Every learning aim. Every topic. Every keyword. Every exam question — with full WAGOLL answers showing exactly how to earn maximum marks. Built to take you from zero to distinction.
From the fundamental principles of interface types to the art of accessible, intuitive design — Component 1 teaches you how digital products are conceived, planned, built, and reviewed.
Master every interface type, audience consideration, and design principle examiners expect you to know.
A User Interface (UI) is the hardware and software a user interacts with to control a computer or electronic device. Every product you use — from a smartphone to a vending machine — has a user interface. The examiner wants you to know the five main types, the devices they appear on, and the factors that influence which type is chosen.
| Device Type | Examples | Typical Interface |
|---|---|---|
| Handheld | Smartphones, tablets, e-readers | Touch GUI, Speech |
| Entertainment | Games consoles, digital TVs, home theatre | Menu-based, GUI |
| Domestic | Dishwashers, microwave ovens, washing machines | Menu / Button |
| Embedded | Parking meters, traffic lights, vending machines | Sensor, Menu |
| Controlling | Robotic arms, central heating, security alarms | Sensor, GUI |
An interface must be tailored to its specific audience. The examiner tests whether you can explain why a particular design choice is appropriate for a given group of users. Three key categories — accessibility, skill level, and demographics — must all be considered.
Interfaces must cater for users with:
Visual impairments — high contrast modes, resizable text, screen reader compatibility.
Hearing impairments — visual alerts instead of audio beeps, closed captions on videos.
Speech impairments — avoid voice-only interfaces as the primary input method.
Motor impairments — avoid timed tasks (insufficient time to respond), use large touch targets, support switch access.
Cognitive needs — simple language, clear layout, consistent navigation to reduce mental effort.
Expert users — proficient, prefer keyboard shortcuts, can learn new systems rapidly. Avoid hand-holding; give them power features.
Regular users — competent but not advanced. Want consistency and reliable shortcuts without needing to remember every detail.
Occasional users — use the system infrequently. Need clear labels and help text to remind them how to complete tasks.
Novice users — new to technology or the specific system. Require guided wizards, clear instructions, visual cues, and reassurance.
Age — children prefer bright colours, large icons, and simple imagery over text. Elderly users may need larger fonts and higher contrast.
Culture — symbols and gestures vary across cultures. A hand gesture or colour that means one thing in one country may be offensive or meaningless in another.
Past experience — using familiar icons (e.g., a "house" for home) taps into prior knowledge and reduces learning time.
Beliefs & values — language choices, imagery, and colour should not conflict with the audience's values.
Design principles govern how an effective interface looks and behaves. You must be able to identify principles, explain why they matter, and apply them to a given scenario in the exam.
Limited range — typically 2–4 colours to avoid overwhelming the user. Too many colours create confusion and unprofessionalism.
House style — organisations define a specific set of brand colours and fonts. This creates visual consistency across all products (e.g., Coca-Cola always uses red).
Avoid clashing colours — red on green, blue on orange. These cause visual strain and may be inaccessible to colour-blind users.
Textures — glossy textures signal corporate/modern design; warm/fabric textures signal comfort. Textures add depth and brand identity.
Sans-serif fonts — fonts without decorative "feet" (e.g., Arial, Helvetica). Recommended for digital screens as they are clearer at small sizes.
Appropriate language — use simple language for children or general public. Avoid jargon (e.g., "smurfing" or "AFK") that non-experts may not understand. Icons can replace text for universal understanding.
Amount of information — provide exactly what the user needs. Too much creates cognitive overload; too little leaves the user confused.
White space — areas of the interface left deliberately empty. Prevents a "busy" layout, guides the eye to important elements, and makes the interface feel professional and uncluttered.
Colours — green means go/success; red means error/stop. Yellow means caution. These are deeply ingrained cultural associations.
Sounds — high-pitched, bright sounds signal positive feedback; low-pitched, dull tones signal errors or warnings.
