Home » Courses » GDPR Essentials Course

GDPR Essentials Online Training Course


This online GDPR course is ideal for all employees as part of their data protection awareness training.

The course gives each trainee an overview of where GDPR came from, how it applies today in the UK and EU following Brexit, the principles of data protection that must be followed under GDPR, the lawful bases under which data can be processed and the rights that each data subject holds with examples of how they work in practice.

It also covers key common GDPR compliance risks such as recognising SARs (subject access requests), data security and data breaches. Situational questions improve data protection confidence throughout the course and help build confidence towards the final assessment.

  • 100% online
  • 1 hour
  • UK GDPR – DPA18 (🇬🇧) + EU GDPR (🇪🇺)
  • Certificate


Why learn about GDPR?

  • Reduce your risk of financial penalties and prosecution for non-compliance
  • Delight your customers and colleagues with better respect for their privacy
  • Instead of worrying, feel confident using personal data in your day to day tasks
  • Demonstrate your commitment to ethical business practices – doing what’s right
  • Ensure that “GDPR myths” and outdated advice is not holding your business back
Why was GDPR introduced training course slide
Scope of GDPR training course slide
Example of gdpr data retention policy for CVs
GDPR training course slide email newsletter sign-up
Why establishing a lawful basis for processing data is important right comparison GDPR training course slide

Course features


Nobody wants to be lectured to. Learners get the knowledge they need through concise and engaging videos. Then, they apply what they’ve learnt through situational questions.

Ticks every box

Aligns with the ICO’s accountability guidelines for data privacy training.

Kept up to date

Our team regularly reviews the latest developments in data privacy law. We build this knowledge into course updates and email alerts so you can keep ahead.


For awareness training, this course won’t leave any knowledge gaps. It gives staff exactly what they need to know and makes sure they can understand how it is applied in practice.

Learning with us

Client Logo - EV
Client Logo
Client Logo
Client logo

Course information

Learning outcomes

  • Understand the key principles, data subject rights, legal basis for processing and implementation challenges of GDPR
  • Know how to handle personal data properly in compliance with GDPR 
  • Be aware of the biggest GDPR compliance risks that all employees face and how to mitigate their impact.

GDPR Training Recommendations

  • All employees should complete some GDPR training. Ideally, before they start processing personal data.
  • Employees who process significant volumes of data or who perform high risk data processing activities such as sales and marketing staff should receive additional training. Employees who make strategic decisions or product design decisions (which may concern the processing of personal data) may also benefit from additional training.
  • After initial training employees should receive refresher training 1 to 2 times a year. This will also help organisations demonstrate their compliance with the Accountability principle of GDPR.

This course is recommended for

  • All staff as part of GDPR awareness training.


There is no prerequisite for this GDPR training.

What do I need for this course?

This course is 100% online and delivered through our online learning platform. Organisations can also access this content via their own LMS on request (different pricing and licensing terms will apply).

Course content

Section 1: Intro and key definitions

What you’ll learn

In this section we’ll introduce GDPR and make sure you fully understand the key definitions. We’ll look at how GDPR fits into the overall data privacy law landscape. We’ll explain why GDPR was introduced and examine how it works across the UK and EU with particular focus on the small, but important differences that apply following Brexit.


  • What is GDPR?
  • The data privacy law landscape – Data Protection Act 2018
  • Why GDPR matters
  • UK GDPR and EU GDPR – What is the difference?
  • GDPR enforcement and penalties
  • Defining personal data
  • Defining data controllers, data processors and data subjects
  • Mini-assessment

Section 2: Principles of GDPR

What you’ll learn

In this section we’ll dive deep into the principles of GDPR. We’ll explain how a solid understanding of these principles can help you achieve full compliance with GDPR. And we’ll look at how you can use your knowledge of these principles to tackle different situations that currently lack specific guidance – so your projects will never be stuck at a GDPR roadblock again.


