GDPR & DPA18 Essentials
A new course from Measured Collective that will give everyone the knowledge they need to know about GDPR and DPA18.
The content is relevant to any company processing the personal data of UK-based customers, or making a website/app available to UK-based visitors.
5 hours // 100% online // £49 per seat
UK GDPR – DPA18 (🇬🇧) ∘ EU GDPR (🇪🇺)
Learning with us
There is no prerequisite for this GDPR training.
What do I need for this course?
This course is 100% online. You will need a computer and a stable internet connection to access the video lessons.
Section 1: Intro and key definitions
- What is GDPR?
- The data privacy law landscape.
- Why GDPR matters
- UK GDPR and EU GDPR – What’s the difference?
- GDPR Enforcement and penalties
- Defining personal data
- Defining data subjects and data processors
Section 2: Principles of GDPR
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
Section 3: Establishing a legal basis for processing
- Legal obligation
- Vital interests
- Public task
- Legitimate interests
Section 4: Data subject’s rights
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights in relation to automated decision making and profiling.
Section 5: Key topics & GDPR in-practice
- Data protection officers
- International data transfers
- Data breaches
Join this course
£49 per seat
12 months online access
Certificate on completion
£275 per seat
Video call class with expert instructor
Ask questions during an extended Q&A
Pro + Training
From £1650 per organisation
12 months Measured Collective Pro (Light) data privacy law consulting and support
Penetration testing of your website and/app
3 online training seats
The Data Protection Act 2018 (DPA18) governs the use of data in the UK. The DPA18 writes the EU GDPR into UK Law. Many sections are copied word for word. But there are some differences that you need to be aware of if you are based in the UK or are marketing to citizens of the UK.
There are two tiers of fines under GDPR. The upper maximum, allows fines of upto 20 million Euros or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher.
The standard maximum, allows fines of upto 10 million Euros (or equivalent in sterling) or 2% of the total annual worldwide turnover in the preceding financial year, whichever is higher. The tier applied depends on what provisions of GDPR have been breached.
Local enforcement agencies exist in each EU Member State. For example in the UK, it’s the ICO, in France it’s the CNIL, in Spain it’s the AEPD. These are public bodies that work independently of the state. These agencies are required to enforce the application of GDPR and provide assistance to individuals and organisations to ensure that data subjects’ rights are upheld. These agencies lead investigations into non-compliance, they have the power to audit organisations data practices and have the power to issue fines for non-compliance.
The definition of personal data under the GDPR is broad. In Art. 4 (1). of the GDPR, Personal data is defined as any information related to an identified or identifiable natural person. It does not matter if it is not possible to fully identify the individual solely from the personal data concerned. If the personal data can be combined with other data to identify an individual then it still must be afforded protections under GDPR
The law affects any organisation processing the personal data of EU citizens. An organisation could be a sole trader, a registered business, a non-profit/charity or a club/membership organisation. Only natural persons, processing data for non-commercial means would be exempt. For example, an individual storing their friend’s mobile number in their mobile phone would not be subject to GDPR. However, an individual working for a company, storing a prospect’s mobile phone number would be. Similarly, an individual running a group class at a non-profit community centre who stores attendance lists containing personal data such as first and last names, would be subject to GDPR.
Will I get a certificate?
Yes, on completion of the course you will be issued with a digital certificate. It will be issued by our team shortly after completion of Sections 1-3 of the course including the end of course quiz. You can add this to your LinkedIn profile.
Do I need qualifications to take this course?
No. This course requires no previous experience or qualifications.
Will all the course content be available straight-away?
Yes, the course content will be available immediately.
How long will I get access for?
Each seat gets 12 months access from the date of purchase.
Can I buy multiple seats?
Yes. You can buy multiple seats using our teams feature. Simply state a team name, for example “ABC GDPR Team”, then select the number of seats required. Next indicate whether you will be taking a seat yourself, or simply will be the administration contact for the purchase. Once you have completed payment you will be prompted to invite your team to join the course. They will then receive emails with their own access details.
Want to take this a bit further?
Would you like to bring this training in-house? Follow it through live with an expert? Or, get us to customise the content to your specific needs?
Anything is possible, just speak to our team.
You may even want to create an entire 3 day data privacy law festival, with live performances, circus acts and elaborate catering? – well as long as you take responsibility for selling the tickets, count us in.
Whatever you’re thinking, elaborate or not – speak with our friendly sales team to make it all happen.