Symbols — green tick (✓) = success; red cross (✗) = failure. These are universally understood without requiring text.
Visuals — photographs build trust (especially in e-commerce). Graphics and illustrations explain complex processes faster than text.
Pop-up messages — draw attention to important information or confirmations the user must acknowledge.
Animation & flashing graphics — attract the eye to time-sensitive content. Must be used sparingly to avoid distraction.
Autofill — automatically completes repeated data entry (e.g., address fields) reducing effort and errors.
Default values — pre-populate fields with the most common answer to reduce interaction time.
Tip text — small help text shown when hovering over a button, explaining its function without cluttering the layout.
Intuitive design — icons clearly denote their function; actions can be easily reversed (undo), reducing anxiety about making mistakes.
Efficiency is about reducing the time and effort required to complete tasks. Even small improvements — shaving seconds off repeated actions — make a significant difference in productivity across thousands of daily uses.
From the initial proposal to working prototypes — understanding how digital projects are organised, planned, and brought to life.
A project without a plan is a plan to fail. You must know the documents, tools, and methodologies used to manage a digital project from conception to delivery.
• Purpose — what problem the project solves
• Audience — who will use the product
• Requirements — what the system must do
• Accessibility needs — how the design will be inclusive
• Constraints — limitations on time, budget, and resources
All goals must be SMART: Specific, Measurable, Achievable, Relevant, Time-bound.
Task List — a simple ordered list of every task that must be completed, assigned to a team member with a deadline.
Gantt Chart — uses horizontal bars to show the duration of each task over a timeline. Shows task dependencies (which tasks must finish before others start) and key milestones.
Mind Map — a radial diagram used to brainstorm ideas and connections around a central concept.
Mood Board — a visual collage of images, colours, and textures that captures the intended look and feel of the interface.
The design specification turns requirements into visualisations. It is the bridge between what the client wants and what the developer builds.
Visualisations — either a sketch (annotated outline drawing of a screen) or a storyboard (flow diagram using arrows to show how screens connect and how the user navigates between them).
Hardware requirements — what device and screen size is the interface designed for?
Software requirements — what operating system, browser, or platform?
Accessibility requirements — specific features for user groups.
Good design aims to: increase user confidence, reduce learning time, and reduce the need for specialised knowledge.
A working prototype is a developed version of the design (typically four screens) used to test whether user requirements are met before committing to full development. Prototypes are shown to users and stakeholders for feedback.
Understanding how to evaluate an interface prototype against user requirements and suggest meaningful improvements.
Reviewing a UI means systematically assessing it against a structured set of criteria. You are not just saying "it looks nice" — you are evaluating why something works or doesn't work for the specific audience.
User requirements — does the interface do everything the client specified?
Suitability for audience — is the language appropriate? Are fonts readable for the age group? Does it meet accessibility needs?
Ease of use — can a novice complete the main task without help? How many clicks does it take?
Accessibility features — is there alt text? Can it be used with a keyboard only? Is the contrast ratio sufficient?
Design principles — is white space used effectively? Is proximity applied correctly? Is the colour scheme consistent with house style?
✓ Do icons match user experience and expectations?
✓ Do images match the topic/content they illustrate?
✓ Does autofill help reduce repeated data entry?
✓ Are tool tips (hover help) present on non-obvious buttons?
✓ Is there a history pane for recently viewed items?
✓ Is validation in place (green ticks/red crosses) on forms?
✓ Are clear instructions provided at each step?
✓ Can actions be easily undone (undo button)?
Learn every term below. In the exam, if you use a keyword correctly and in context, you demonstrate AO1 knowledge instantly.
What A Good One Looks Like — model answers demonstrating exactly how to earn every mark.
Find all 9 UI Design and Project Management keywords. Click and drag across the grid to find words — horizontally, vertically, or diagonally.
