GDPR Online Course
Get the essential GDPR knowledge you need to know. This online GDPR course provides the perfect UK GDPR awareness training.
Short but comprehensive.
The course gives each learner an overview of where GDPR came from, how it applies today in the UK and EU following Brexit, the principles of data protection that must be followed under GDPR and the rights that each data subject holds with examples of how they work in practice.
It also covers key common compliance risks such as recognising SARs (subject access requests), data security and data breaches.
Interactive mini-tasks improve data privacy law confidence throughout the course and help build confidence towards the final assessment.
2-4 hours // 100% online
UK GDPR – DPA18 (🇬🇧) ∘ EU GDPR (🇪🇺)
Interactive
Nobody wants to be lectured to. Learners get the knowledge they need through concise and engaging videos. Then, they apply what they’ve learnt through practical interactive examples.
Ticks every box
Aligns with the ICO’s accountability guidelines for data privacy training.
Up to date
How GDPR is applied can change overnight. Our team regularly reviews the latest developments in data privacy law. We build this knowledge into regular course updates and email alerts so you can stay ahead.
How much will getting it wrong cost you?
Fines
Non-compliance with data privacy laws like GDPR (General Data Protection Regulation) can be costly. Under Part 6 of UK GDPR, a fine can be issued of up to £17.5 million or up to 4% of total global turnover whichever is higher.
Most fines fall down to human error. Often a result of a misunderstanding or simply forgetting how the rules work. Effective training can greatly reduce this risk.
- Investigations
- Personal liability
- Reputation damage
- Losing out on investment
- Failing supplier due-dil
- Ethics and moral compass
- Data deletion orders

We know what it feels like to worry you’re not doing the right thing
That’s why we set out to make the best GDPR training course on the market
Course content
Learning outcomes
- Understand the key principles, data subject rights and implementation challenges of the UK General Data Protection Regulation.
- Know the differences between UK GDPR and EU GDPR and be aware of how and when each regulation applies.
- Know how to handle personal data properly in compliance with GDPR
- Be aware of the biggest GDPR compliance risks that all employees face and how to mitigate their impact.
- Feel confident applying UK GDPR in your day to day tasks.
GDPR Training Recommendations
- All employees should receive at least basic GDPR awareness training before they start processing personal data.
- Employees who process significant volumes of data or who perform high risk data processing activities such as sales and marketing staff should receive additional training.
- All employees should receive regular refresher training twice a year to ensure that they still understand the principles of GDPR and understand the impact of any recent changes.
Recommended for:
- All staff as part of GDPR awareness training. Induction training. Ideally completed before they have begun processing personal data.
Prerequisites
There is no prerequisite for this GDPR training.
What do I need for this course?
This course is 100% online. You will need a computer and a stable internet connection to access the video lessons and interactive assessments.

Section 1: Intro and key definitions
Lessons
- What is GDPR?
- The data privacy law landscape
- Why GDPR matters
- UK GDPR and EU GDPR – What’s the difference?
- GDPR Enforcement and penalties
- Defining personal data
- Defining data controllers, data processors and data subjects
What you’ll learn
In this section we’ll introduce UK GDPR and EU GDPR. We’ll look at how these regulations fit into the overall data privacy law landscape. We’ll explain why GDPR was introduced and examine how it applies across the UK and EU with particular focus on the small, but important differences that apply following Brexit.
How good is your current knowledge?
Section 2: Principles of GDPR
Lessons
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
What you’ll learn
In this section we’ll dive deep into the principles of GDPR. We’ll explain how a solid understanding of these principles can help you achieve full compliance with GDPR. And we’ll look at how you can use your knowledge of these principles to tackle different situations that currently lack specific guidance. So your projects will never be stuck at a GDPR roadblock again.
How good is your current knowledge?
Section 3: Establishing a legal basis for processing
Lessons
- Consent
- Contract
- Legal obligation
- Vital interests
- Public task
- Legitimate interests
What you’ll learn
In this section we’ll look at the different legal basis for processing data. For brevity, we’ll keep our explanations of the least useful legal bases light. We’ll use plenty of examples from organisations big and small of the right way and the wrong way to apply these legal bases.
How good is your current knowledge?
Section 4: Data subject’s rights
Lessons
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
What you’ll learn
In this section we’ll look at the different rights that data subjects have. We’ll explore how they can exercise their rights and what you need to be prepared to provide.
How good is your current knowledge?
Section 5: Key topics & GDPR in-practice
Lessons
- Data protection officers
- International data transfers
- Data security
- Physical
- Cybersecurity
- Data breaches
What you’ll learn
In this section we’ll wrap up everything that we’ve learned. We’ll look at some of the biggest issues that organisations face with GDPR. We’ll provide some practical measures that each staff member can apply.
How good is your current knowledge?
Course notes & updates
Notes
This course is focussed on UK GDPR. However, there are currently very few differences between the legal text of UK GDPR and EU GDPR. This course will suit anybody who needs to gain a knowledge of UK GDPR and/or EU GDPR. We will highlight any differences throughout the course content.
