GDPR & Info Sec 2025-2026
START
Agenda
Section 1: GDPR
- What is GDPR
- Why GDPR Matters
Section 2: Personal Data
- Personal vs. Sensitive Data
Section 3: Information Security
- What is Info Sec?
- Common Info Sec Risks
Section 4: Regulations
- Password Protection
- Data Breach Examples
- What are Data Subjects?
Section 5: Updates
- What is GDPR
- Why GDPR Matters
Section 6: TCH Policies
- Personal vs. Sensitive Data
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
What is GDPR?
The General Data Protection (GDPR) is the law that governs how personal data must be handled in the UK. It gives people control over their personal information and sets clear rules for organisations on how data can be collected, used, stored, and shared. At TCH, GDPR is part of our everyday responsibilities. It shapes how we interact with customer information and ensures we protect their privacy at every step.
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Why GDPR Matters
By following GDPR policies, we:
- Protect the privacy and rights of our customers
- Reduce the risk of identity theft, fraud, or misuse of information
- Show our customers, partners, and regulators that we take data protection seriously
- Avoid penalties and reputational damage that can come from mishandling data
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Core GDPR Principles
At TCH, GDPR is more than a regulation - it's part of how we deliver a professional, trusted service. By applying GDPR principles in everything we do, we ensure:
- Our customers feel confident their data is safe with us
- Maintain compliance with the law and avoid costly fines
- We uphold the integrity of TCH as a trusted brand
We do all this by following the Core GDPR principles:
- Lawfulness, Fairness, and Transparency: Only use data in ways people would reasonably expect
- Purpose Limitations: Collect data for a clear purpose and only use it for that reason
- Data Minimisation: Collect only the information you genuinely need
- Accountability: Always be able to demonstrate compliance
- Accuracy: Keep data up-to-date and correct mistakes quickly
- Storage Limitations: Do not keep data for longer than what is necessary
- Integrity and Confidentiality: Protect data against loss, misuse, or unauthorised access
Next
Match the Core GDPR Principles to the Definitions
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Personal Data vs. Sensitive Data
Personal Data Personal data is information that can help identify a specific person. This shows up in many forms during calls:
- Customer name, address, phone number
- Email address and contact details
- Payment cards and bank account information
- Location details linked to a person
- Online identifiers such as login details
- Job title and company name
Sensitive Data Some types of data are considered sensitive and require stronger protection. These are known as special category data, such as:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade Union Memberships
- Genetic & biometric data used for I.D.
- Health Information
- Gender and sexual orientation
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
What is Info Sec?
Information Security (Info Sec) means protecting personal data so it cannot be lost, stolen, misused, or accessed by the wrong person. It covers both digital and physical security, from protecting our computer systems to safely handling paper records. Good security ensures that customer information stays safe, accurate, and confidential at all times.
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Common Info Sec Risks
Everyday actions can put information at risk if not handled properly. Examples include (but aren't limited to):
Click to Read Common Risks
Weak or reused passwords that can be easily guessed or hacked
Printing documents and leaving them unattended in shared spaces
Accidentally sending information to the wrong recipient
Title
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Phishing emails designed to trick you into sharing details
Subtitle
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Password Protection
By reusing passwords, you are risking all your accounts becoming compromised if one is. If you're a user on a site that gets compromised, that login information can be used to gain access to other sites. In 2012, LinkedIn was hacked, leading to 165 million user accounts and passwords being advertised on the dark web. Due to the reuse of passwords, several later cyber-attacks at other companies could be led back to this LinkedIn breach.
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Data Breach Examples
A data breach leads to the destruction, loss, alteration, or unauthorised disclosure of, or access to, personal data. Data breaches can be accidental or deliberate and every potential breach should be reported immediately. Breaches include, but aren't limited to:
- Discussing a customer's account with an unauthorised party
- A computer is lost or stolen and is logged into personal or business accounts
- Company databases are hacked into and the information is stolen and stored elsewhere
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
What are Data Subjects?