Test UI Design and Project Management vocabulary. Click a clue or cell to start. Arrow keys navigate. Tab moves to next word.
Match each UI Design and Project Management term to its correct definition. Drag each term from the left column onto its correct definition on the right.
How fast can you recall UI Design and Project Management facts? 20 seconds per question — answer before the timer runs out!
From raw unprocessed data to powerful dashboards that drive business decisions — Component 2 teaches you the full data pipeline.
Understand how organisations collect, validate, and use data — and the risks this creates for individuals.
This is one of the most commonly tested definitions in the entire qualification. You must be able to define both terms precisely and give an example showing how data becomes information.
Before data can be used, it must be checked. Validation and Verification are two different processes — examiners regularly test whether students know the difference.
Range Check — is the value within an acceptable range? (e.g., age must be 0–120)
Type Check — is the data the correct type? (e.g., is this a number, not a letter?)
Presence Check — has a required field been filled in? (e.g., email address cannot be blank)
Length Check — is the data the correct length? (e.g., a UK postcode is 6–8 characters)
Lookup Check — is the value in an approved list? (e.g., country code must be in a list of valid codes)
Proofreading — a human reads the entered data and compares it to the source document to spot errors.
Double Entry — the same data is entered twice by two different people (or at two different times); the system flags any discrepancies.
Example: A user enters their date of birth as 01/03/1990. Validation (type check) confirms it is a date. Verification (double entry) confirms it matches the birth certificate.
Organisations gather data in many ways. You must be able to distinguish between primary and secondary data and evaluate the reliability of each method.
Collected first-hand for a specific purpose.
Interviews — in-depth, flexible, but time-consuming and expensive. Good for qualitative insights.
Questionnaires — can reach many respondents cheaply. Risk: leading questions can bias responses.
Surveys — structured questions collecting quantitative data at scale.
Reliability factors: sample size (larger = more reliable), sample composition (who is included), location and time of collection, and the method used.
Using data that already exists, collected by someone else for a different purpose.
Sources: Websites, books, journals, blogs, forums, booking systems, company internal documents.
Advantage: Fast and cheap — no data collection required.
Disadvantage: May be outdated, biased, or not suited to your specific question. Must evaluate source reliability.
Retail — purchase history to predict what customers will buy next (recommendation engines).
Transport — traffic flow data to optimise routes and reduce congestion.
Banking — transaction data to detect fraudulent activity in real time.
Education — attendance and grade data to identify students at risk of underperforming.
Health care — patient records to model disease spread and improve treatment outcomes.
Entertainment — viewing data to recommend content (Netflix, Spotify).
Government — census data to plan infrastructure and public services.
Invasion of privacy — data collected without proper consent reveals personal information users did not intend to share.
Fraud — stolen personal data used to impersonate individuals and access their financial accounts.
Targeting vulnerable groups — data used to direct harmful advertising (gambling, loans) at people already in difficulty.
Inaccurate data — errors in stored data (e.g., a wrong credit rating) can deny individuals access to mortgages or jobs.
Master every spreadsheet function, formula, and feature needed to build a professional data dashboard.
Importing data — bringing data into a spreadsheet from external files or the internet (CSV, Excel, database connections).
Basic formulae — add (+), subtract (−), multiply (*), divide (/). Always begins with =.
SUM, AVERAGE, MIN, MAX — fundamental aggregate functions used in every dashboard summary section.
Sorting — ordering data by one or more columns, alphabetically or numerically, ascending or descending.
IF — =IF(condition, value_if_true, value_if_false). Makes decisions. e.g., =IF(B2>100,"Over Budget","OK")
SUMIF — sums values that meet a condition. e.g., total sales for one region only.
VLOOKUP — searches the leftmost column of a table and returns a value from another column. Key for linking datasets.
HLOOKUP — same as VLOOKUP but searches rows rather than columns.
COUNTIF — counts cells meeting a criterion. e.g., how many sales exceeded £500?
