Home » Courses » GDPR Refresher Training Course

GDPR Refresher Training Course


A short interactive online GDPR refresher course that will keep your knowledge of GDPR sharp and help you reduce your risk of subsequent financial penalties.

The content is regularly updated covering the latest developments in how UK GDPR is applied. It also briefly covers developments in how EU GDPR is applied in optional modules.

The course is ideal for any employees who have already completed some basic GDPR training. The end of course assessment will give you the confidence that your team have a reliable understanding of UK GDPR.

  • 100% online
  • 1 hour
  • UK GDPR – DPA18 (🇬🇧) + EU GDPR (🇪🇺)
  • Included in Plus
  • Certificate


Why complete GDPR refresher training?

  • Address any GDPR knowledge gaps that could put you at risk of financial penalties and prosecution for non-compliance
  • Feel confident that you are applying the latest GDPR guidance
  • Delight your customers and colleagues with better respect for their privacy and preferences
  • Align you and your team with the ICO’s accountability framework

Warning! 🚩

Data privacy training red flags – what you need to avoid when picking a course.

1. The course that’s never updated.

GDPR has changed a lot since 2018. But many training courses haven’t. It’s the same old stuff repeated again and again. Following old guidance can be a big risk, make sure you get training materials which are kept up-to-date.

2. The really boring course.

GDPR training might never meet Netflix level production standards. But it is still possible to make it interactive and engaging. Steer clear of boring courses which make staff switch off – wasting time and leaving big knowledge gaps.

3. The course that’s too basic.

We get it, GDPR training isn’t the most fun use of anybody’s time. But if you choose a “super short” course it’s probably too basic – meaning it will leave knowledge gaps. And knowledge gaps can mean… poor compliance, which can lead to fines. Why not just spend a little bit more time and do it right from the start?

4. The course that doesn’t put anything into practice.

Knowing the GDPR rules off by heart is one thing but being able to actually apply it to your day to day work is another. Avoid training that doesn’t show you how you can apply what you’ve learnt through practical real-world examples.

Course features


Nobody wants to be lectured to. Learners get the knowledge they need through concise and engaging videos. Then, they apply what they’ve learnt through situational questions.

Ticks every box

Aligns with the ICO’s accountability guidelines for data privacy training.

Kept up to date

How GDPR is applied can change overnight. Our team regularly reviews the latest developments in data privacy law. We build this knowledge into regular course updates and email alerts so you can keep ahead.


This GDPR refresher training is comprehensive but concise. It tests knowledge of all the core GDPR concepts.

Learning with us

Client Logo - EV
Client Logo
Client Logo
Client Logo

Course information

Learning Outcomes:

  • Understand the key principles, data subject rights and implementation challenges of the UK General Data Protection Regulation.
  • Be aware of how Brexit, recent court cases and enforcement action has changed how GDPR is applied across the UK and EU.
  • Know how to handle personal data properly and be aware of the biggest GDPR compliance risks that all employees face.
  • Feel confident applying UK GDPR in day to day tasks.
  • Feel prepared for incoming changes to UK GDPR from the UK Government’s – Data Reform Bill – Data Protection and Digital Information Bill.

Recommended for:

  • As a refresher training exercise for all employees. 
  • For employees who have completed some foundation GDPR training or awareness GDPR training previously.


  • A basic knowledge of GDPR. Please try our GDPR Essentials course if you do not currently have a basic understanding of GDPR.

What do I need for this course?

This course is 100% online and delivered through our online learning platform. You will need a computer and a stable internet connection to access the video lessons and interactive assessments. Organisations can also access this content via their own LMS on request (different pricing and licensing terms will apply).

Course content

Section 1: GDPR Recap

What you’ll learn

In this module we’ll go through a rapid-fire refresh of GDPR. We’ll look at the guiding principles of GDPR, the rights it gives to data subjects and the legal bases under which you can process personal data.


  • How GDPR has changed the way we process personal data
  • Back to basics: overview
  • Back to basics: principles
  • Back to basics: data subject rights
  • Back to basics: legal basis for data processing

How good is your current knowledge?

Section 2: GDPR Now

What you’ll learn

In this module we’ll look at how GDPR has changed since it came into force in 2018. Specifically we’ll look at how Brexit and some major court cases have changed how you should be applying GDPR. We’ll also look at the impact of some recent enforcement action (fines) from the regulators in the UK and EU.