Under GDPR, every individual has rights over their personal data. Data subjects are any living individual whose personal data is being collected, stored, or processed. This includes:
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Lawful Basis for Using Data
We cannot use personal data unless we have a valid reason. GDPR sets out six lawful bases and one must always apply:
- Consent: the person must always give agreement
- Contract: the data is needed to deliver a service
- Legal Obligation: we must use the data to follow a law
- Vital Interests: the data is needed to protect someone's life
- Public task: the data is needed for public interest or official duties
- Legitimate Interest: the data is used for a genuine business need that does not override individual's rights
Data Subject Rights
All Data Subjects can:
- Request to see what data we hold about them
- Request corrections if their details are wrong
- Ask for their data to be deleted (in certain cases)
- Restrict or object to how their data is used
- Ask for their data to be transferred to another provider
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
GDPR Compliance at TCH
At TCH, this means:
- We use the data we collect fairly and transparently
- We keep it secure from risks or loss
- We ensure it's accurate and up-to-date
- We delete the data when it's no longer needed
Consequence of Non-Compliance:
- Personal data are misused, exposed, or stolen
- Investigations from the Information Commissioner's Office (ICO)
- Large financial penalties, up to £17.5 million or 4% gross annual turnover
- Serious reputational damage
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
The New Law
In June 2025, the UK introduced the Data Use and Access Act 2025 (DUAA). This act updates parts of the UK GDPR, the Data Protection Act 2018 (DPA), and the Policies on Electronic Communications (PECR). Not everything will change at once. The updates are being phased in between June 2025 and 2026.
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Recognised Personal Interests
Previously, when using Legitimate Interests as a legal basis, businesses have to have to balance their needs against an individual's right. The DUAA now created a set of Recognised Legitmate Interests where no balancing is required. This includes:
- Safeguarding children and vulnerable people
- Preventing or detecting crime
- Responding to emergencies
Data Subject Access Requests
Individuals still have the right to access a copy of their data. The DUAA changes how organisations must respond.
- Searches only need to be "reasonable and proportionate", not exhaustive
- If an exemption applies, we must tell the individual and explain their right to ask the ICO to review
- Organisations can still extend response times by up to two months, if requests are complex
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Cookies, Marketing, & Penalties
The rules on cookies and electronic communications are also updated.
- Low-risk cookies (such as improving service or appearance) may no longer need consent
- Penalities for breaches are now much tougher, reaching £17.5 million or 4% of global turnover
Automated Decision-Making (ADM)
For most everyday data, decisions can be made by systems without human review, as long as safeguards are in place. However, ADM on sensitive data still requires extra protection. It also introduces Article 8A - allowing certain further use of data without needing a new legal basis. For example in scientific research, archiving, or where new consent is obtained.
International Transfers
The DUAA is introducing new tests for data transfers outside the UK. The EU has temporarily extended the decision until Dcember 2025, so there is not official update for this as of yet.
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Impact of Updates
For this year, here are the reminders that matter the most:
#1
#2
#7
#6
#5
#3
#4
Our day-to-day practices are essentially staying the same, but we will continue to update you if anything changes that will affect your role.
Stick to approved scripts and do not collect unnecessary information
If you hear what could potentially be a data breach, report it immediately.
If a customer asks why you need their information, explain clearly and honestly.
Always confirm customer identity before sharing details
Title
7 Things to Remember:
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Be mindful of phishing and suspicious emails
Use secure systems only
Subtitle
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Data Protection at TCH
Following these policies:
- Means staying compliant
- Protects our customers and the business
- Makes sure everyone works in the same safe, consistent way
When collecting customer details, remember:
- Use only approved systems - like Greenlight. Do not write anything down or on personal notes or devices
- Follow call scripts when data is collected
- Save and update information immediately in the system, not later on memory
- Never share customer details outside TCH systems and our campaigns
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Info Sec at TCH
IT Security rules include:
- Lock your screen when you step away from your desk - even for only a second
- Keep passwords private and protected - do not write them down!
