GDPR Refresher Training Course

A short interactive online GDPR refresher course that will keep your knowledge of GDPR sharp and help you reduce your risk of subsequent financial penalties.

The content is regularly updated covering the latest developments in how UK GDPR is applied. It also briefly covers developments in how EU GDPR is applied in optional modules.

The course is ideal for any employees who have already completed some basic GDPR training. The end of course assessment will give you the confidence that your team have a reliable understanding of UK GDPR.

1 hour // 100% online
UK GDPR – DPA18 (🇬🇧) ∘ EU GDPR (🇪🇺)


Nobody wants to be lectured to. Learners get the knowledge they need through concise and engaging videos. Then, they apply what they’ve learnt through situational questions.

Ticks every box

Aligns with the ICO’s accountability guidelines for refresher training.

Up to date

How GDPR is applied can change overnight. Our team regularly reviews the latest developments in data privacy law. We build this knowledge into regular course updates and email alerts so you can stay ahead.

Learning with us

Client Logo - EV
Client Logo
Client Logo
Client Logo

We know what it feels like to worry you’re not doing the right thing
That’s why we set out to make the best GDPR refresher training on the market

About this course

Learning Outcomes:

  • Understand the key principles, data subject rights and implementation challenges of the UK General Data Protection Regulation.
  • Be aware of how Brexit, recent court cases and enforcement action has changed how GDPR is applied across the UK and EU.
  • Know how to handle personal data properly and be aware of the biggest GDPR compliance risks that all employees face.
  • Feel confident applying UK GDPR in day to day tasks.
  • Feel prepared for incoming changes to UK GDPR from the UK Government’s – Data Reform Bill – Data Protection and Digital Information Bill.

Recommended for:

  • As a refresher training exercise for all employees. 
  • For employees who have completed some foundation GDPR training or awareness GDPR training previously.


  • A basic knowledge of GDPR. Please try our GDPR Essentials course if you do not currently have a basic understanding of GDPR.
gdpr refresher course preview

Training Module 1: GDPR Recap


  • How GDPR has changed the way we process personal data
  • Back to basics: overview
  • Back to basics: principles
  • Back to basics: data subject rights
  • Back to basics: legal basis for data processing

What you’ll learn

In this module we’ll go through a rapid-fire refresh of GDPR. We’ll look at the guiding principles of GDPR, the rights it gives to data subjects and the legal bases under which you can process personal data.

How good is your current knowledge?

Training Module 2: GDPR Now


  • Brexit – UK GDPR and EU GDPR
  • How major cases have changed GDPR
    • C‑645/19 – Facebook Ireland and others
    • EU Schrems
  • Enforcement case studies: Where companies go wrong
  • Common areas of confusion

What you’ll learn

In this module we’ll look at how GDPR has changed since it came into force in 2018. Specifically we’ll look at how Brexit and some major court cases have changed how you should be applying GDPR. We’ll also look at the impact of some recent enforcement action (fines) from the regulators in the UK and EU.

How good is your current knowledge?

Training Module 3: The Future of GDPR


  • The UK direction
  • The EU direction (optional)
  • Final assessment

What you’ll learn

In this final module we’ll look forward to what we can expect in 2022 and beyond. We’ll look at how proposed changes to GDPR by the UK government (Data Reform Bill – Data Protection and Digital Information Bill) are progressing and what impact the proposals may have. We’ll also look at how the EU’s data protection strategy is evolving and how new incoming EU laws that overlap with GDPR may affect you. Finally you’ll complete an end of course assessment.

Course notes & updates


This course is focussed on UK GDPR. However, there are currently very few differences between the legal text of UK GDPR and EU GDPR. This course will suit anybody who needs to refresh their knowledge of UK GDPR and/or EU GDPR. We will highlight any differences throughout the course content.


June 2022 Update

  • We’ve updated this course to reflect
    • The UK’s Data Reform Bill announcement
    • Updated guidance from the EPDB on restricted data transfers following the EU Schrems II case
  • We’ve expanded a section that covers common mistakes based on our analysis of recent enforcement cases.

