GDPR Online Training Course
This online GDPR course is ideal for all employees as part of their data protection awareness training.
The course gives each trainee an overview of where GDPR came from, how it applies today in the UK and EU following Brexit, the principles of data protection that must be followed under GDPR, the lawful bases under which data can be processed and the rights that each data subject holds with examples of how they work in practice.
It also covers key common GDPR compliance risks such as recognising SARs (subject access requests), data security and data breaches. Situational questions improve data protection confidence throughout the course and help build confidence towards the final assessment.
- 100% online
- 1-2 hours
- UK GDPR – DPA18 (🇬🇧) + EU GDPR (🇪🇺)
PREVIEW A LESSON FROM THIS COURSE
Why learn about GDPR?
Nobody wants to be lectured to. Learners get the knowledge they need through concise and engaging videos. Then, they apply what they’ve learnt through situational questions.
Ticks every box
Aligns with the ICO’s accountability guidelines for data privacy training.
Kept up to date
Our team regularly reviews the latest developments in data privacy law. We build this knowledge into course updates and email alerts so you can keep ahead.
For awareness training, this course won’t leave any knowledge gaps. It gives staff exactly what they need to know and makes sure they can understand how it is applied in practice.
Learning with us
- Understand the key principles, data subject rights, legal basis for processing and implementation challenges of GDPR
- Know how to handle personal data properly in compliance with GDPR
- Be aware of the biggest GDPR compliance risks that all employees face and how to mitigate their impact.
- Feel confident applying GDPR in day to day tasks.
GDPR Training Recommendations
- All employees should complete some GDPR training. Ideally, before they start processing personal data.
- Employees who process significant volumes of data or who perform high risk data processing activities such as sales and marketing staff should receive additional training. Employees who make strategic decisions or product design decisions (which may concern the processing of personal data) may also benefit from additional training.
- All employees should receive refresher training 1 or 2 times a year to ensure that they still have a good understanding of GDPR and to help them understand any changes to how GDPR is applied. This will also help organisations improve their compliance with the Accountability principle of GDPR.
This course is recommended for
- All staff as part of GDPR awareness training.
There is no prerequisite for this GDPR training.
What do I need for this course?
This course is 100% online and delivered through our online learning platform. You will need a computer and a stable internet connection to access the video lessons and interactive assessments. Organisations can also access this content via their own LMS on request (different pricing and licensing terms will apply).
Section 1: Intro and key definitions
What you’ll learn
In this section we’ll introduce GDPR and make sure you fully understand the key definitions. We’ll look at how this regulation fits into the overall data privacy law landscape. We’ll explain why GDPR was introduced and examine how it works across the UK and EU with particular focus on the small, but important differences that apply following Brexit.
- What is GDPR?
- The data privacy law landscape – Data Protection Act 2018
- Why GDPR matters
- UK GDPR and EU GDPR – What’s the difference?
- GDPR enforcement and penalties
- Defining personal data
- Defining data controllers, data processors and data subjects
Section 2: Principles of GDPR
What you’ll learn
In this section we’ll dive deep into the principles of GDPR. We’ll explain how a solid understanding of these principles can help you achieve full compliance with GDPR. And we’ll look at how you can use your knowledge of these principles to tackle different situations that currently lack specific guidance – so your projects will never be stuck at a GDPR roadblock again.
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
Section 3: Establishing a lawful basis for processing
What you’ll learn
In this section we’ll look at the different lawful bases for processing data. For brevity, we’ll keep our explanations of the least useful legal bases light. We’ll use plenty of examples from organisations big and small of the right way and the wrong way to apply these lawful bases. We’ll also bust some common GDPR myths.
- Legal obligation
- Vital interests
- Public task
- Legitimate interests
Section 4: Data subject’s rights
What you’ll learn
In this section we’ll look at the different rights that data subjects have. We’ll explore how they can exercise their rights and how you can support these rights in order to improve GDPR compliance by bringing in some practical examples.
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Section 5: Key topics & GDPR in-practice
What you’ll learn
In this section we’ll wrap up everything that we’ve learned. We’ll look at some of the biggest issues that organisations face with GDPR. We’ll also provide some practical measures that each staff member can apply to improve compliance in their day to day tasks.
- The role of data protection officers
- International data transfers (restricted transfers)
- Data security
- Data breaches
- The future of GDPR – how to stay up to date
- End of course assessment
How it works
Buy course seats
Purchase online using your credit or debit card. Or contact us directly to pay by bank transfer. Our onboarding team will be in touch to help you invite staff members to take up their seats. They’ll receive an invite to join our learning platform by email.
Each team member will have access to the learning materials, interactive assessments and quizzes. On completion of the course team members will be issued with a certificate.