- Keep the sales floor paperless - if paper is used, bring them to the Back Office for shredding
- Report anything unusual (like suspicious emails) to the IT Helpdesk immediately
Remember:
- You are the first line of defence for customer data
- Every choice you make has an impact
- If in doubt, ask your manager or trainer before acting
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Clear Desk Policy
At TCH, we adhere to a Clear Desk Policy to help keep personal data secured. This includes:
- Locking computers when you get up at your desk
- Sales floors are paperless, but if you do write something down, bring it to the Back Offices for shredding
- Dispose of all waste and rubbish at the end of your shift
- Security updates should be ran at the end of every shift
- If you are using a white-board at your desk, make sure the information is wiped frequently
- Do not share with passwords or logins with anyone else - even your team leaders
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Fair Use Policy
This covers the use of security and the use of all TCH information and IT equipment. This includes:
- Internet
- Email
- Phones
- Mobile IT equipment (laptops_
Use of TCH internet and email is intended for business use only. Personal use can be permitted where such use doesn not affect the individual's professional performance, is not detrimental to TCHGroup in any way, does not breach terms of employment, and does not place the individual or TCHGroup in breach of statutory or other legal obligations. You are accountable for your own actions both online and offline.
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
GDPR Quiz
Read carefully.
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Thank You
Click the link below to move onto the form to marked this module as completed.
Open Form
GDPR & Info Sec 2025-2026
Nolyn
Created on September 18, 2025
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Corporate Decision Challenge
View
Movie Minigames
View
Corporate Strategic Challenge
View
Choose Your Team
View
Internal Company Culture Game
View
Products and Services Game
View
Dynamic Onboarding Game
Explore all templates
Transcript
GDPR & Info Sec 2025-2026
START
Agenda
Section 1: GDPR
- Core GDPR Principles
Section 2: Personal Data- Personal vs. Sensitive Data
Section 3: Information Security- What is Info Sec?
- Common Info Sec Risks
Section 4: RegulationsSection 5: Updates
- Core GDPR Principles
Section 6: TCH PoliciesNext
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
What is GDPR?
The General Data Protection (GDPR) is the law that governs how personal data must be handled in the UK. It gives people control over their personal information and sets clear rules for organisations on how data can be collected, used, stored, and shared. At TCH, GDPR is part of our everyday responsibilities. It shapes how we interact with customer information and ensures we protect their privacy at every step.
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Why GDPR Matters
By following GDPR policies, we:
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Core GDPR Principles
At TCH, GDPR is more than a regulation - it's part of how we deliver a professional, trusted service. By applying GDPR principles in everything we do, we ensure:
- Our customers feel confident their data is safe with us
- Maintain compliance with the law and avoid costly fines
- We uphold the integrity of TCH as a trusted brand
We do all this by following the Core GDPR principles:Next
Match the Core GDPR Principles to the Definitions
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Personal Data vs. Sensitive Data
Personal Data Personal data is information that can help identify a specific person. This shows up in many forms during calls:
Sensitive Data Some types of data are considered sensitive and require stronger protection. These are known as special category data, such as:
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
What is Info Sec?
Information Security (Info Sec) means protecting personal data so it cannot be lost, stolen, misused, or accessed by the wrong person. It covers both digital and physical security, from protecting our computer systems to safely handling paper records. Good security ensures that customer information stays safe, accurate, and confidential at all times.
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Common Info Sec Risks
Everyday actions can put information at risk if not handled properly. Examples include (but aren't limited to):
Click to Read Common Risks
Weak or reused passwords that can be easily guessed or hacked
Printing documents and leaving them unattended in shared spaces
Accidentally sending information to the wrong recipient
Title
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Phishing emails designed to trick you into sharing details
Subtitle
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Password Protection
By reusing passwords, you are risking all your accounts becoming compromised if one is. If you're a user on a site that gets compromised, that login information can be used to gain access to other sites. In 2012, LinkedIn was hacked, leading to 165 million user accounts and passwords being advertised on the dark web. Due to the reuse of passwords, several later cyber-attacks at other companies could be led back to this LinkedIn breach.
