GDPR Refresher Training Course

Why complete GDPR refresher training?

Course features

Learning with us

Course information

Learning Outcomes:

• Understand the key principles, data subject rights and implementation challenges of the UK General Data Protection Regulation.
• Be aware of how Brexit, recent court cases and enforcement action has changed how GDPR is applied across the UK and EU.
• Know how to handle personal data properly and be aware of the biggest GDPR compliance risks that all employees face.
• Feel confident applying UK GDPR in day to day tasks.
• Feel prepared for incoming changes to UK GDPR from the UK Government’s – Data Reform Bill – Data Protection and Digital Information Bill.

Recommended for:

• As a refresher training exercise for all employees. 
• For employees who have completed some foundation GDPR training or awareness GDPR training previously.

Prerequisites

• A basic knowledge of GDPR. Please try our GDPR Essentials course if you do not currently have a basic understanding of GDPR.

What do I need for this course?

This course is 100% online and delivered through our online learning platform. You will need a computer and a stable internet connection to access the video lessons and interactive assessments. Organisations can also access this content via their own LMS on request (different pricing and licensing terms will apply).

Course content

Section 1: GDPR Recap

What you’ll learn

In this module we’ll go through a rapid-fire refresh of GDPR. We’ll look at the guiding principles of GDPR, the rights it gives to data subjects and the legal bases under which you can process personal data.

Lessons

• How GDPR has changed the way we process personal data
• Back to basics: overview
• Back to basics: principles
• Back to basics: data subject rights
• Back to basics: legal basis for data processing

How good is your current knowledge?

Section 2: GDPR Now

What you’ll learn

In this module we’ll look at how GDPR has changed since it came into force in 2018. Specifically we’ll look at how Brexit and some major court cases have changed how you should be applying GDPR. We’ll also look at the impact of some recent enforcement action (fines) from the regulators in the UK and EU.

Lessons

• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality (security)
• Accountability
• Mini-assessment

How good is your current knowledge?

Section 3: Establishing a lawful basis for processing

What you’ll learn

In this final module we’ll look forward to what we can expect in 2022 and beyond. We’ll look at how proposed changes to GDPR by the UK government (Data Reform Bill – Data Protection and Digital Information Bill) are progressing and what impact the proposals may have. We’ll also look at how the EU’s data protection strategy is evolving and how new incoming EU laws that overlap with GDPR may affect you. Finally you’ll complete an end of course assessment.

Lessons

• The UK direction
• The EU direction (optional)
• Final assessment

Recent course updates

June 2022 Update

We’ve updated this course to reflect

• The UK’s Data Reform Bill announcement
• Updated guidance from the EPDB on restricted data transfers following the EU Schrems II case

We’ve expanded a section that covers common mistakes based on our analysis of recent enforcement cases.

November 2022 Update

We’ve updated this course to reflect:

• UK Government delays to UK GDPR Reform
• Michelle Donelan’s plans to reform the UK’s Data Privacy Law Regime.

We’ve also added information about:

• The approved IDTA (International Data Transfer Agreement) documents provided by the ICO for restricted data transfers.
• The Trans-Atlantic Data Privacy Framework

Our team regularly reviews the latest developments in data privacy law. We build this knowledge into regular course updates and email alerts so you can stay ahead.

Why I started Measured Collective

I know what it feels like to worry about getting data privacy law wrong. About getting a huge fine or being the subject of an investigation. A few years ago when GDPR was coming into force I was working in tech, managing a marketing team in London. 

I’d heard that GDPR was coming into force and that it would change how we processed data. 

For a marketer this was worrying, we had huge databases full of customers and we’d just started to analyse all the data we were collecting across our website to understand how people were interacting with our products. We even had projects in the pipeline that would help us split customers into groups based on their previous interactions with our products, and then allow us to send them targeted communications by email.

Rumours were going around that most of the data we’d collected would need to go. I didn’t want to lose this valuable data. And I didn’t want to be the reason why the company I worked for got a GDPR fine or became the subject of an investigation.

I realised we’d need to get compliant. And found out shortly afterwards that the budget for outside help was almost non-existent.

So I set out to learn a lot about GDPR myself. Along the way I found a lot of confusing information.