November 2022 Update

  • We’ve updated this course to reflect
    • UK Government delays to UK GDPR Reform
    • Michelle Donelan’s plans to reform the UK’s Data Privacy Law Regime.
  • We’ve also added information about

How updates work

Our team regularly reviews the latest developments in data privacy law. We build this knowledge into regular course updates and email alerts so you can stay ahead.

Typically we make updates to the course material every few months.

How it works

Step 1

Buy course seats

Purchase online using your credit or debit card, or via BACS. Our onboarding team will be in touch to help you invite staff members to take up their seats. They’ll receive an invite by email. For more than 10 seats, please get in touch for bulk pricing.

Step 2

Start learning

Each team member will have access to the learning materials, interactive assessments and quizzes. On completion of the course team members will be issued with a certificate.

Step 3

Keep ahead

You will receive periodic updates by email covering changes to GDPR, enforcement cases and what they mean for your compliance efforts. We’ll also let you know when the refresher course is updated and new modules go live.

What’s included:


  • Distraction-free online learning platform
  • Quizzes & interactive assessments


  • Access to all course material updates and enhancements for the length of your access period
  • Alerts about how changes to DPA18/GDPR may impact your organisation for the length of your access period


  • Certificate on completion 🎉

Common questions about GDPR refresher training

Who needs to complete GDPR refresher training?

GDPR refresher training is recommended for all employees who process personal data as part of their role. This definition is likely to have a wide scope, typically accounting for up to 90% of a company’s workforce. This is because the definition of “personal data” and “processing” under UK GDPR and EU GDPR is broad. The personal data of customers, suppliers, employees and any other identifiable individuals must be protected under GDPR.

How often should GDPR refresher training be completed?

GDPR refresher training should be completed 1-2 times per year. This is because while the legal text of UK GDPR & EU GDPR has not changed since they were first brought into force, court cases, guidance and enforcement action have effectively changed the meaning of GDPR since it was brought into force.

You may decide that a more frequent schedule is appropriate if the role concerned involves a lot of personal data processing for example a call centre role, a marketing & sales position, or HR position.

How does this GDPR refresher training align with the ICO’s accountability framework?

The ICO’s accountability framework outlines specifically in relation to refresher training:

“Your staff receive induction & refresher training, regardless of how long they will be working for your organisation, their contractual status or grade.”

This refresher training course is appropriate for all staff. It’s engaging so staff pay attention and concise so they can keep their focus on their core responsibilities.

“Your staff complete refresher training at appropriate intervals.”

The training is frequently updated so learners can return at a later date and find new content to learn from. This way they can keep up with the latest developments in GDPR.

Join this course

Single course

Access to this course only. Includes 6 months of course updates and email alerts.

6 months access

You can add more seats in the next step. Got a large team? Contact us for bulk pricing.

Measured Collective Unlimited

Unlimited access to all courses and updates for the length of your subscription. Includes email alerts covering GDPR, PECR, CCPA and more so you always stay up to date. Cancel anytime.


Request a quote for a bigger team ➔


How much will getting it wrong cost you?


Non-compliance with data privacy laws like GDPR can be costly. Under Part 6 of UK GDPR, a fine can be issued of up to £17.5 million or up to 4% of total global turnover whichever is higher.

Most fines fall down to human error. Often a result of a misunderstanding or simply forgetting how the rules work. Effective training can greatly reduce this risk.

  • Investigations
  • Personal liability
  • Reputation damage
  • Losing out on investment
  • Failing supplier due-dil
  • Ethics and moral compass
  • Data deletion orders
  • Alerts when the law changes
  • Practical D.I.Y. compliance guides
  • Preview access to our new templates
  • Training discount codes

    More courses

    GDPR Essentials Online Course


    The GDPR awareness course that will give everyone the knowledge they need to know about UK GDPR and EU GDPR.

    PECR for Marketers Online Course

    PECR – ePrivacy

    Specialist training for sales and marketing teams that will teach them how to comply with PECR (Privacy and Electronic Communications Regulations) and the incoming ePrivacy regulation.