For training providers operating in Kildare, data protection isn’t just paperwork — it’s a legal requirement that protects both your customers and your business. From learner names, addresses, dates of birth, and pps numbers to qqi learner numbers and certification records, you’re processing personal data that falls squarely under GDPR. Here’s your complete compliance guide.
Join 2,000+ Irish businesses already protected
Absolutely. Under the GDPR and the Irish Data Protection Act 2018, all training providers in Kildare that collect, store, or process personal data must be fully compliant. This covers everything from booking details and payment information to CCTV footage and staff records. The DPC can impose fines of up to €20 million for non-compliance, and Irish businesses of all sizes are subject to enforcement.
RISK ASSESSMENT
Sharing learner data with QQI, SOLAS, Skillnet, or employer sponsors without clear documentation of lawful basis
Collecting PPS numbers for certification and funding claims and storing them alongside general learner records
Using online learning platforms that track detailed learner behaviour including login times, module completion, and assessment attempts
Retaining learner records from funded programmes for audit purposes without clear retention policies
Processing employer-provided employee data for corporate training without a data processing agreement
DATA INVENTORY
FREE ASSESSMENT
See exactly where your Training Provider in Kildare stands on GDPR compliance — no signup required.
REQUIRED DOCUMENTS
Every Training Provider in Ireland needs these documents to demonstrate GDPR compliance.
STEP BY STEP
Provide every learner with a comprehensive privacy notice before enrolment, listing all organisations their data will be shared with — QQI, SOLAS, Skillnet, employers — and the lawful basis for each.
Store PPS numbers separately from general learner records in an encrypted system with strict access controls — not in general spreadsheets or enrolment databases.
Put data processing agreements in place with all online learning platforms, assessment tools, and cloud services that process learner data.
When delivering corporate training, establish a data processing agreement with the employer client clarifying roles — typically the employer is the controller and you are the processor.
Set retention periods aligned with QQI, SOLAS, and Skillnet audit requirements — these may require records to be kept for longer than standard business needs.
Review your online learning platform's data collection practices — understand what learner behaviour data it captures and ensure this is proportionate and disclosed in your privacy notice.
Conduct annual staff training on GDPR, particularly for administrative staff who handle PPS numbers, funding claims, and QQI submissions.
COMMON PITFALLS
Including PPS numbers in general learner spreadsheets shared across staff, rather than storing them in a secure, access-controlled system.
Delivering corporate training and processing employee data without a data processing agreement, leaving both the employer and training provider exposed.
Not informing learners that their data will be shared with QQI, SOLAS, or other funding bodies, which breaches the GDPR transparency principle.
Keeping detailed online learning analytics — login times, module attempts, time spent on each page — without disclosing this in the privacy notice or assessing whether it is proportionate.
FAQ
Everything you need to know about GDPR compliance for your business.
Contact usNEARBY COUNTIES
OTHER SERVICES
Every day your Training Provider in Kildare operates without proper GDPR compliance is a risk. The DPC is increasing enforcement across Ireland — get ahead of it today.
Join 2,000+ Irish businesses. No credit card required.