COUNTBLANK — counts empty cells. Useful for identifying missing data.
LEFT / RIGHT — extracts characters from text strings. e.g., =LEFT(A1,3) extracts first 3 characters.
AND, OR, NOT — logical operators used inside IF functions to build complex conditions.
✦ Summary statistics — totals, averages, counts, percentages in clearly labelled boxes at the top.
✦ Dynamic charts — graphs that update automatically when data changes.
✦ Interactivity — form controls like dropdown menus, tick boxes, and sliders that filter what the chart shows.
✦ Conditional formatting — instant visual signals about performance (red for below target, green for above).
✦ Clear titles — both an overall dashboard title and titles for each chart/section.
✦ Axis labels — always label axes with the metric and unit (e.g., "Sales (£)").
Font size/style/colour — use hierarchy (large bold title, medium heading, small body).
Merge cells — combine cells to create section headers spanning multiple columns.
Text wrap — ensures long text remains readable within a cell.
Cell borders & shading — define sections visually without needing gridlines.
Hide/unhide cells — keep raw data and working calculations hidden so the dashboard appears clean.
Freeze panes — lock row/column headers so they remain visible when scrolling large datasets.
How to interpret your dashboard, make evidence-based recommendations, and evaluate whether the presentation was effective.
Does the dashboard clearly communicate the key findings to the target audience?
Could the presentation lead to bias? A pie chart with too many segments is hard to read. A y-axis not starting at zero exaggerates differences.
Could data be misinterpreted? Are all charts clearly labelled with titles, axis labels, and units?
Could conclusions be inaccurate? Is the sample size sufficient? Is the data recent enough?
Truncated y-axis — starting above zero makes small differences look enormous, creating misleading impressions.
Wrong chart type — using a pie chart for time-series data makes trends invisible.
Missing axis labels — the reader cannot interpret the scale without units.
Overloaded charts — too many data series in one chart makes it unreadable.
Hunt down 9 Spreadsheet and Data keywords. Click and drag across the grid to find words — horizontally, vertically, or diagonally.
Complete the grid with Data and Spreadsheet terms. Click a clue or cell to start. Arrow keys navigate. Tab moves to next word.
Match each Data and Spreadsheet term to its correct definition. Drag each term from the left column onto its correct definition on the right.
Race through Data, Spreadsheets and Dashboard questions. 20 seconds per question — answer before the timer runs out!
The synoptic external exam covering modern technologies, cyber security, wider implications, and professional notation. This is where everything comes together.
Wireless networks, cloud computing, collaboration tools, and their impact on individuals and organisations.
Understanding how devices connect wirelessly and the security and performance challenges this creates is a core examiner focus. You must know specific terms and be able to explain why an issue arises and what its impact is.
Blackspots — areas with no mobile or wireless signal, caused by physical barriers (hills, tunnels, thick walls, remote location). Workers in blackspots cannot access cloud data or communicate digitally.
Network Congestion — too many users on a network simultaneously causes reduced speed and performance. During peak hours (9am, lunchtime) office networks may slow, reducing productivity.
Infrastructure Requirements — organisations need sufficient bandwidth, reliable ISPs, and redundant connections to maintain uptime. Downtime means lost productivity and revenue.
VPN (Virtual Private Network) — encrypts all data between a remote user and the organisation's network. Essential for secure remote working, preventing interception on public networks.
The examiner frequently asks about the advantages and disadvantages of cloud services. You must be able to discuss both sides with precision, using correct terminology.
Synchronisation — automatically updates files across all devices so every device has the same version. No more emailing files to yourself.
Scalability — storage and processing power can be increased or decreased on demand. Pay only for what you use. No expensive hardware upgrades needed.
24/7 Availability — accessible from any location, at any time, via the internet. Supports global teams and remote workers.
Redundancy — copies stored in multiple physical data centres protect against data loss. If one server fails, another takes over.