  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability
  • Mini-assessment

Section 3: Establishing a lawful basis for processing

What you’ll learn

In this section we’ll look at the different lawful bases for processing data. For brevity, we’ll keep our explanations of the least useful legal bases light. We’ll use plenty of examples from organisations big and small of the right way and the wrong way to apply these lawful bases. We’ll also bust some common GDPR myths.


  • Consent
  • Contract
  • Legal obligation
  • Vital interests
  • Public task
  • Legitimate interests
  • Mini-assessment

Section 4: Data subject’s rights

What you’ll learn

In this section we’ll look at the different rights that data subjects have. We’ll explore how they can exercise their rights and how you can support these rights in order to improve GDPR compliance by bringing in some practical examples.


  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling
  • Mini-assessment

Section 5: Key topics & GDPR in-practice

What you’ll learn

In this section we’ll wrap up everything that we’ve learned. We’ll look at some of the biggest issues that organisations face with GDPR. We’ll also provide some practical measures that each staff member can apply to improve compliance in their day to day tasks.


  • The role of data protection officers
  • International data transfers (restricted transfers)
  • Data security
    • Physical
    • Cybersecurity
  • Data breaches
  • The future of GDPR – how to stay up to date
  • End of course assessment

How it works

Step 1

Buy course seats

Purchase online using your credit or debit card. Our onboarding team will be in touch to help you invite staff members to take up their seats. They’ll receive an invite to join our learning platform by email.

Step 2

Start learning

Each team member will have access to the learning materials, interactive assessments and quizzes. On completion of the course team members will be issued with a certificate.

Step 3

Keep ahead

You’ll receive periodic updates by email covering changes to GDPR, enforcement cases and what they mean for your compliance efforts. We’ll also let you know how we’ve used this information to update the course, trainees can review any updated lesson materials on the learning platform.

What’s included


  • Distraction-free online learning platform
  • Mini quizzes & end of course assessment


  • Access to all course material updates and enhancements for the length of your access period
  • Alerts about how changes to DPA18/GDPR may impact your organisation for the length of your access period


  • Certificate on completion 🎉

Course FAQs

Yes, on completion of the course you will be issued with a digital certificate. It will be issued by our team shortly after completion of Sections 1-5 of the course including the end of course quiz. You can add this to your LinkedIn profile.

Yes, simply state a team name, for example “ABC GDPR Team”, then select the number of seats required. Next indicate whether you will be taking a seat yourself, or simply will be the administration contact for the purchase. Once you have completed payment you will be prompted to invite your team to join the course. They will then receive emails with their own access details.

Yes, you can cancel your order for a full refund within 14 calendar days of purchase. Any certificates issued within this time will be voided. This does not affect your statutory rights.

Information about GDPR

What is the Data Protection Act 2018?

The Data Protection Act 2018 (DPA18) is a data protection law that governs the use of data in the UK. The DPA18 writes the EU GDPR into UK Law, after Brexit this part of the law is now referred to as UK GDPR. Many sections are copied word for word. But there are some differences that you need to be aware of if you are based in the UK or are processing the personal data of UK citizens.

What are the fines under UK GDPR?

Lower-tier violations can lead to a fine of up to £8.7 million or 2% of the organisation’s worldwide annual turnover, whichever is higher. More serious violations can lead to a fine of up to £17.5 million or 4% of the organisation’s worldwide annual turnover, whichever is higher. The tier applied depends on what provisions of UK GDPR have been breached.

What are the fines under EU GDPR?

There are two tiers of fines under EU GDPR. The upper maximum, allows fines of upto 20 million Euros or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher. The standard maximum, allows fines of upto 10 million Euros (or equivalent in sterling) or 2% of the total annual worldwide turnover in the preceding financial year, whichever is higher. The tier applied depends on what provisions of EU GDPR have been breached.

How is GDPR enforced?

