GDPR eLearning

A fully editable GDPR eLearning course delivered through the WorkWize LMS or as a SCORM compliant course.


  • The course is SCORM compliant
  • The course is fully editable
  • Track course completions in your own LMS
  • Accessible from PC, Laptop or mobile devices


  • SCORM compliant
  • Fully editable - make the course relevant to your workforce


£1.00 per person per year

  • Free trial available

Service documents

G-Cloud 10



Julian Roberts

01244 911677

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints Planned maintenance is quarterly and is carried out outside working hours
System requirements Browser and internet connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We aim to respond same business day, or next business day at the latest. Support issues raised over a weekend will be answered next business day.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Users can type questions which are answered by one of our Support staff in real time.
Web chat accessibility testing None
Onsite support No
Support levels Support is included in our subscription pricing and all clients receive the same level of support. All clients have a dedicated Business Development Manager and Support person.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide online training sessions to on board clients. We run the training over a series of sessions to ensure the user has time to absorb the training and pull together any questions ready for the next training session. We also provide comprehensive user documentation and online support videos.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The users can either run reports and export the data from there, or we provide an account shut down service to extract all data and provide it to the client.
End-of-contract process At the end of the contract the client is able to extract their data and the account is closed. Data is then removed from our servers.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None, the software is optimised for use on mobile or desktop.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Our system works with screen readers such as Read Aloud.
What users can and can't do using the API The course is SCORM compliant and so can be launched from any Learning Management System or using our WorkWize LMS. We also have an API to transfer completions from our LMS to another piece of software, for example a HR system.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation The course is fully editable. The buyer can use the WorkWize LMS to edit the course content. If the buyer is using their own LMS, WorkWize LMS then creates a new SCORM file for upload to the buyers own LMS. All changes are fully version controlled and previous versions of courses are archived for future reference.


Independence of resources We regularly review our network usage statistics of our production environment to make sure bandwidth and traffic allowances are provided to guarantee network capacity. We employ server monitoring software to notify us of any issues.


Service usage metrics Yes
Metrics types If using the WorkWize LMS, reports are available within the system to review usage in real time. Usage of the system is training completions by end users.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach If using the WorkWize LMS, customers can download various reports in CSV format from within the WorkWize LMS. User and course completion data can also be accessed through our REST API.
Data export formats
  • CSV
  • Other
Other data export formats JSON
Data import formats
  • CSV
  • Other
Other data import formats JSON

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability 99.99% assured by contractual commitment
Approach to resilience Our core production infrastructure is managed by Rackspace. The Rackspace Data Centre is ISAE 3402 Type II SOC 1 Audited. Further details are available on request.
Outage reporting We use third-party software to monitor the health of our servers and to notify us of any disruption in service. In addition, we have deployed various e-mail alerts to notify engineers if any critical WorkWize services fail. WorkWize also provides extensive logging of all user activity within the system.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication We also support SAML-enabled SSO types including Shibboleth, ADFS, AAD and PingIdentity. In addition we also provide LDAP SSO integration.
Access restrictions in management interfaces and support channels Access is restricted by IP address as well as username/password.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Government Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Our Information Security (IS) standards and procedures are based on the ISO 27000-series.
Information security policies and processes Our security policies have been developed in-house and are based on the ISO 27000-series. The IS policies and standards are reviewed continuously and updated, with COO approval, as required. There is a formal review and approval by the COO at least annually.

Staff must acknowledge the Information Security policy before being granted access to systems.

Employees also undertake comprehensive workplace, IT and HR training courses - compliance is monitored on an on-going basis.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We employ appropriate software version control systems which ensure that every change to our system is fully recorded and documented. Furthermore every change or feature request is documented in our project management software so it can be traced.

We always carefully assess any impact of operating platforms on our products.

As per our managed services contract with Rackspace patching and security updates to our core infrastructure are managed by Rackspace with exclusions where applicable.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We regularly undertake penetration tests using industry standard tools e.g. Qualys. We have also engaged an independent third-party (Espion) to conduct more comprehensive penetration tests and security assessments. We perform an annual penetration test using Espion and act on their recommendations.

Security patches etc. relating to our core infrastructure is managed by Rackspace who react immediately to any vulnerabilities as per our managed services agreement.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We continuously monitor system logs and receive alerts should any issues arise. All significant changes to customer data is logged including the identity of whoever made the change. These logs are stored remotely with access restricted to authorised staff.

All suspected incidents are reported to the COO.

Training on managing security incidents is included in staff security training.
Incident management type Supplier-defined controls
Incident management approach Incident management is the responsibility of our COO who nominates relevant employees with IS duties. All suspected incidents are reported to the COO and the COO is responsible for further action taken, including external reporting to clients and appropriate authorities, when incidents are confirmed.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1.00 per person per year
Discount for educational organisations No
Free trial available Yes
Description of free trial EssentialSkillz offer a test file to ensure compatibility with the buyers LMS. EssentialSkillz also offer free access to the course for review purposes.


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