You’ll receive periodic updates by email covering changes to GDPR, enforcement cases and what they mean for your compliance efforts. We’ll also let you know how we’ve used this information to update the course, trainees can review any updated lesson materials on the learning platform.
- Distraction-free online learning platform
- Mini quizzes & end of course assessment
- Access to all course material updates and enhancements for the length of your access period
- Alerts about how changes to DPA18/GDPR may impact your organisation for the length of your access period
- Certificate on completion 🎉
Yes, on completion of the course you will be issued with a digital certificate. It will be issued by our team shortly after completion of Sections 1-5 of the course including the end of course quiz. You can add this to your LinkedIn profile.
Yes, simply state a team name, for example “ABC GDPR Team”, then select the number of seats required. Next indicate whether you will be taking a seat yourself, or simply will be the administration contact for the purchase. Once you have completed payment you will be prompted to invite your team to join the course. They will then receive emails with their own access details.
Yes, you can cancel your order for a full refund within 14 calendar days of purchase. Any certificates issued within this time will be voided. This does not affect your statutory rights.
The Data Protection Act 2018 (DPA18) is a data protection law that governs the use of data in the UK. The DPA18 writes the EU GDPR into UK Law, after Brexit this part of the law is now referred to as UK GDPR. Many sections are copied word for word. But there are some differences that you need to be aware of if you are based in the UK or are processing the personal data of UK citizens.
Lower-tier violations can lead to a fine of up to £8.7 million or 2% of the organisation’s worldwide annual turnover, whichever is higher. More serious violations can lead to a fine of up to £17.5 million or 4% of the organisation’s worldwide annual turnover, whichever is higher. The tier applied depends on what provisions of UK GDPR have been breached.
There are two tiers of fines under EU GDPR. The upper maximum, allows fines of upto 20 million Euros or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher. The standard maximum, allows fines of upto 10 million Euros (or equivalent in sterling) or 2% of the total annual worldwide turnover in the preceding financial year, whichever is higher. The tier applied depends on what provisions of EU GDPR have been breached.
Local enforcement agencies exist in each country of the EEA(European Economic Area) and in the UK. For example in the UK, it’s the ICO, in France it’s the CNIL, in Spain it’s the AEPD. These are public bodies that work independently of the state. These agencies are required to enforce the application of GDPR and provide assistance to individuals and organisations to ensure that data subjects’ rights are upheld. These agencies lead investigations into non-compliance, they have the power to audit organisations data practices and have the power to issue fines for non-compliance.
The definition of personal data under the GDPR is broad. In Art. 4 (1). of the GDPR, Personal data is defined as any information related to an identified or identifiable natural person. It does not matter if it is not possible to fully identify the individual solely from the personal data concerned. If the personal data can be combined with other data to identify an individual then it still must be afforded protections under GDPR. Some examples of personal data could include a name, email address, date of birth, bank account details, ID card number, location history or metadata such as the time of access to a specific service or product.
GDPR affects any organisation processing the personal data of EU residents (EU GDPR) or UK residents (UK GDPR). An organisation could be a sole trader, a registered business, a non-profit/charity or a club/membership organisation. Only natural persons processing data for non-commercial means would be exempt, or the processing of data by non-automated means which was not intended to be stored in a filing system later. For example, an individual storing their friend’s mobile number in their mobile phone would not be subject to GDPR. Neither would a Barista writing your name on a coffee cup. However, an individual working for a company, storing a client’s mobile phone number in a database would be. Similarly, an individual running a group class at a non-profit community centre who stores attendance lists containing personal data such as names and contact details would be subject to GDPR. The scope is wide.
Yes. There are no “b2b” exemption under GDPR. Even if you are processing data about your suppliers, customers or competitors, for example the names and email address of senior managers that work in these organisations – you still need to afford that data GDPR level protections.
The ICO recognises there are many different ways to make employees aware of their responsibilities with personal data under GDPR. They generally suggest a multi layered approach, a mixture of training and reminders (for example email updates, posters or other notices) to communicate with employees about GDPR. They recommend GDPR training as part of their accountability framework. Specifically the accountability framework recommends induction and refresher training for all staff that process personal data. And specialised training for staff with key data protection responsibilities (such as DPOs, subject access and records management teams).
Our free GDPR course covers very basic GDPR content. It is not recommended for organisations to use the free course for awareness training because some knowledge gaps will exist. The free GDPR course is aimed towards people who are looking for an opportunity to improve their CV or who are from organisations with zero budget for GDPR training, for example companies pre-formation or non-profit groups without an official legal wrapper who may be concerned about GDPR can affect their data processing activities. The Essentials GDPR Course offered on this page is far more comprehensive than the free GDPR course. It features more real-life examples and goes into further detail on some of the biggest compliance risks.
An overview of the documents mentioned in UK GDPR. What they are, the legal basis for preparing them and who should prepare them.
A template to assist you in making a legitimate interests assessment.