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Data Breach Examples
A data breach leads to the destruction, loss, alteration, or unauthorised disclosure of, or access to, personal data. Data breaches can be accidental or deliberate and every potential breach should be reported immediately. Breaches include, but aren't limited to:
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
What are Data Subjects?
Under GDPR, every individual has rights over their personal data. Data subjects are any living individual whose personal data is being collected, stored, or processed. This includes:
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Lawful Basis for Using Data
We cannot use personal data unless we have a valid reason. GDPR sets out six lawful bases and one must always apply:
Data Subject Rights
All Data Subjects can:
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
GDPR Compliance at TCH
At TCH, this means:
- We use the data we collect fairly and transparently
- We keep it secure from risks or loss
- We ensure it's accurate and up-to-date
- We delete the data when it's no longer needed
Consequence of Non-Compliance:Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
The New Law
In June 2025, the UK introduced the Data Use and Access Act 2025 (DUAA). This act updates parts of the UK GDPR, the Data Protection Act 2018 (DPA), and the Policies on Electronic Communications (PECR). Not everything will change at once. The updates are being phased in between June 2025 and 2026.
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Recognised Personal Interests
Previously, when using Legitimate Interests as a legal basis, businesses have to have to balance their needs against an individual's right. The DUAA now created a set of Recognised Legitmate Interests where no balancing is required. This includes:
Data Subject Access Requests
Individuals still have the right to access a copy of their data. The DUAA changes how organisations must respond.
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Cookies, Marketing, & Penalties
The rules on cookies and electronic communications are also updated.
Automated Decision-Making (ADM)
For most everyday data, decisions can be made by systems without human review, as long as safeguards are in place. However, ADM on sensitive data still requires extra protection. It also introduces Article 8A - allowing certain further use of data without needing a new legal basis. For example in scientific research, archiving, or where new consent is obtained.
International Transfers
The DUAA is introducing new tests for data transfers outside the UK. The EU has temporarily extended the decision until Dcember 2025, so there is not official update for this as of yet.
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Impact of Updates
For this year, here are the reminders that matter the most:
#1
#2
#7
#6
#5
#3
#4
Our day-to-day practices are essentially staying the same, but we will continue to update you if anything changes that will affect your role.
Stick to approved scripts and do not collect unnecessary information
If you hear what could potentially be a data breach, report it immediately.
If a customer asks why you need their information, explain clearly and honestly.
Always confirm customer identity before sharing details
Title
7 Things to Remember:
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Be mindful of phishing and suspicious emails
Use secure systems only
Subtitle
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Data Protection at TCH
Following these policies:
- Means staying compliant
- Protects our customers and the business
- Makes sure everyone works in the same safe, consistent way
When collecting customer details, remember:Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Info Sec at TCH
IT Security rules include:
- Lock your screen when you step away from your desk - even for only a second
- Keep passwords private and protected - do not write them down!
- Keep the sales floor paperless - if paper is used, bring them to the Back Office for shredding
- Report anything unusual (like suspicious emails) to the IT Helpdesk immediately
Remember:Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Clear Desk Policy
At TCH, we adhere to a Clear Desk Policy to help keep personal data secured. This includes:
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Fair Use Policy
This covers the use of security and the use of all TCH information and IT equipment. This includes:
- Internet
- Email
- Phones
- Mobile IT equipment (laptops_
Use of TCH internet and email is intended for business use only. Personal use can be permitted where such use doesn not affect the individual's professional performance, is not detrimental to TCHGroup in any way, does not breach terms of employment, and does not place the individual or TCHGroup in breach of statutory or other legal obligations. You are accountable for your own actions both online and offline.Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
GDPR Quiz
Read carefully.
Next
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
TCH Policies
Info Sec
Personal Data
Updates
Regulations
GDPR
Thank You
Click the link below to move onto the form to marked this module as completed.
Open Form