GDPR E-learning

The new GDPR and UK Data Protection legislation affects every organisation that holds customer data – and compliance will be a burden if you’re not prepared. Prepare your team for substantial data protection changes with legally endorsed e-learning.

icon-user
Stay legal
icon-access
Save time and money
icon-people
The right training for everyone
icon-device
Flexible training
icon-cl
Trust
Courses

Modules included

Core

For your whole team – a basic GDPR primer to align everyone around data security

1 hour 30 minutes

Foundation

Ideal for anyone tasked with executing policies and demonstrating data protection best practice

3 hours 30 minutes

Practitioner

A comprehensive package for the GDPR lead responsible for compliance in your organisation

5 hours 0 minutes

Board

An introduction for business leaders who need to know the strategic principles of GDPR

1 hour 30 minutes

Introduction and Background
Definitions, Principles and the Law
Individual Rights
Consent
Steps to Compliance
The Accountability Principle
Sanctions, Remedies and Liabilities
Information (Privacy) Notices
Breach Management and Notifications
Supply Chain Management
Additional materials:
Refresher guides
Useful links
Certificate upon completion
30 min legal consultancy with Clayden Law *
 Buy now Buy now Buy now Buy now
Request a Trial, Quote or Call

* Legal consultation with Clayden Law only available to business customers – for more details click here.

“Very good introduction to GDPR - I now have a number of questions/issues I know we have to address within our organisation”
Me Learning learner - GDPR (Preparing for Change)
“Good overview of the new legislation presented in a way that, even with a basic understanding of the existing data protection rules, it was easy to follow.”
Me Learning learner - GDPR (Preparing for Change)
“This has given me the foundations to report back to my organisation on what steps we need to take to be compliant with the GDPR.”
Me Learning learner - GDPR (Preparing for Change)
Upcoming webinars
View past webinars

Useful resources

play
Video Library
document
GDPR for Charities
document
Steps to Compliance - Refresher Guide
document
10 things to do to avoid GDPR fines
document
Top 5 GDPR Myths - Busted

Contact us

Please complete the form below if you would like to request a trial or a quote, or to speak with one of our representatives.





Q&A

What is GDPR?

The GDPR (General Data Protection Regulation) is the European Union’s new regulation on data and cyber-security. It’s designed to strengthen data protection for everyone, and create a single data protection regime for businesses and consumers to rely on.

What is the point of the GDPR?

The GDPR replaces the 1998 Data Protection Act (DPA) and has a much greater emphasis on consent (ensuring that we agree to businesses having our data) and the documentation data controllers must keep (maintaining good records of data storage).

There are very good reasons for GDPR. It aims to bring European data protection laws up to date with the modern technological age. It will unify the various existing data protection laws across Europe. And in some cases, it will bring companies outside the EU within the scope of European law where applicable.

When does the GDPR come into effect?

The GDPR comes into effect on 25 May 2018 and remains unchanged by Britain’s decision to leave the EU.

Who does the GDPR apply to?

The regulation applies to any data controller doing business in the EU; and it doesn’t matter whether you’re based in the EU or not. If your company processes, stores or transmits personal data belonging to EU residents, then you still have to comply.

Why do organisations need to comply?

Usually, when you collect data, you have to provide people with certain information, such as your identity and how you plan to use their data. This is usually done via a privacy notice. Under the GDPR you will have to also outline your “lawful basis” for processing the data, detail your data retention periods and explain that the participating individual has certain rights.

These rights include the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and the right not to be subject to automated decision-making, including profiling.

What are the penalties for failing to comply with GDPR?

The penalties for failing to comply with GDPR can be severe: maximum fines of up to 4% of worldwide annual turnover of €20m, to be exact.

Will every data breach result in a fine?

It’s unlikely that every data breach will result in a fine. You only have to notify the relevant supervisory authority of a breach where it is likely to result in a risk to the rights and freedoms of individuals.

