Am I legally required to have a risk assessment?

Yes. MHSWR 1999 Regulation 3 requires every employer to assess risks. Record findings if 5+ employees. Self-employed must also assess.

How often should they be reviewed?

After significant changes, incidents or near-misses. Annual formal review recommended. Retained clients receive scheduled reviews.

Simple low-risk workplaces possibly. Significant hazards require a competent person — qualified consultant produces legally robust assessments.

What happens during a visit?

Walk every area, observe activities, examine equipment and substances, talk to staff. 2-4 hours. Written report with ratings and action plan.

Risk assessment vs method statement?

Risk assessment identifies hazards and evaluates risk. Method statement describes safe step-by-step procedure. Together they form RAMS.

Do I need different assessments?

Yes. General workplace plus specific: COSHH, manual handling, DSE, fire, DSEAR and working at height as applicable.

Do you cover the whole UK?

Yes. Based in Wigan, deliver UK-wide. Single-site and multi-site operations.

Training

GDPR & Cybersecurity Training Protect Your Data, Protect Your Business

Q: How much does it cost?

Fixed-price quotes based on premises size and complexity. Bundled packages for multiple assessments. Free consultation.

Practical GDPR awareness and cybersecurity training for your entire team. Data handling, consent, breach reporting, phishing recognition, password security, social engineering defence and safe working practices. The human firewall your business needs.

Book Training 0333 3233 785

90%Of breaches involve human error

GDPRAwareness for all staff

PhishingRecognition training

£17.5mMaximum ICO fine

Data Protection Training

Your Staff Are Your Biggest Risk — And Your Best Defence

A workplace risk assessment is a systematic examination of your work activities, premises and processes to identify what could cause harm to people — and whether you're doing enough to prevent it. Under the Management of Health and Safety at Work Regulations 1999 (MHSWR), every employer must carry out a suitable and sufficient assessment of the risks to the health and safety of their employees and anyone else who may be affected by their work activities.

If you have five or more employees, the significant findings of your risk assessment must be recorded in writing. But regardless of your size, risk assessment is the foundation of every health and safety management system — without it, you're managing safety blind.

RADCaT's qualified health and safety consultants carry out thorough, practical workplace risk assessments for businesses of every size and sector across the UK. We don't produce generic templates — we visit your premises, walk your processes, talk to your team and produce site-specific, task-specific assessments that genuinely reflect your operations and give you a clear, prioritised action plan for improvement.

Whether you need a general workplace risk assessment for your office, a task-specific assessment for high-risk activities in a factory, a site-wide review for a multi-building campus, or a pre-project risk assessment for a construction site — RADCaT delivers expert, HSE-compliant assessments tailored to your industry and your operations.

The ICO's first question after a breach: "What training did staff receive?" If your answer is inadequate, it's an aggravating factor in any enforcement action. Regular, relevant training from RADCaT is your best defence.

Types of Risk Assessment

Training Courses

GDPR awareness plus practical cybersecurity defence.

GDPR General Awareness

UK GDPR principles, individual responsibilities, lawful processing, consent, individual rights, breach recognition, reporting procedures and accountability.

Phishing Awareness

Recognising phishing emails, smishing (SMS phishing), vishing (voice phishing) and spear phishing. Practical examples, red flags and reporting procedures.

Password & Authentication

Strong password creation, password managers, multi-factor authentication, avoiding password reuse and recognising credential compromise.

Social Engineering

Recognising manipulation techniques — pretexting, baiting, tailgating, CEO fraud and impersonation. Building a culture of healthy scepticism.

Safe Remote Working

Secure home working practices — VPN use, secure Wi-Fi, device encryption, screen locks, document handling and video call security.

Sector-Specific Modules

GDPR for schools (pupil data, CPOMS, photography), care homes (patient records, Caldicott), hospitality (guest data, bookings), charities (donor data) and SMEs (customer data, marketing).

Every Industry

Risk Assessments for Your Sector

Every industry has different hazards. We tailor every assessment to your specific sector and operations.

Our Process

How We Carry Out a Risk Assessment

Assessment

We assess your organisation's data processing, sector requirements and any previous incidents to tailor the training content.

Course Development

Combined GDPR and cybersecurity content built around your specific data, systems and real-world scenarios.

Delivery

Interactive session with practical examples, phishing demonstrations and Q&A. On-site, centre or e-learning. 1-2 hours.

Assessment & Certification

Delegates assessed on key learning points. Training certificates and attendance records for your GDPR compliance file.

Refresher

Annual refresher addressing regulatory changes, new threats and any incidents since the last training.

Common Questions

GDPR & Cybersecurity FAQ

Do all staff need GDPR training?

Yes — everyone who handles personal data in any capacity. This includes all office workers, teachers, care workers, receptionists, IT, HR, marketing, finance, managers and volunteers handling data.

How often should training be refreshed?

Annually. Plus additional training when new systems are introduced, regulations change or after any data breach or near-miss.

Is cybersecurity training included?

Yes. Our combined course covers both GDPR awareness and practical cybersecurity — phishing, passwords, social engineering and safe working practices. The two topics are inseparable in practice.

Can you deliver on INSET days?

Yes. We regularly deliver GDPR and cybersecurity training on INSET days for schools. Typically 1-1.5 hours, tailored to school data handling scenarios.

What about remote workers?

E-learning options available for distributed workforces. Covers secure home working in addition to GDPR and phishing awareness.

Do you run phishing simulations?

We demonstrate phishing techniques during training so staff learn to recognise red flags. For ongoing testing, we can advise on phishing simulation tools you can use internally.

How much does it cost?

Per session pricing. Includes tailored content, all materials and certification. Contact us for a quote.

Need GDPR & Cybersecurity Training?

Tell us your team size and sector for a tailored quote.

Book Training 0333 3233 785

GDPR & Cybersecurity Training Protect Your Data, Protect Your Business

Your Staff Are Your Biggest Risk — And Your Best Defence

Training Courses

GDPR General Awareness

Phishing Awareness

Password & Authentication

Social Engineering

Safe Remote Working

Sector-Specific Modules

Risk Assessments for Your Sector

Factories & Warehousing

Transport & Logistics

Construction

Schools & Education

Care & Healthcare

Chemical

Hospitality

SMEs & Offices

Charities

How We Carry Out a Risk Assessment

Assessment

Course Development

Delivery

Assessment & Certification

Refresher

Complete Your Compliance Puzzle

H&S Training

Fire Awareness

First Aid

Manual Handling

Working at Height

IOSH Managing Safely

Dangerous Goods

GDPR & Cybersecurity

Specialist Courses

On-Site Training

Training Room Hire

Health & Safety

GDPR & Cybersecurity FAQ

Need GDPR & Cybersecurity Training?