The Data Protection Act is law.
Fines for violations go up to P50 million.

TheDataSubject trains your healthcare staff in data protection, three minutes a day, on any device. No workshops. Every employee gets a certificate on completion.

Get StartedTry a Free Scenario

Data protection training that fits your clinic

🛡️

Ready when the regulator comes

Your staff complete 40 real scenarios drawn from the Act. When an audit happens, you have documented proof that every person on your team was trained.

⏱️

Three minutes between patients

One scenario a day. No clinic shutdowns, no half-day workshops. Training fits into the actual rhythm of a working clinic.

đź“‹

A certificate for every employee

Each person earns their own certificate on completion. Valid for 12 months. You get the records; they get the credential.

Get StartedTry a Scenario

The cost of getting it wrong

Under the Data Protection Act, violations of data protection principles carry fines of up to P10 million, or 2% of a business's global annual turnover. Breaches of core principles, data subject rights, or rules on cross-border transfers go higher: up to P50 million, or 4% of turnover.

Healthcare businesses handle some of the most sensitive personal data there is. The regulator has the authority to investigate, audit, and impose fines. Training your team now is cheaper than explaining to a regulator why you didn't.

Who is this for

🏥

Private Clinics

Doctors, GPs and their teams

A patient calls and asks the receptionist to confirm their appointment to a family member. A cleaner walks past a desk with patient files open. These moments happen every day. Training gives your whole team, from front desk to practice manager, a clear answer to each one.

đź’Š

Pharmacies

Retail and dispensing

A customer asks the dispenser to WhatsApp their prescription to their spouse. Your team makes data decisions faster than they can think. Training means those decisions are the right ones.

🦷

Dental Practices

Dentists and orthodontists

Dental records, X-rays, treatment histories, and billing details are all personal data under the Act. A patient requests their records. Another asks you to share them with their insurer. Your staff need to know exactly what to do in both cases.

🔬

Laboratories

Medical and diagnostic labs

A referring doctor’s staff call asking for results before the doctor has reviewed them. A patient wants to know if a family member’s sample arrived. Labs handle deeply private data. Your technicians and admin staff need the same training as anyone else in the health sector.

How it works

0

Try it yourself first

P199 gets you 1 user account and access to 10 scenarios. See exactly what your staff will learn before you enrol your team.

1

Sign up your team

Pay by bank transfer. Enter each employee’s name and email. That’s the whole setup.

2

We invite them

Within 1 business day of payment confirmation, each employee gets an email with a link to create their account and start training.

3

They train 3 minutes a day

Forty scenarios total. Completes in 35 days.

4

You get proof

Every employee who finishes earns an individual certificate valid for 12 months. You get full progress reports. If the regulator asks, you have the documentation.

The Science Behind Our Schedule

Your training follows a scientifically-optimized 35-day schedule designed to maximize knowledge retention. Rather than cramming all scenarios into one week, we spread them strategically across five weeks using the spacing effect—a proven learning principle showing that spaced review strengthens memory far more than massed practice.

What your team will practise

1

A patient asks you to email their results to their spouse.

2

A colleague leaves patient files open on the front desk.

3

A former employee calls asking for access to old records.

4

A patient wants to know what information you hold about them.

5

Someone asks the receptionist to confirm whether a person is a patient at your clinic.

6

A staff member uses a personal phone to photograph a lab result for a colleague.

Each scenario takes about 3 minutes. Your staff read what happened, choose how to respond, and find out whether they got it right. Forty scenarios. Thirty-five days. One certificate per person.

Try a Scenario

Why TheDataSubject

đź’°

Cheaper than a consultant

A single consultant visit for data protection training typically costs between P5,000 and P15,000. Training your whole team costs P399 per person.

📱

No workshops

Your staff train online, between patients. No venue, no travel, no half-days away from the clinic.

đź“Š

Full progress reports

See exactly who has completed their training, who’s still working through it, and who needs a reminder.

🛡️

Proof for audits

Every certificate is specific to the employee who earned it. You have documented records if the regulator ever asks.

Simple Pricing

One price per employee. Pick the option that works for you.

