GDPR Online Course

Get the essential GDPR knowledge you need to know. This online GDPR course provides the perfect UK GDPR awareness training. 

Short but comprehensive.

The course gives each learner an overview of where GDPR came from, how it applies today in the UK and EU following Brexit, the principles of data protection that must be followed under GDPR and the rights that each data subject holds with examples of how they work in practice.

It also covers key common compliance risks such as recognising SARs (subject access requests), data security and data breaches. 

Interactive mini-tasks improve data privacy law confidence throughout the course and help build confidence towards the final assessment.

2-4 hours // 100% online
UK GDPR – DPA18 (🇬🇧) ∘ EU GDPR (🇪🇺)


Nobody wants to be lectured to. Learners get the knowledge they need through concise and engaging videos. Then, they apply what they’ve learnt through practical interactive examples.

Ticks every box

Aligns with the ICO’s accountability guidelines for data privacy training.

Up to date

How GDPR is applied can change overnight. Our team regularly reviews the latest developments in data privacy law. We build this knowledge into regular course updates and email alerts so you can stay ahead.

Learning with us

How much will getting it wrong cost you?


Non-compliance with data privacy laws like GDPR (General Data Protection Regulation) can be costly. Under Part 6 of UK GDPR, a fine can be issued of up to £17.5 million or up to 4% of total global turnover whichever is higher.

Most fines fall down to human error. Often a result of a misunderstanding or simply forgetting how the rules work. Effective training can greatly reduce this risk.

  • Investigations
  • Personal liability
  • Reputation damage
  • Losing out on investment
  • Failing supplier due-dil
  • Ethics and moral compass
  • Data deletion orders

We know what it feels like to worry you’re not doing the right thing
That’s why we set out to make the best GDPR training course on the market

Course content

Learning outcomes

  • Understand the key principles, data subject rights and implementation challenges of the UK General Data Protection Regulation.
  • Know the differences between UK GDPR and EU GDPR and be aware of how and when each regulation applies.
  • Know how to handle personal data properly in compliance with GDPR 
  • Be aware of the biggest GDPR compliance risks that all employees face and how to mitigate their impact.
  • Feel confident applying UK GDPR in your day to day tasks.

GDPR Training Recommendations

  • All employees should receive at least basic GDPR awareness training before they start processing personal data.
  • Employees who process significant volumes of data or who perform high risk data processing activities such as sales and marketing staff should receive additional training.
  • All employees should receive regular refresher training twice a year to ensure that they still understand the principles of GDPR and understand the impact of any recent changes.

Recommended for:

  • All staff as part of GDPR awareness training. Induction training. Ideally completed before they have begun processing personal data.


There is no prerequisite for this GDPR training.

What do I need for this course?

This course is 100% online. You will need a computer and a stable internet connection to access the video lessons and interactive assessments.

Section 1: Intro and key definitions


  • What is GDPR?
  • The data privacy law landscape
  • Why GDPR matters
  • UK GDPR and EU GDPR – What’s the difference?
  • GDPR Enforcement and penalties
  • Defining personal data
  • Defining data controllers, data processors and data subjects

What you’ll learn

In this section we’ll introduce UK GDPR and EU GDPR. We’ll look at how these regulations fit into the overall data privacy law landscape. We’ll explain why GDPR was introduced and examine how it applies across the UK and EU with particular focus on the small, but important differences that apply following Brexit.

How good is your current knowledge?

Section 2: Principles of GDPR


  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

What you’ll learn

In this section we’ll dive deep into the principles of GDPR. We’ll explain how a solid understanding of these principles can help you achieve full compliance with GDPR. And we’ll look at how you can use your knowledge of these principles to tackle different situations that currently lack specific guidance. So your projects will never be stuck at a GDPR roadblock again.

How good is your current knowledge?

Section 3: Establishing a legal basis for processing


  • Consent
  • Contract
  • Legal obligation
  • Vital interests
  • Public task
  • Legitimate interests

What you’ll learn

In this section we’ll look at the different legal basis for processing data. For brevity, we’ll keep our explanations of the least useful legal bases light. We’ll use plenty of examples from organisations big and small of the right way and the wrong way to apply these legal bases.

How good is your current knowledge?

Section 4: Data subject’s rights


  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

What you’ll learn

In this section we’ll look at the different rights that data subjects have. We’ll explore how they can exercise their rights and what you need to be prepared to provide.

How good is your current knowledge?

Section 5: Key topics & GDPR in-practice


  • Data protection officers
  • International data transfers
  • Data security
    • Physical
    • Cybersecurity
  • Data breaches

What you’ll learn

In this section we’ll wrap up everything that we’ve learned. We’ll look at some of the biggest issues that organisations face with GDPR. We’ll provide some practical measures that each staff member can apply.