  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability
  • Mini-assessment

How good is your current knowledge?

Section 3: Establishing a lawful basis for processing

What you’ll learn

In this final module we’ll look forward to what we can expect in 2022 and beyond. We’ll look at how proposed changes to GDPR by the UK government (Data Reform Bill – Data Protection and Digital Information Bill) are progressing and what impact the proposals may have. We’ll also look at how the EU’s data protection strategy is evolving and how new incoming EU laws that overlap with GDPR may affect you. Finally you’ll complete an end of course assessment.


  • The UK direction
  • The EU direction (optional)
  • Final assessment

Recent course updates

June 2022 Update

We’ve updated this course to reflect

  • The UK’s Data Reform Bill announcement
  • Updated guidance from the EPDB on restricted data transfers following the EU Schrems II case

We’ve expanded a section that covers common mistakes based on our analysis of recent enforcement cases.

November 2022 Update

We’ve updated this course to reflect:

  • UK Government delays to UK GDPR Reform
  • Michelle Donelan’s plans to reform the UK’s Data Privacy Law Regime.

We’ve also added information about:

Our team regularly reviews the latest developments in data privacy law. We build this knowledge into regular course updates and email alerts so you can stay ahead.

Why I started Measured Collective

Founder – Scott Dooley

I know what it feels like to worry about getting data privacy law wrong. About getting a huge fine or being the subject of an investigation. A few years ago when GDPR was coming into force I was working in tech, managing a marketing team in London. 

I’d heard that GDPR was coming into force and that it would change how we processed data. 

For a marketer this was worrying, we had huge databases full of customers and we’d just started to analyse all the data we were collecting across our website to understand how people were interacting with our products. We even had projects in the pipeline that would help us split customers into groups based on their previous interactions with our products, and then allow us to send them targeted communications by email.

Rumours were going around that most of the data we’d collected would need to go. I didn’t want to lose this valuable data. And I didn’t want to be the reason why the company I worked for got a GDPR fine or became the subject of an investigation.

I realised we’d need to get compliant. And found out shortly afterwards that the budget for outside help was almost non-existent.

So I set out to learn a lot about GDPR myself. Along the way I found a lot of confusing information.

There were junk articles written by companies trying to sell you their legal services or cookie consent software – which were full of bad advice which seemed to just be a copy and paste job from the last article.

There were myths spread by people with only a vague understanding of the GDPR rules, who had likely never even read the legal text.

And there were (some) lawyers who appeared to be scrambling to catch up, they seemed only capable of repeating the same poor quality advice we were getting from the regulators at the time.

They also didn’t seem to understand how any business actually operated day to day. Getting to what GDPR actually meant in practice and how it would affect our day to day work was a nightmare.

My priorities were to get our entire operations compliant under GDPR and to keep up with my targets. I also needed to get my whole team up to speed with this new legislation so that we could stop putting in place processes that made our compliance worse.

To get the information I needed, I studied closely what the regulators said, I studied the law (yawn), and I spoke to as many experts as I could.

I ended up delivering my own company wide training seminar to help the company get up to speed with GDPR. 

I got a few laughs and to my surprise a round of applause at the end… I realised it was possible to teach something “boring” but still make it engaging.

This experience is what led me to start Measured Collective. My initial plan was to teach everyone about how to use data to design better business processes and to understand their customers better, but we kept running into the same roadblock in our discussions with our first clients. They had the data, but they hadn’t done the compliance work required to use it legally under GDPR.

So I pivoted to focus on data privacy training.

I started by looking at what training was already available on the market and found the same red flags again and again:

  • The slides for each course looked like they had travelled here from 1998.
  • The content was too basic, just repeating the bare bones GDPR knowledge.
  • There were hardly any examples or explanations of how to actually apply GDPR in practice.
  • The same old course was being resold again and again without any updates.

So with the help of some data privacy experts and the input of people who were working across HR, marketing and operations in businesses at the time I set out to make something different.

Data privacy training which was engaging – so trainees stay focussed. Comprehensive – so that trainees don’t have knowledge gaps which can put you at risk of fines. Full of examples – so trainees can understand how to apply what they’ve just learned. Regularly updated – so trainees don’t waste time learning out of date guidance, and companies can keep ahead with their compliance efforts.

It’s been a tough but rewarding experience (with more changes to data privacy law than we were expecting over the last few years). Now, three years in we get regular positive feedback from our clients in our end of course surveys and directly by email.