Access Rights — permissions define who can view, edit, or delete files. Critical for data security and compliance.
Online applications — software accessed via a browser (Google Docs, Office 365). No installation needed. Always the latest version.
Version control — automatic tracking of changes so any previous version can be restored. Prevents the chaos of "final_v2_REALLY_FINAL.docx".
Single shared instance — all collaborators work on the same file simultaneously. Changes appear in real time. No version conflicts.
Wiki — collaborative web pages where multiple team members contribute and update content.
Naming conventions — manual version control using consistent file naming (e.g., "Report_v3_2026-03-15").
Disaster recovery — organisations must have a policy for restoring cloud data if the provider suffers an outage.
Data security — who has physical access to the servers? Where are they located? Which country's laws apply?
Downtime — if the cloud provider goes offline, the organisation cannot access its data. Business grinds to a halt.
CapEx (Capital Expenditure) — large upfront cost to buy and build physical servers. Fixed cost, high risk.
OpEx (Operational Expenditure) — ongoing monthly cloud subscriptions. Flexible, scales with need.
World teams — technology enables teams spread across different countries and time zones to collaborate 24/7. Organisations are no longer limited by geography when recruiting talent.
Flexible working — staff can work from home, in cafes, or abroad. Reduces commute time and office overhead costs.
Inclusivity — people with disabilities, childcare needs, or health conditions who cannot work in traditional office environments can contribute fully using digital tools.
Stakeholder communication — choosing the right channel matters: website/social media for public announcements; email/direct message for sensitive or private information.
Positive: Greater flexibility in where and when work is done. Work-life integration can improve for those with caring responsibilities.
Negative — Isolation: Remote workers may feel disconnected from colleagues, missing the social interaction of an office. This can lead to loneliness and reduced motivation.
Negative — Blurred boundaries: When home and work occupy the same space, it becomes difficult to "switch off." Emails arrive at any hour, creating pressure to always be available.
Mental wellbeing — organisations must actively manage these risks through regular video calls, team meetings, and clear "out of hours" policies.
Every threat type, every protection method, and every policy element — the examiner's favourite section.
Understanding why attacks happen and how each type works is essential. The examiner often asks you to identify the type of attack from a description, or explain why a specific attack is particularly dangerous.
Unintentional disclosure — emailing sensitive data to the wrong recipient. Losing a device containing unencrypted data. Using a weak password.
Default passwords — factory-set passwords on devices (e.g., "admin" or "1234") are publicly known. Attackers try these first. All devices must have unique passwords set immediately.
Portable storage risks — infected USB drives plugged into the network introduce malware. Many organisations ban USB drives entirely.
Disgruntled employees — staff with access who deliberately steal, modify, or destroy data. Particularly dangerous as they have legitimate credentials.
Industrial espionage — employees selling trade secrets or client databases to competitors.
Impacts of breaches — financial loss (fines, lost business), reputational damage (loss of customer trust), downtime (systems offline), and legal action (under GDPR/DPA 2018).
Passwords — must be complex (uppercase, lowercase, numbers, symbols, 12+ characters). Policy: change every 90 days, no reuse.
Biometrics — fingerprint, iris scan, facial recognition. Unique to the individual. Very hard to forge. No password to forget or steal.
2FA (Two-Factor Authentication) — requires two verification methods (e.g., password + SMS code). Even if a password is stolen, the attacker cannot access the account without the second factor.
Access levels — Read, Write, Full Control. Principle of Least Privilege: give users only the access they need for their role, nothing more.
Firewalls — hardware or software that monitors and filters network traffic based on security rules. Blocks unauthorised incoming connections.
Anti-virus software — scans for known malware signatures. Must be kept updated as new threats emerge daily.
Encryption — scrambles data so it can only be read with the correct key. Essential for data in transit (HTTPS) and data at rest (encrypted hard drives).