Local enforcement agencies exist in each country of the EEA(European Economic Area) and in the UK. For example in the UK, it’s the ICO, in France it’s the CNIL, in Spain it’s the AEPD. These are public bodies that work independently of the state. These agencies are required to enforce the application of GDPR and provide assistance to individuals and organisations to ensure that data subjects’ rights are upheld. These agencies lead investigations into non-compliance, they have the power to audit organisations data practices and have the power to issue fines for non-compliance.

What counts as personal data under GDPR?

The definition of personal data under the GDPR is broad. In Art. 4 (1). of the GDPR, Personal data is defined as any information related to an identified or identifiable natural person. It does not matter if it is not possible to fully identify the individual solely from the personal data concerned. If the personal data can be combined with other data to identify an individual then it still must be afforded protections under GDPR. Some examples of personal data could include a name, email address, date of birth, bank account details, ID card number, location history or metadata such as the time of access to a specific service or product.

Who does GDPR affect?

GDPR affects any organisation processing the personal data of EU residents (EU GDPR) or UK residents (UK GDPR). An organisation could be a sole trader, a registered business, a non-profit/charity or a club/membership organisation. Only natural persons processing data for non-commercial means would be exempt, or the processing of data by non-automated means which was not intended to be stored in a filing system later. For example, an individual storing their friend’s mobile number in their mobile phone would not be subject to GDPR. Neither would a Barista writing your name on a coffee cup. However, an individual working for a company, storing a client’s mobile phone number in a database would be. Similarly, an individual running a group class at a non-profit community centre who stores attendance lists containing personal data such as names and contact details would be subject to GDPR. The scope is wide.

If personal data is processed for “b2b” purposes is it covered by GDPR?

Yes. There are no “b2b” exemption under GDPR. Even if you are processing data about your suppliers, customers or competitors, for example the names and email address of senior managers that work in these organisations – you still need to afford that data GDPR level protections.

What does the ICO say about “GDPR training”?

The ICO recognises there are many different ways to make employees aware of their responsibilities with personal data under GDPR. They generally suggest a multi layered approach, a mixture of training and reminders (for example email updates, posters or other notices) to communicate with employees about GDPR. They recommend GDPR training as part of their accountability framework. Specifically the accountability framework recommends induction and refresher training for all staff that process personal data. And specialised training for staff with key data protection responsibilities (such as DPOs, subject access and records management teams).

How does this course differ from the free GDPR course offered?

Our free GDPR course covers very basic GDPR content. It is not recommended for organisations to use the free course for awareness training because some knowledge gaps will exist. The free GDPR course is aimed towards people who are looking for an opportunity to improve their CV or who are from organisations with zero budget for GDPR training, for example companies pre-formation or non-profit groups without an official legal wrapper who may be concerned about GDPR can affect their data processing activities. The Essentials GDPR Course offered on this page is far more comprehensive than the free GDPR course. It features more real-life examples and goes into further detail on some of the biggest compliance risks.

Course resources


GDPR documentation requirements guide

An overview of the documents mentioned in UK GDPR. What they are, the legal basis for preparing them and who should prepare them.


GDPR legitimate interests assessment

A template to assist you in making a legitimate interests assessment.

Other courses

gdpr refresher course preview

GDPR Refresher Training Course

Included in PLUS

A short interactive online GDPR refresher course that will keep your knowledge of GDPR sharp and help you reduce your risk of subsequent financial penalties.

PECR Course Preview

PECR for Marketers Training Course

PECR – ePrivacy
Included in PLUS

Specialist training for sales and marketing teams that will teach them how to comply with PECR (Privacy and Electronic Communications Regulations).

Join this course

Single Course

£16.50 per seat

Measured Collective Plus

  • Access to all paid courses.
  • Extended access, one annual payment.
  • From £236 per team (includes 20 seats) – extra seats charged at £7.90 per year.

Want to license this course for your LMS? SCORM format is available. Connect with our sales team.