Hopefully we can get a chance to help you and your team out too – please let me know what you think.

How it works

Step 1

Buy course seats

Purchase online using your credit or debit card. Or contact us directly to pay by bank transfer. Our onboarding team will be in touch to help you invite staff members to take up their seats. They’ll receive an invite to join our learning platform by email.

Step 2

Start learning

Each team member will have access to the learning materials, interactive assessments and quizzes. On completion of the course team members will be issued with a certificate.

Step 3

Keep ahead

You’ll receive periodic updates by email covering changes to GDPR, enforcement cases and what they mean for your compliance efforts. We’ll also let you know how we’ve used this information to update the course, trainees can review any updated lesson materials on the learning platform.

What’s included


  • Distraction-free online learning platform
  • Mini quizzes & end of course assessment


  • Access to all course material updates and enhancements for the length of your access period
  • Alerts about how changes to DPA18/GDPR may impact your organisation for the length of your access period


  • Certificate on completion 🎉

Ask us about this course

Ask a question and our friendly team will get back to you asap.

    Data processing subject to our privacy policy.


    Common questions about GDPR refresher training

    Who needs to complete GDPR refresher training?

    GDPR refresher training is recommended for all employees who process personal data as part of their role. This definition is likely to have a wide scope, typically accounting for up to 90% of a company’s workforce. This is because the definition of “personal data” and “processing” under UK GDPR and EU GDPR is broad. The personal data of customers, suppliers, employees and any other identifiable individuals must be protected under GDPR.

    How often should GDPR refresher training be completed?

    GDPR refresher training should be completed 1-2 times per year. This is because while the legal text of UK GDPR & EU GDPR has not changed since they were first brought into force, court cases, guidance and enforcement action have effectively changed the meaning of GDPR since it was brought into force.

    You may decide that a more frequent schedule is appropriate if the role concerned involves a lot of personal data processing for example a call centre role, a marketing & sales position, or HR position.

    How does this GDPR refresher training align with the ICO’s accountability framework?

    The ICO’s accountability framework outlines specifically in relation to refresher training:

    “Your staff receive induction & refresher training, regardless of how long they will be working for your organisation, their contractual status or grade.”

    This refresher training course is appropriate for all staff. It’s engaging so staff pay attention and concise so they can keep their focus on their core responsibilities.

    “Your staff complete refresher training at appropriate intervals.”

    The training is frequently updated so learners can return at a later date and find new content to learn from. This way they can keep up with the latest developments in GDPR.

    Benefits of Measured Collective Plus

    What is Measured Collective Plus?

    An annual subscription that gives you and your team access to all our online courses.*

    *Does not include live courses delivered online, in-person classroom training or customised training

    What are the benefits?

    • Includes updates for the length of your subscription. So when the law or guidance changes, your staff stay informed. No need to buy another course.
    • Incredible value. Save up to £2,021 compared to buying course seats for 20 people separately.
    • One invoice. Less administration hassle compared to returning to add on refresher training or other courses at a later date.

    Other courses

    gdpr refresher course preview

    GDPR Training Course (Essentials)

    Included in PLUS

    The GDPR awareness course that will give everyone the knowledge they need to know about UK GDPR and EU GDPR.

    PECR for Marketers Training Course

    PECR – ePrivacy
    Included in PLUS

    Specialist training for sales and marketing teams that will teach them how to comply with PECR (Privacy and Electronic Communications Regulations) and the incoming ePrivacy regulation.

    How much will getting it wrong cost you?


    Non-compliance with data privacy laws like GDPR can be costly. Under Part 6 of UK GDPR, a fine can be issued of up to £17.5 million or up to 4% of total global turnover whichever is higher. Most fines fall down to human error. Often a result of a misunderstanding or simply forgetting how the rules work. Effective training can greatly reduce this risk. Other issues with non-compliance include:

    • Investigations
    • Personal liability
    • Reputation damage
    • Losing out on investment
    • Failing supplier due-dil
    • Ethical issues
    • Data deletion orders

    Join our mailing list

    Get email alerts about GDPR and our take on the latest guidance. With a little bit of gossip too.

      Join this course

      Single Course

      Access to this course only. 6 months access.

      Measured Collective Plus +

      Unlimited access to all online courses and updates for the length of your subscription. Save up to £2,021 compared to buying course seats separately. See all benefits.

      Got a bigger team or want to host the content on your own LMS? Speak with sales.