Updates
January 2022 Update
- We’ve updated this course to reflect
How updates work
Our team regularly reviews the latest developments in data privacy law. We build this knowledge into regular course updates and email alerts so you can stay ahead.
Typically we make updates to the course material every 4-6 months.
How it works
Step 1
Buy course seats
Purchase online using your credit or debit card, or via BACS. Our onboarding team will be in touch to help you invite staff members to take up their seats. They’ll receive an invite by email. For more than 10 seats, please get in touch for bulk pricing.
Step 2
Start learning
Each team member will have access to the learning materials, interactive assessments and quizzes. On completion of the course team members will be issued with a certificate.
Step 3
Keep ahead
You will receive periodic updates by email covering changes to GDPR, enforcement cases and what they mean for your compliance efforts. We’ll also let you know when this course is updated.
What’s included:
Training
Updates
Certification
Join this course
Single course
Access to this course only. Includes 6 months of course updates and email alerts.
6 months access
You can add more seats in the next step.
Measured Collective Unlimited
Unlimited access to all courses and updates for the length of your subscription. Includes email alerts covering GDPR, PECR, CCPA and more so you always stay up to date. Cancel anytime.
About GDPR
The Data Protection Act 2018 (DPA18) is a data protection law that governs the use of data in the UK. The DPA18 writes the EU GDPR into UK Law, after Brexit this part of the law is now referred to as UK GDPR. Many sections are copied word for word. But there are some differences that you need to be aware of if you are based in the UK or are marketing to citizens of the UK.
Lower-tier violations can lead to a fine of up to £8.7 million or 2% of the organisation’s worldwide annual turnover, whichever is higher. More serious violations can lead to a fine of up to £17.5 million or 4% of the organisation’s worldwide annual turnover, whichever is higher. The tier applied depends on what provisions of UK GDPR have been breached.
There are two tiers of fines under EU GDPR. The upper maximum, allows fines of upto 20 million Euros or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher.
The standard maximum, allows fines of upto 10 million Euros (or equivalent in sterling) or 2% of the total annual worldwide turnover in the preceding financial year, whichever is higher. The tier applied depends on what provisions of EU GDPR have been breached.
Local enforcement agencies exist in each country of the EEA(European Economic Area) and in the UK. For example in the UK, it’s the ICO, in France it’s the CNIL, in Spain it’s the AEPD. These are public bodies that work independently of the state. These agencies are required to enforce the application of GDPR and provide assistance to individuals and organisations to ensure that data subjects’ rights are upheld. These agencies lead investigations into non-compliance, they have the power to audit organisations data practices and have the power to issue fines for non-compliance.
The definition of personal data under the GDPR is broad. In Art. 4 (1). of the GDPR, Personal data is defined as any information related to an identified or identifiable natural person. It does not matter if it is not possible to fully identify the individual solely from the personal data concerned. If the personal data can be combined with other data to identify an individual then it still must be afforded protections under GDPR
GDPR affects any organisation processing the personal data of EU residents (EU GDPR) or UK residents (UK GDPR). An organisation could be a sole trader, a registered business, a non-profit/charity or a club/membership organisation. Only natural persons, processing data for non-commercial means would be exempt, or the processing of data by non-automated means which was not intended to be stored in a filing system later. For example, an individual storing their friend’s mobile number in their mobile phone would not be subject to GDPR. Neither would a Barista writing your name on a coffee cup. However, an individual working for a company, storing a prospect’s mobile phone number in a database would be. Similarly, an individual running a group class at a non-profit community centre who stores attendance lists containing personal data such as first and last names, would be subject to GDPR. The scope is wide.
FAQs
Will I get a certificate?
Yes, on completion of the course you will be issued with a digital certificate. It will be issued by our team shortly after completion of Sections 1-3 of the course including the end of course quiz. You can add this to your LinkedIn profile.
Do I need qualifications to take this course?
No. This course requires no previous experience or qualifications.
Will all the course content be available straight-away?
Yes, the course content will be available immediately.
Can I buy multiple seats?
Yes. You can buy multiple seats using our teams feature. Simply state a team name, for example “ABC GDPR Team”, then select the number of seats required. Next indicate whether you will be taking a seat yourself, or simply will be the administration contact for the purchase. Once you have completed payment you will be prompted to invite your team to join the course. They will then receive emails with their own access details.
Improve your GDPR compliance for free on our mailing list
More courses
GDPR Refresher Training Course
UK GDPR – EU GDPR
A short interactive online GDPR refresher course that will keep your knowledge of GDPR sharp and help you reduce your risk of subsequent financial penalties.
PECR for Marketers Online Course
PECR – ePrivacy
Specialist training for sales and marketing teams that will teach them how to comply with PECR (Privacy and Electronic Communications Regulations) and the incoming ePrivacy regulation.