GDPR Refresher Training Course
A concise, interactive online GDPR refresher course fully updated for 2026 — covering the latest UK GDPR guidance, real enforcement cases, and the Data Use and Access Act 2025.
All core concepts are taught through Luca's Pizza — a fictional UK pizza chain with 50 locations — making GDPR principles practical and relatable. The graded assessment takes around 30–35 minutes, with optional modules on enforcement cases and upcoming legislation.
Ideal for any employees who have already completed basic GDPR training. The end of course assessment will give you confidence that your team have a reliable, up-to-date understanding of UK GDPR.
Need PECR training for your marketing team? See our PECR & ePrivacy for Marketers course.
Course Updates
February 2026 Update
We’ve rebuilt this course from the ground up for 2026. All 9 lessons are brand new, fully current as of 5 February 2026, and anchored to a single relatable case study — Luca’s Pizza.
What’s new:
- 9 updated video lessons — Covering GDPR principles, data subject rights, lawful bases, and practical security, all taught through real-world scenarios
- Data Use and Access Act 2025 — Coverage of the changes effective 5 February 2026, including recognised legitimate interests, updated DSAR rules, cookie exceptions, and PECR fine alignment
- Real enforcement cases — Lessons featuring Capita (£14m), TikTok (€530m), and 23andMe (£2.31m) with practical takeaways
- New course structure — Core graded content in around 30–35 minutes, plus an optional module on recent enforcement cases
- Updated assessments — Knowledge-check mini quiz plus a graded final quiz (75% pass mark) with scenario-based questions
Why complete GDPR refresher training?
- Address any GDPR knowledge gaps that could put you at risk of financial penalties and prosecution
- Feel confident that you are applying the latest GDPR guidance
- Delight your customers and colleagues with better respect for their privacy and preferences
- Align you and your team with the ICO's accountability framework
Course features
Engaging
Nobody wants to be lectured to. Learners get the knowledge they need through concise and engaging videos. Then, they apply what they've learnt through situational questions.
Ticks every box
Aligns with the ICO's accountability guidelines for data protection training.
Kept up to date
Our team regularly reviews the latest developments in data protection law. We build this knowledge into course updates and email alerts so you can keep ahead.
Comprehensive
This GDPR refresher training is comprehensive but concise. It tests knowledge of all the core GDPR concepts.
Learning with us
Course information
Learning outcomes
- Understand the 7 key principles, 8 data subject rights and 6 lawful bases of the UK General Data Protection Regulation.
- Be aware of how real enforcement cases — including Capita, TikTok, and 23andMe — demonstrate the consequences of non-compliance.
- Know how to handle personal data properly, recognise phishing variants, and apply practical security measures day to day.
- Understand the key changes introduced by the Data Use and Access Act 2025, including recognised legitimate interests and updated DSAR rules.
This course is recommended for
As a refresher training exercise for all employees. For employees who have completed some foundation GDPR training or awareness GDPR training previously.
Prerequisites
A basic knowledge of GDPR. Please try our GDPR Essentials course if you do not currently have a basic understanding of GDPR.
What do I need for this course?
This course is 100% online and delivered through our online learning platform. Organisations can also access this content via their own LMS on request (different pricing and licensing terms will apply).
Course content
The core of the course. Using scenarios from Luca's Pizza — a fictional UK pizza chain — we'll walk through all the GDPR fundamentals: what UK GDPR means post-Brexit, the ICO's role, the 7 principles, all 8 data subject rights (including the new SAR clarification right from the Data Use and Access Act 2025), the 6 lawful bases, and practical security measures you can apply today.
Lessons
- Introduction
- Back to basics: overview
- Back to basics: principles
- Back to basics: data subject rights
- Back to basics: legal basis for data processing
- Back to basics: practical security
Assessments
- Mini quiz (knowledge check)
- Final quiz (graded — 75% pass mark)
A look at real ICO enforcement cases from 2025 — including the Capita ransomware fine (£14m), TikTok's China data transfer fine (€530m), and 23andMe's credential stuffing breach (£2.31m). We'll identify the mistakes that were made and what you can learn to prevent these issues in your own organisation.
Lessons
- ICO enforcement cases
- The enforcement landscape
An introduction to the key changes from the Data Use and Access Act 2025, effective 5 February 2026: renewed EU adequacy until 2031, new cookie exceptions for analytics, DSAR improvements, recognised legitimate interests, and PECR fines aligned to £17.5m / 4% turnover.
Lessons
- The Data Use and Access Act 2025
How it works
Buy course seats
Purchase online using your credit or debit card, after payment you'll be able to invite team members to the learning platform. They'll receive an invite to join and get started by email.
Start learning
Each team member will have access to the learning materials, interactive assessments and quizzes. On completion of the course team members will be issued with a certificate.
Keep ahead
Look out for periodic updates by email covering changes to GDPR, enforcement cases and what they mean for your compliance efforts.
What's included
Training
- Distraction-free online learning platform
- Mini quizzes & end of course assessment
Updates
- Access to all course material updates and enhancements for the length of your access period
- Alerts about how changes to DPA18/GDPR may impact your organisation
Certification
- Certificate on completion
Course FAQs
Yes, on completion of the course you will be issued with a digital certificate. Your certificate will be issued immediately after the final assessment is passed and you have marked the course as complete. Sections 2 and 3 are optional bonus content and are not required for certification. You can add your certificate to your LinkedIn profile.
No. This course requires no previous experience or qualifications.
Yes, the course content will be available immediately.
Yes. You can buy multiple seats using our teams feature. Simply state a team name, for example "ABC GDPR Team", then select the number of seats required. Next indicate whether you will be taking a seat yourself, or simply will be the administration contact for the purchase.
Yes, you can cancel your order for a full refund within 14 calendar days of purchase. Any certificates issued within this time will be voided. This does not affect your statutory rights.
GDPR refresher training should be completed 1-2 times per year. This is because while the legal text of UK GDPR & EU GDPR has not changed since they were first brought into force, court cases, guidance and enforcement action have effectively changed the meaning of GDPR since it was brought into force.
Buy GDPR Refresher Course Now
Individual Seats
For individuals or small teams
£10.70 per seat
- Instant access to course
- Certificate on completion
- 6 months access
Measured Collective Plus
All courses, one subscription
£236 per year
- Access to all paid courses
- Includes 20 seats
- Extra seats at £7.90/year
- 12 months access + updates
SCORM Licensing for Enterprise
Host this course on your own LMS. Ideal for organisations training 100+ employees.
What's included
- SCORM 1.2 & SCORM 2004 packages
- 12-month renewable license
- Completion & quiz tracking
- Instant download after purchase
- Course updates included
Calculate your price
Volume pricing (graduated)
Each bracket is priced separately. The more users, the lower your effective rate.
sales@measuredcollective.com
Want to add your branding to the course?
We can add your logo, customise content, or build bespoke modules. Learn more
Included in PLUS