How good is your current knowledge?

Course notes & updates


This course is focussed on UK GDPR. However, there are currently very few differences between the legal text of UK GDPR and EU GDPR. This course will suit anybody who needs to gain a knowledge of UK GDPR and/or EU GDPR. We will highlight any differences throughout the course content.


January 2022 Update

How updates work

Our team regularly reviews the latest developments in data privacy law. We build this knowledge into regular course updates and email alerts so you can stay ahead.

Typically we make updates to the course material every 4-6 months.

How it works

Step 1

Buy course seats

Purchase online using your credit or debit card, or via BACS. Our onboarding team will be in touch to help you invite staff members to take up their seats. They’ll receive an invite by email. For more than 10 seats, please get in touch for bulk pricing.

Step 2

Start learning

Each team member will have access to the learning materials, interactive assessments and quizzes. On completion of the course team members will be issued with a certificate.

Step 3

Keep ahead

You will receive periodic updates by email covering changes to GDPR, enforcement cases and what they mean for your compliance efforts. We’ll also let you know when this course is updated.

What’s included:


  • Distraction-free online learning platform
  • Quizzes & GDPR checklists


  • Access to all course material updates and enhancements for the length of your access period
  • Alerts about how changes to DPA18/GDPR may impact your organisation for the length of your access period


  • Certificate on completion 🎉

Join this course

Single course

Access to this course only. Includes 6 months of course updates and email alerts.

6 months access

You can add more seats in the next step.

Measured Collective Unlimited

Unlimited access to all courses and updates for the length of your subscription. Includes email alerts covering GDPR, PECR, CCPA and more so you always stay up to date. Cancel anytime.

About GDPR

What is the Data Protection Act 2018?

The Data Protection Act 2018 (DPA18) is a data protection law that governs the use of data in the UK. The DPA18 writes the EU GDPR into UK Law, after Brexit this part of the law is now referred to as UK GDPR. Many sections are copied word for word. But there are some differences that you need to be aware of if you are based in the UK or are marketing to citizens of the UK.

What are the fines under UK GDPR?

Lower-tier violations can lead to a fine of up to £8.7 million or 2% of the organisation’s worldwide annual turnover, whichever is higher. More serious violations can lead to a fine of up to £17.5 million or 4% of the organisation’s worldwide annual turnover, whichever is higher. The tier applied depends on what provisions of UK GDPR have been breached.

What are the fines under EU GDPR?

There are two tiers of fines under EU GDPR. The upper maximum, allows fines of upto 20 million Euros or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher.
The standard maximum, allows fines of upto 10 million Euros (or equivalent in sterling) or 2% of the total annual worldwide turnover in the preceding financial year, whichever is higher. The tier applied depends on what provisions of EU GDPR have been breached.

How is GDPR enforced?

Local enforcement agencies exist in each country of the EEA(European Economic Area) and in the UK. For example in the UK, it’s the ICO, in France it’s the CNIL, in Spain it’s the AEPD. These are public bodies that work independently of the state. These agencies are required to enforce the application of GDPR and provide assistance to individuals and organisations to ensure that data subjects’ rights are upheld. These agencies lead investigations into non-compliance, they have the power to audit organisations data practices and have the power to issue fines for non-compliance.

What counts as personal data under GDPR?

The definition of personal data under the GDPR is broad. In Art. 4 (1). of the GDPR, Personal data is defined as any information related to an identified or identifiable natural person. It does not matter if it is not possible to fully identify the individual solely from the personal data concerned. If the personal data can be combined with other data to identify an individual then it still must be afforded protections under GDPR

Who does GDPR affect?

GDPR affects any organisation processing the personal data of EU residents (EU GDPR) or UK residents (UK GDPR). An organisation could be a sole trader, a registered business, a non-profit/charity or a club/membership organisation. Only natural persons, processing data for non-commercial means would be exempt, or the processing of data by non-automated means which was not intended to be stored in a filing system later. For example, an individual storing their friend’s mobile number in their mobile phone would not be subject to GDPR. Neither would a Barista writing your name on a coffee cup. However, an individual working for a company, storing a prospect’s mobile phone number in a database would be. Similarly, an individual running a group class at a non-profit community centre who stores attendance lists containing personal data such as first and last names, would be subject to GDPR. The scope is wide.


  • Alerts when the law changes
  • Practical D.I.Y. compliance guides
  • Preview access to our new templates

    More courses

    GDPR Refresher Training Course


    A short interactive online GDPR refresher course that will keep your knowledge of GDPR sharp and help you reduce your risk of subsequent financial penalties.

    PECR for Marketers Online Course

    PECR – ePrivacy

    Specialist training for sales and marketing teams that will teach them how to comply with PECR (Privacy and Electronic Communications Regulations) and the incoming ePrivacy regulation.