An online course on complying with GDPR & DPA18.
Designed especially for marketing teams.
2 Modules ∘ 4-6 Hours ∘ 100% Online ∘ Certification on Completion
GDPR(🇪🇺) ∘ DPA18(🇬🇧)
We built a course that teaches you what you need to know about GDPR & DPA18. We packed it full of relevant examples for marketers. And then we future-proofed it, with modules that update when new laws emerge.
About GDPR & DPA18
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Privacy Law.
- Approved in 2016.
- It applies from 26th May 2018.
- Replaces the European Data Protection Directive. Updates the laws of member states such as the Data Protection Act in the UK.
Who does the law affect?
The law affects any organisation processing the personal data of EU citizens. An organisation could be a sole trader, a registered business, a non-profit/charity or a club/membership organisation. Only natural persons, processing data for non-commercial means would be exempt. For example, an individual storing their friend’s mobile number in their mobile phone would not be subject to GDPR. However, an individual working for a company, storing a prospect’s mobile phone number would be. Similarly, an individual running a group class at a non-profit community centre who stores attendance lists containing personal data such as first and last names, would be subject to GDPR.
What counts as personal data?
The definition of personal data under the GDPR is broad. In Art. 4 (1). of the GDPR, Personal data is defined as any information related to an identified or identifiable natural person.
It does not matter if it is not possible to fully identify the individual solely from the personal data concerned. If the personal data can be combined with other data to identify an individual then it still must be afforded protections under GDPR.
Examples of personal data covered by GDPR include:
Common data like names, phone numbers, email addresses, addresses, date of birth. Physical data, like height or weight. Preferences, like an interest in business, or a preference for spicy food. Financial data, like the date and value of a purchase, or a credit card number. Opinions, like a review of a product or service. Metadata, like the date and time of website visits.
How is the law enforced?
Local enforcement agencies exist in each EU Member State. For example in the UK, it’s the ICO, in France it’s the CNIL, in Spain it’s the AEPD. These are public bodies that work independently of the state. These agencies are required to enforce the application of GDPR and provide assistance to individuals and organisations to ensure that data subjects’ rights are upheld. These agencies lead investigations into non-compliance, they have the power to audit organisations data practices and have the power to issue fines for non-compliance.
What are the fines and penalties?
There are two tiers of fines under GDPR. The upper maximum, allows fines of upto 20 million Euros or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher.
The standard maximum, allows fines of upto 10 million Euros (or equivalent in sterling) or 2% of the total annual worldwide turnover in the preceding financial year, whichever is higher.
The tier applied depends on what provisions of GDPR have been breached.
What is DPA18?
The Data Protection Act 2018 (DPA18) governs the use of data in the UK. The DPA18 writes the EU GDPR into UK Law. Many sections are copied word for word. But there are some differences that you need to be aware of if you are based in the UK or are marketing to citizens of the UK.
It’s expected that after the UK’s withdrawal from the EU that the DPA18 will be updated. We don’t expect any major changes to the rights of data subjects or the principles as they are currently laid out in the GDPR as the UK government has indicated it wishes to uphold GDPR level data protections. However, we are expecting some changes regarding the transfer of personal data outside the UK, and some changes to the terminology used. This may have implications for how you apply data protection law in your business.
500+ pages of regulation made concise
Find out what data legislation actually means in practice for marketers.
Get access to modern data policy templates
Get compliant quickly with templates that help you keep up with your documentation requirements under GDPR.
Created by expert marketers actively using these data practices
Built by marketers, for marketers. As featured on Ada’s List, Entrepreneurs’ Scotland & more.
Will I get a certificate?
Yes, on completion of the course you will be issued with a digital certificate. You can add this to your LinkedIn profile.
How long does the course take to complete?
It takes approximately 4-6 hours to study the entire course.
Do I need qualifications to take this course?
No. Our courses require no previous experience or qualifications. Marketers working in large corporations and marketers working in startups will equally benefit.
Do you have a product for teams?
Yes, we offer a team subscription that allows brands to train their whole marketing team in data privacy and other data skills. Please email our sales team if you would like more information – firstname.lastname@example.org
How long will I get access for?
For as long as your subscription is active. You will also get access to refresher courses.
How can I claim my certification?
We will email you after you have completed the training.