data subject rights management with automated intake and risk-based authentication, complex rights scenarios balancing individual rights against legal obligations (erasure vs AML retention, portability in financial services), automated decision-making compliance requiring algorithmic transparency or human oversight, and breach response integrating crisis management with stakeholder relationship protection.

The course covers children's enhanced protection (age 13 for digital consent, separate consent for promotional photography, best interests as primary consideration), personal data types from standard to special category (SEND information, medical conditions, safeguarding records), and legal bases with state schools relying on public task while independent schools use legitimate interests. Learners explore data retention schedules (pupil files 25 years from birth, SEND records until age 30, safeguarding records until age 25) requiring secure disposal, individual rights management with 30-day response timelines, and data sharing decisions balancing statutory obligations with protection. Interactive content includes comparison tools for state vs independent schools, hotspot data sharing scenarios, and breach response timelines.

The course covers personal data types in financial services, lawful bases selection (contract for account opening, legal obligation for AML checks, consent or legitimate interests for marketing), Data Protection Officer requirements for large-scale systematic monitoring, and international data transfers requiring Standard Contractual Clauses for countries without adequacy decisions. Learners explore the eight GDPR rights including Right of Access (30-day timeline), Right to Rectification, and Right to Erasure balanced against AML 5-year retention requirements. Interactive content includes comparison tools showing GDPR's transformation, carousel scenarios, and breach response timelines requiring regulatory notification within 72 hours.

The currently active course has been updated to include the new modules and removed the older ones. To see the changes, you will need to reset users either manually or via registration rules.

If you are already on the older course, once you have completed it, the next launch will show the updated version.

If you are already on the older course, once you have completed it and are reset, you will see the newest version.