Device hardening — disabling unused ports, removing unnecessary software, applying all security patches. Reduces the "attack surface."
Penetration testing — an authorised, systematic simulation of a cyberattack to find vulnerabilities before real attackers do.
Stages: Authorise → Discover vulnerabilities → Exploit (safely) → Document findings → Recommend fixes.
White Hat Hacker — ethical, hired with permission.
Black Hat Hacker — malicious, illegal.
Grey Hat Hacker — finds vulnerabilities without permission but reports them (sometimes for a fee). Legally ambiguous.
A document defining the rules for using an organisation's IT systems. Must cover:
Scope — which systems and users are covered.
Assets — what hardware and software employees are permitted to use.
Expected behaviours — what is and is not allowed (e.g., no social media on work devices during work hours).
Monitoring — the organisation's right to monitor internet activity and emails.
Sanctions — consequences for violations, ranging from verbal warnings to dismissal and legal action.
Password parameters — minimum length, complexity requirements, frequency of change.
A formal plan for restoring systems and data after a serious incident. Must define:
Backup processes — Full backup (copy everything, weekly) vs Incremental backup (copy only what changed since last backup, daily). Both together minimise data loss.
RAID (Redundant Array of Independent Disks) — stores identical data across multiple hard drives simultaneously. If one fails, the system keeps running.
Recovery timelines — RTO (Recovery Time Objective) — how long can the organisation survive without systems?
Incident response steps: Investigate → Respond → Manage → Recover → Analyse
Build a perfect 6-mark cyber security answer using the BLT method. Fill in each section, then click Build to see your full answer.
Legal, ethical, and environmental consequences — the area where exam marks are won or lost based on depth of analysis.
The DPA 2018 is the UK implementation of the EU GDPR. It sets out seven principles for handling personal data:
1. Lawfulness, fairness, transparency — processing must be legal, fair, and clear to the data subject.
2. Purpose limitation — data collected for one purpose cannot be used for another without consent.
3. Data minimisation — collect only what is necessary. No hoarding.
4. Accuracy — data must be kept correct and up to date.
5. Storage limitation — data must not be kept longer than necessary.
6. Integrity and confidentiality — data must be secured against unauthorised access, loss, or destruction.
7. Accountability — the data controller is responsible for demonstrating compliance.
Computer Misuse Act 1990 — makes it illegal to: (1) access computer systems without authorisation; (2) access with intent to commit further crimes; (3) impair the operation of a computer or spread malware.
Police & Justice Act 2006 — updated the CMA to increase penalties for DoS attacks.
Equality Act 2010 — prevents unfair treatment of individuals based on "protected characteristics" including disability, age, gender, race, and religion. Digital services must be accessible.
Privacy & Electronic Communications Regulations 2003 — governs marketing emails and cookies. "Opt-in" required for non-essential cookies.
Standard notation diagrams — DFDs, IFDs, Flowcharts — are always on the exam. Master the shapes and you guarantee marks.
Flowcharts use standard symbols recognised internationally. Using the wrong shape in the exam costs marks. Learn these shapes until they are automatic.
Entities (rectangles / squares) — external users, departments, or organisations that send or receive data. e.g., "Customer", "Supplier".
Processes (circles / rounded rectangles) — the central system or application that processes data. e.g., "Process Order".
Data Stores (open rectangles, labelled D for digital or M for manual) — files or databases where data is kept. e.g., "D1 Customer Database".
Data Flow (arrows) — lines showing the direction of data movement. Label each arrow with the data type. e.g., "Order Details".
Information Flow Diagram (IFD) — shows detailed information exchanged between people and departments. Labels describe the content in full (e.g., "Customer invoice with itemised costs").
Data Flow Diagram (DFD) — shows how data moves through a system using short, precise labels (e.g., "Invoice ID"). More technical and formal than IFD.
Key difference: IFDs focus on communication between people; DFDs focus on how data moves through a computer system.
