This foundation course introduces the GDPR & data-protection basics we expect from every True Observer volunteer and agent . When you collect screenshots, download videos, or write reports about real people, you’re no longer “just browsing the internet”. You’re handling personal data and, often, evidence that may later be used in court. This training explains how to do that safely, legally and respectfully, under both UK GDPR and EU GDPR .

We’ll look at what counts as personal data, the difference between ordinary and special-category data, and why concepts like lawful basis, data minimisation and purpose limitation matter in an OSINT environment . You’ll see how these rules apply in practice to things we do every day: using a virtual machine, naming files, storing evidence in encrypted drives, sharing information with other volunteers, or escalating a case to a client or legal team. The goal is not to turn you into a lawyer, but to give you enough understanding to spot risk, protect victims and protect yourself.

The course also covers online safety and operational security (OPSEC) : working under a volunteer ID, separating personal and mission accounts, avoiding doxxing, and dealing with distressing content in a responsible way. Throughout the modules we connect the legal rules to True Observer’s internal workflows, so that GDPR is not an abstract regulation, but a practical checklist you can apply every time you touch data.

By the end of this course, you will be able to:

1. Explain, in simple terms, what GDPR is and why it matters for OSINT and reputation-defence work.
2. Recognise personal data and special-category data in the material you collect.
3. Apply core GDPR principles: lawful basis, data minimisation, purpose limitation, accuracy, storage limitation and security.
4. Handle screenshots, videos, transcripts and reports as evidence, using good chain-of-custody practices (hashing, timestamps, secure storage).
5. Understand the roles of data controller, processor and recipient, and where True Observer and its volunteers fit.
6. Follow True Observer guidelines for secure working: virtual machines, encrypted drives, safe sharing and retention periods.
7. Know what to do if something goes wrong (suspected data breach, mis-sent file, lost device, etc.).

Certification:

Completion of this module is a mandatory step before deployment on real cases and unlocks further True Observer Academy training on OSINT investigations, incident response and evidence reporting.