Over a Third of UK Workers Lack Up-to-Date Compliance Training: A Growing Risk for Businesses

UK organisations are operating in an increasingly complex regulatory environment, yet a significant proportion of the workforce remains underprepared to meet compliance demands. New research from Virtual College highlights a concerning disconnect between regulatory expectations and the reality of workplace training.

With tightening requirements around data protection, online safety, and industry-specific regulations, businesses face mounting pressure to ensure employees are properly trained. The stakes are high: UK companies incurred more than £490 million in compliance-related fines in 2025 alone, underscoring the financial and reputational risks of getting compliance wrong.

Widespread Gaps in Compliance Training

The findings reveal systemic gaps across industries, roles, and demographics. Nearly one in three UK workers (31%) report they have either never received compliance training or cannot recall when they last completed it. Among self-employed individuals, the situation is even more pronounced, with over half (54%) operating without any formal compliance training.

Age also plays a role. A quarter (25%) of workers aged over 55 say they have never received compliance training, raising concerns about long-standing workforce segments potentially being overlooked.

Sector-by-Sector Breakdown

The disparity becomes clearer when examining individual industries:

• Creative and media: 49% have never received compliance training — the highest of any sector
• Hospitality: 20% lack training
• Environmental and agricultural: 19%
• Engineering and construction: 16% report no training or cannot recall it
• Education and non-profit: 10%
• Healthcare and social services: 10%

While some sectors perform better than others, no industry is immune to gaps.

Confidence vs Competence: A Risky Mismatch

Despite these shortcomings, 88% of workers say they feel confident they could handle a compliance-related situation in their role. On the surface, this suggests a well-prepared workforce—but a closer look reveals inconsistencies.

Younger workers (aged 18–24) are less assured, with only 23% describing themselves as “very confident,” compared to around 40% in older age groups. Additionally, employees returning from parental leave or sabbaticals experience an 11% drop in confidence compared to their full-time counterparts.

Confidence also varies by sector:

• Higher confidence sectors:
  • Healthcare and social services (93%)
  • Business, finance and professional services (91%)
• Lower confidence sectors:
  • Retail (78%)
  • Transport and logistics (78%)
  • Hospitality, leisure and tourism (84%)

This disparity suggests that self-reported confidence may not always reflect current or accurate knowledge—particularly where training is inconsistent or outdated.

Over-Reliance on GDPR Training

One of the most striking insights is how heavily compliance training is skewed toward data protection. Over half (52%) of UK workers report receiving training in GDPR, making it the most commonly delivered compliance topic.

By comparison:

• Health and safety training: 42%
• Safeguarding: 33%
• First aid: 19%
• Food safety and allergy awareness: 12%

This imbalance highlights a critical issue. While data protection is essential, other areas—particularly those related to physical safety and wellbeing—are being deprioritised.

The implications are significant. Each year, more than 680,000 people in the UK experience workplace injuries or health emergencies, while approximately 2.4 million individuals live with food hypersensitivities. Yet training coverage in first aid and food safety remains notably low.

Some sectors show better alignment with risk. For example, safeguarding training is more prevalent in education and non-profit roles (55%) and healthcare (45%). However, across most industries, essential safety training remains underrepresented.

Why Compliance Training Needs to Evolve

The research points to a fundamental issue: compliance training is often treated as a one-off requirement rather than an ongoing process. In a regulatory landscape that evolves rapidly, static training approaches are no longer sufficient.

Businesses must move beyond “tick-box” compliance and adopt strategies that ensure knowledge remains current, relevant, and actionable.

Expert Insights: How Organisations Can Stay Compliant

Jamie Ashforth, Business and Strategy Director at Virtual College, outlines several practical steps organisations can take to strengthen compliance:

1. Audit Training Regularly

Routine audits help identify gaps and ensure that every employee receives the appropriate training for their role. Without visibility, organisations risk leaving critical vulnerabilities unaddressed.

2. Prioritise Continuous Learning

Rather than relying on one-off sessions, organisations should implement ongoing, bite-sized learning. This approach helps reinforce knowledge and keeps employees aligned with regulatory updates.

3. Focus on High-Risk Areas

Training should prioritise areas with the greatest potential impact, such as safeguarding, health and safety, and incident response. These are often where failures carry the most serious consequences.

4. Build a Strong Reporting Culture

Employees must feel confident raising concerns. Clear reporting processes, combined with regular reinforcement, ensure issues are identified and addressed early.

5. Use Scenario-Based Learning

Real-world scenarios and assessments bridge the gap between theory and practice. They help employees develop practical decision-making skills and improve response confidence in real situations.

Closing the Compliance Gap

The research paints a clear picture: while many UK workers feel confident in their ability to handle compliance issues, significant training gaps persist. This disconnect presents a tangible risk to organisations—financially, legally, and operationally.

To remain compliant in an increasingly demanding regulatory environment, businesses must rethink their approach. That means investing in continuous, targeted training that goes beyond data protection and addresses the full spectrum of workplace risks.

Organisations that take a proactive, structured approach to compliance training will not only reduce risk but also build a more capable, confident workforce—one that is equipped to navigate today’s complex regulatory landscape.