Every keyword for all four learning aims, plus full mark exam answers.
Find 9 critical Cyber Security and Legislation terms. Click and drag across the grid to find words — horizontally, vertically, or diagonally.
Fill in Cyber Security and Legislation keywords. Click a clue or cell to start. Arrow keys navigate. Tab moves to next word.
Match each Cyber Security and Law term to its correct definition. Drag each term from the left column onto its correct definition on the right.
Test your Cyber Security and Legislation knowledge under exam pressure. 20 seconds per question — answer before the timer runs out!
One document. Four learning aims. Every concept explained in full, every exam technique mastered, every keyword defined — built to take you from knowing nothing to knowing everything.
"Technology has obliterated geography — the question is no longer where you work, but whether you work well."
An ad hoc network is a temporary wireless connection created directly between devices, without needing a central router or fixed infrastructure. Three main types are examined:
Storing data on remote servers accessed via the internet, rather than local hard drives. Key features:
Online applications run on remote servers and are accessed through a web browser — no installation required. Examples: Google Docs, Microsoft 365, Salesforce.
Key advantages over traditional software:
| Model | Description | Example |
|---|---|---|
| CapEx Capital Expenditure | Large one-off upfront costs for physical hardware | Buying servers, cables, routers for an on-site data centre |
| OpEx Operational Expenditure | Ongoing day-to-day running costs — predictable monthly bills | Monthly cloud subscription (Google Workspace: £5.20/user/month) |
Technology enables "world teams" — groups of employees in different countries, time zones, and cultures working together on shared projects 24/7/365.
"The question is not whether you will be attacked, but whether you will be prepared when you are."
Malware (malicious software) is deliberately created to damage, disrupt, or gain unauthorised access to systems. Each type operates differently — you must know the distinction.
Fake emails, messages, or websites that impersonate trusted organisations (banks, HMRC, Amazon, your employer) to trick users into revealing passwords, card details, or personal information.
Attackers spoof sender addresses so the email appears legitimate. Urgency is weaponised: "Your account will be closed in 24 hours — click here."
Redirects users from a legitimate website to a fake one even when they type the correct address. Achieved by corrupting DNS records (the internet's "phone book") so the real site name points to a fraudulent IP address.
The fake site looks identical to the real one — victims have no visible warning they've been redirected.
Not all threats come from outside. Employees represent a significant security risk — either accidentally or deliberately.
Penetration testing — authorised simulation of a cyberattack to find weaknesses before malicious hackers do. The five stages:
"Every digital action has consequences — legal, ethical, environmental, and social. Understanding them separates good practice from recklessness."
The Data Protection Act 2018 incorporates the EU GDPR into UK law. It governs how personal data must be collected, stored, processed, and protected. Eight principles bind every organisation handling personal data:
Consolidates 116 pieces of legislation. Protects 9 protected characteristics: age, disability, gender, race, religion, sex, sexual orientation, pregnancy, gender reassignment.
In digital contexts, organisations must ensure websites, apps, and IT services are accessible to everyone. Professional guidelines: WCAG (Web Content Accessibility Guidelines) — four principles: Perceivable, Operable, Understandable, Robust (POUR).
"A diagram is a language that everyone, regardless of spoken language, can read — if you follow the standard symbols."
Flowcharts use standard symbols so that anyone — regardless of language — can understand a process. Using the wrong shape loses marks in the exam. Each symbol has one specific purpose.
Shows how data moves between entities, processes, and data stores within a specific digital system. Uses short data labels on arrows.
Shows the exchange of detailed information between entities, people, or departments. Labels are more descriptive than a DFD.
Tables organise information for clear comparison and reference. Exam questions often ask you to create or interpret tables — follow these rules for full marks:
The BLT method — your secret weapon for 4–9 mark questions
Five golden strategies that apply across every DIT exam question
All three components. All learning aims. All keywords. All exam techniques.