GDPR & DPA18 Essentials

A new course from Measured Collective that will give everyone the knowledge they need to know about GDPR and DPA18.

The content is relevant to any company processing the personal data of UK-based customers, or making a website/app available to UK-based visitors.

5 hours // 100% online // £49 per seat
UK GDPR – DPA18 (🇬🇧) ∘ EU GDPR (🇪🇺)

Learning with us

Course content


There is no prerequisite for this GDPR training.

What do I need for this course?

This course is 100% online. You will need a computer and a stable internet connection to access the video lessons.

Section 1: Intro and key definitions


  • What is GDPR?
  • The data privacy law landscape.
  • Why GDPR matters
  • UK GDPR and EU GDPR – What’s the difference?
  • GDPR Enforcement and penalties
  • Defining personal data
  • Defining data subjects and data processors

Section 2: Principles of GDPR


  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

Section 3: Establishing a legal basis for processing


  • Consent
  • Contract
  • Legal obligation
  • Vital interests
  • Public task
  • Legitimate interests

Section 4: Data subject’s rights


  • The right to be informed.
  • The right of access.
  • The right to rectification.
  • The right to erasure.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object.
  • Rights in relation to automated decision making and profiling.

Section 5: Key topics & GDPR in-practice


  • Data protection officers
  • International data transfers
  • Security
    • Physical
    • Cybersecurity
  • Data breaches

What’s included:


  • 12 months course access
  • Distraction-free online learning platform
  • Quizzes & GDPR checklists


  • Access to all course material updates and enhancements for the length of your access period
  • Alerts about how changes to DPA18/GDPR may impact your organisation for the length of your access period


  • Certificate on completion – to share on your LinkedIn profile 🎉 (trust us, it’s really pretty, you might even want to put it on your mantelpiece)

Join this course

Online access

£49 per seat

12 months online access
Certificate on completion

Live class

£275 per seat

Video call class with expert instructor
Ask questions during an extended Q&A

Pro + Training

From £1650 per organisation

12 months Measured Collective Pro (Light) data privacy law consulting and support
Privacy policy, cookie policy, DPIA, internal policy document updates.
Penetration testing of your website and/app
3 online training seats

About GDPR

What is the Data Protection Act 2018?

The Data Protection Act 2018 (DPA18) governs the use of data in the UK. The DPA18 writes the EU GDPR into UK Law. Many sections are copied word for word. But there are some differences that you need to be aware of if you are based in the UK or are marketing to citizens of the UK.

What are the fines under GDPR?

There are two tiers of fines under GDPR. The upper maximum, allows fines of upto 20 million Euros or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher.
The standard maximum, allows fines of upto 10 million Euros (or equivalent in sterling) or 2% of the total annual worldwide turnover in the preceding financial year, whichever is higher. The tier applied depends on what provisions of GDPR have been breached.

How is GDPR enforced?

Local enforcement agencies exist in each EU Member State. For example in the UK, it’s the ICO, in France it’s the CNIL, in Spain it’s the AEPD. These are public bodies that work independently of the state. These agencies are required to enforce the application of GDPR and provide assistance to individuals and organisations to ensure that data subjects’ rights are upheld. These agencies lead investigations into non-compliance, they have the power to audit organisations data practices and have the power to issue fines for non-compliance.

What counts as personal data under GDPR?

The definition of personal data under the GDPR is broad. In Art. 4 (1). of the GDPR, Personal data is defined as any information related to an identified or identifiable natural person. It does not matter if it is not possible to fully identify the individual solely from the personal data concerned. If the personal data can be combined with other data to identify an individual then it still must be afforded protections under GDPR

Who does the law affect?

The law affects any organisation processing the personal data of EU citizens. An organisation could be a sole trader, a registered business, a non-profit/charity or a club/membership organisation. Only natural persons, processing data for non-commercial means would be exempt. For example, an individual storing their friend’s mobile number in their mobile phone would not be subject to GDPR. However, an individual working for a company, storing a prospect’s mobile phone number would be. Similarly, an individual running a group class at a non-profit community centre who stores attendance lists containing personal data such as first and last names, would be subject to GDPR.


Want to take this a bit further?

Would you like to bring this training in-house? Follow it through live with an expert? Or, get us to customise the content to your specific needs? 

Anything is possible, just speak to our team. 

You may even want to create an entire 3 day data privacy law festival, with live performances, circus acts and elaborate catering? – well as long as you take responsibility for selling the tickets, count us in. 

Whatever you’re thinking, elaborate or not – speak with our friendly sales team to make it all happen.