Try It Yourself

P199/ 1 user

Access the first 10 scenarios. See what your team will learn before you enrol them. One user, no commitment.

  • âś“10 real-world scenarios
  • âś“Works on any phone or computer
  • âś“Full access for 30 days
  • âś“No obligation to continue
Start Trial
Recommended

Train Your Team

P299/ per employee

Full training course. 90-day access.

Everything your team needs to get compliant. Each employee works through 40 scenarios at their own pace, 3 minutes a day. You get a certificate and training record for every person.

  • âś“All 40 real-world scenarios
  • âś“Individual certificate per employee (valid 12 months)
  • âś“Progress reports for the practice manager
  • âś“Works on any phone or computer
  • âś“90-day access window
  • âś“Refresher training available at renewal

A single consultant visit costs P5,000 to P15,000. This trains your whole team.

Get Started

Larger Teams

11+employees

If you're training more than 10 people, get in touch. We'll put together a plan that fits your team size and budget.

  • âś“Everything in Standard
  • âś“Custom onboarding for your team
  • âś“Dedicated support
  • âś“Volume pricing
Contact Us

Built in Gaborone, for Botswana's healthcare sector

TheDataSubject was created by a Certified Information Privacy Manager (CIPM) and member of the IAPP, with a background in information governance, risk and compliance. Every scenario is built around the specific obligations in the Data Protection Act and reflects real decisions your staff face every day. This is training written for Botswana, not adapted from somewhere else.

CIPM Certified

Certified Information Privacy Manager

IAPP Member

International Association of Privacy Professionals

Real Scenarios

Based on actual healthcare situations in Botswana

Trusted by healthcare teams in Botswana

Join the growing number of clinics, pharmacies, and labs getting their teams trained under the Data Protection Act.

Frequently asked questions

Traditional training often requires all scenarios in one or two weeks—like cramming before an exam. Our approach is research-backed: spacing out learning (spreading scenarios over 5 weeks) is scientifically proven to improve long-term retention by 40–50%.

We use the Ebbinghaus forgetting curve and spacing effect research (Cepeda et al., 2006) showing that strategic spacing creates stronger, longer-lasting memories than intensive, back-to-back learning.

Because it won't stick. Cognitive science shows that compressed learning leads to rapid forgetting. If you finished all 40 scenarios in week 1, you'd retain only ~40% by day 60. Our 35-day cadence ensures you retain ~70%—a 75% improvement in retention.

The spacing intervals are locked into the system, so scenarios release one week at a time. This protects both your learning and our organisation's data protection goals.

Yes. The system is flexible for real-world schedules. If you miss day 3, you can complete day 3 scenarios on day 4, day 10, or whenever you have time. All past scenarios remain available for catch-up.

However, you cannot skip ahead. You can't access day 10 scenarios until day 10 arrives, even if you finish earlier days quickly. This spacing is crucial for retention.

Yes. The trial gives you 1 user account and access to the first 10 scenarios for P199. You’ll see exactly what your staff will experience before you pay for the full course.

Each scenario takes about 3 minutes. There are 40 in total, one per weekday, so the full course completes in 35 weekdays (7 weeks). Staff can train on any device and pick up where they left off.

Each employee earns an individual certificate on completion. It’s specific to them and valid for 12 months. You also get full progress reports so you can see exactly who has finished and who is still working through the course.

Certificates are valid for 12 months from the date of completion. Refresher training is available at renewal, so your team’s credentials stay current.

Fines range from P10 million (or 2% of global annual turnover) up to P50 million (or 4% of turnover) for the most serious breaches. The Act covers all businesses that handle personal data, including healthcare providers.

You pay by bank transfer. After you sign up and submit your payment confirmation, we verify it within 1 business day. Your employees receive their training invites as soon as payment is confirmed.

We collect each employee’s name, email address, and training progress. We don’t collect any patient data. Your employees’ training records are handled in line with the Data Protection Act.

The Act is in force. Start training today.

Every day without documented training is a day your clinic carries unnecessary risk. Your team can start within 24 hours.

Get Started

Have questions? Email us at [email protected]