A breach notification will need to contain the categories and number of individuals concerned as well as the type and number of personal data records involved. However, such a breach must be reported to the relevant supervisory authority within 72 hours of your organisation becoming aware of it.

Do all organisations require a data protection officer (DPO)?

Not all organisations require a data protection officer. Under the GDPR, you’re obliged to appoint a DPO if you are a public authority (unless you are a court acting in a judicial capacity), if you carry out large-scale systematic monitoring of individuals or the processing of special categories of data, or you use data which relates directly to criminal convictions and offences.

The DPO’s job is to (independently) oversee GDPR compliance and advise staff who deal with personal data. They should have expert knowledge of data protection law and practices. It is crucial that your data protection officer has no conflict of interests; so the DPO should not also be a controller of processing activities (for example, your head of HR). They should also not be on a short- or fixed-term contract and should not report to a direct superior or line manager (i.e. they should be senior enough to report to top-tier management).

Which department is responsible for handling the GDPR?

The DPO should be someone with a good grounding in the technical controls required as well as the legal aspects of the new regulation. The DPO sits somewhere between the IT department and senior management team but in fact it’s the job of every department to know about the impact of the GDPR.

 

The shape of GDPR today

Cybercrime costs businesses and individuals heavily – and the data that feeds it is far too freely available. In 2016, losses of £1bn were attributed to online crime by UK companies.

The GDPR (General Data Protection Regulation) comes into effect in May 2018 and it will tighten data control and processing procedures in order to make cybercrime much easier to trace and prevent.

It’s not just about data being hacked. GDPR compliance will also be about making data freely available to those who have requested it, and protecting the rights of consumers who  want their personal information afforded some protection.

Although the GDPR is an EU regulation, our submission to it is not affected by Brexit and it will continue to apply under the UK Data Protection Bill.

The GDPR compliance landscape might seem tricky at first but a bit of basic knowledge plus having a data protection officer (DPO) in place where appropriate should ensure you don’t fall foul of the legislation.

It might be easy to assume that an IT director can just do the job of a DPO but legally there should not be a conflict of interest between the DPO and any other role (for example, the IT director cannot also be responsible for signing off on compliance if they are also responsible for its processing).

And GDPR affects the entire company, not just the IT department. Getting to grips with GDPR means effecting a change across the entire organisation and creating a change in mindset among everyone who obtains personal data, in any capacity. Depending on your activities, that can include call centre staff, field engineers and shop floor staff; so there’s no time to lose in getting the message out to your team.

There isn’t long to ensure you’re up to speed on GDPR requirements but there are things you can do to be ahead of the game. Building privacy and data protection into any new IT systems or operational processes will make it much easier to stick to the guidelines in the future. Having breach notification procedures already in place will make things go more smoothly if the unthinkable does happen.

A privacy impact assessment (PIA) is a privacy risk tool that can help organisations to assess the potential effects of a project on the privacy of individuals and compliance with data protection legislation. A PIA can also help to determine how these outcomes might be avoided or dealt with.

And GDPR training is essential for organisations working with data. Educating staff about data protection legislation is crucial to ensure avoidance of hefty fines, disgruntled customers and (often most costly of all) a loss of reputation.

Whatever the nature of your business, you shouldn’t be afraid to ask for GDPR guidance. Staying up to speed could make the difference between fines and reputational damage and a good night’s sleep.

Do you have a question?

Whether it’s a technical question or a sales enquiry, our helpdesk
and sales teams will be happy to help.

About Me Learning

For over 10 years we have been providing engaging, informative and clearly explained e-learning materials in a flexible format for our learners.

We've won awards, we've won hundreds of organisations as clients, and we've been used by hundreds of thousands of satisfied learners.

Me Learning Ltd, Registered in England and Wales: Company Number: 5842638
Registered office: Basepoint Business Centre, Little High Street, Shoreham-by-Sea, West Sussex. BN43 5EG