There were junk articles written by companies trying to sell you their legal services or cookie consent software – which were full of bad advice which seemed to just be a copy and paste job from the last article.

There were myths spread by people with only a vague understanding of the GDPR rules, who had likely never even read the legal text.

And there were (some) lawyers who appeared to be scrambling to catch up, they seemed only capable of repeating the same poor quality advice we were getting from the regulators at the time.

They also didn’t seem to understand how any business actually operated day to day. Getting to what GDPR actually meant in practice and how it would affect our day to day work was a nightmare.

My priorities were to get our entire operations compliant under GDPR and to keep up with my targets. I also needed to get my whole team up to speed with this new legislation so that we could stop putting in place processes that made our compliance worse.

To get the information I needed, I studied closely what the regulators said, I studied the law (yawn), and I spoke to as many experts as I could.

I ended up delivering my own company wide training seminar to help the company get up to speed with GDPR. 

I got a few laughs and to my surprise a round of applause at the end… I realised it was possible to teach something “boring” but still make it engaging.

This experience is what led me to start Measured Collective. My initial plan was to teach everyone about how to use data to design better business processes and to understand their customers better, but we kept running into the same roadblock in our discussions with our first clients. They had the data, but they hadn’t done the compliance work required to use it legally under GDPR.

So I pivoted to focus on data privacy training.

I started by looking at what training was already available on the market and found the same red flags again and again:

• The slides for each course looked like they had travelled here from 1998.
• The content was too basic, just repeating the bare bones GDPR knowledge.
• There were hardly any examples or explanations of how to actually apply GDPR in practice.
• The same old course was being resold again and again without any updates.

So with the help of some data privacy experts and the input of people who were working across HR, marketing and operations in businesses at the time I set out to make something different.

Data privacy training which was engaging – so trainees stay focussed. Comprehensive – so that trainees don’t have knowledge gaps which can put you at risk of fines. Full of examples – so trainees can understand how to apply what they’ve just learned. Regularly updated – so trainees don’t waste time learning out of date guidance, and companies can keep ahead with their compliance efforts.

It’s been a tough but rewarding experience (with more changes to data privacy law than we were expecting over the last few years). Now, three years in we get regular positive feedback from our clients in our end of course surveys and directly by email.

Hopefully we can get a chance to help you and your team out too – please let me know what you think.

How it works

What’s included

Training

• Distraction-free online learning platform
• Mini quizzes & end of course assessment

Updates

• Access to all course material updates and enhancements for the length of your access period
• Alerts about how changes to DPA18/GDPR may impact your organisation for the length of your access period

Certification

• Certificate on completion 🎉

Ask us about this course

Ask a question and our friendly team will get back to you asap.

FAQs

Common questions about GDPR refresher training

Benefits of Measured Collective Plus

What is Measured Collective Plus?

An annual subscription that gives you and your team access to all our online courses.*

*Does not include live courses delivered online, in-person classroom training or customised training

What are the benefits?

• Includes updates for the length of your subscription. So when the law or guidance changes, your staff stay informed. No need to buy another course.
• Incredible value. Save up to £2,021 compared to buying course seats for 20 people separately.
• One invoice. Less administration hassle compared to returning to add on refresher training or other courses at a later date.

Other courses

GDPR Training Course (Essentials)

UK GDPR – EU GDPR
Included in PLUS

The GDPR awareness course that will give everyone the knowledge they need to know about UK GDPR and EU GDPR.

View course ➔

PECR for Marketers Training Course

PECR – ePrivacy
Included in PLUS

Specialist training for sales and marketing teams that will teach them how to comply with PECR (Privacy and Electronic Communications Regulations) and the incoming ePrivacy regulation.

View course ➔

How much will getting it wrong cost you?

Fines

Non-compliance with data privacy laws like GDPR can be costly. Under Part 6 of UK GDPR, a fine can be issued of up to £17.5 million or up to 4% of total global turnover whichever is higher. Most fines fall down to human error. Often a result of a misunderstanding or simply forgetting how the rules work. Effective training can greatly reduce this risk. Other issues with non-compliance include:

Join our mailing list

Get email alerts about GDPR and our take on the latest guidance. With a little bit of gossip too.