GCHQ Certified GDPR Training

The new GDPR and UK Data Protection legislation affects every organisation that holds customer data – and compliance will be a burden if you’re not prepared. Prepare your team for substantial data protection changes with GCHQ Certified, legally endorsed e-learning.

GCHQ certified
Save time and money
The right training for everyone
Flexible training

Modules included

Core (for Staff)

Prepare staff for the new data protection regime with this data protection overview course

1 hour

£25.00 per licence


All the essentials for a marketing professional, so you can be sure you’re prepared for GDPR

3 hours

£175.00 per licence

HR Professional

Everything the HR professional needs to know to ensure they are compliant with GDPR

3 hours 30 minutes

£175.00 per licence


Ideal for anyone tasked with executing policies and demonstrating best practice

3 hours 30 minutes

£195.00 per licence


A comprehensive online training package for the GDPR compliance lead in your organisation

5 hours

£395.00 per licence


An introduction for business leaders who need to know the strategic principles of GDPR

1 hour 30 minutes

£25.00 per licence

Data Protection
Introduction and Background
Definitions, Principles and the Law
Individual Rights
Steps to Compliance
The Accountability Principle
Sanctions, Remedies and Liabilities
Information (Privacy) Notices
Breach Management and Notifications
Supply Chain Management
GDPR Guidance for the Marketer
GDPR Guidance for the HR Professional
Additional materials:
Refresher guides
Useful links
Certificate upon completion
Information and Cyber Security course
 View course View course View course View course View course View course
Request a Trial, Quote or Call
Delivering GDPR training in association with
“Businesses and marketers in particular now have a legal imperative to use data responsibly. We have worked with Me Learning to develop the ‘GDPR for the Marketer’ e-learning course, which empowers marketing professionals, ensuring relationships with customers are built on trust, as well as openness regarding how they will be marketed to. The GCHQ accreditation, underlines the professional nature and high standard of the course.”
Chris Daly
Chief Executive - CIM
“Very helpful in providing a broad understanding of GDPR and giving me a clear action plan of the steps that need to be taken to make sure our organisation is compliant with GDPR.”
Learner - GDPR Practitioner Training
“Very informative and was excellent with the bullet points which refreshed your memory. The different modules were also great so you can take a break in between.”
Learner - GDPR Foundation Training
“Great introduction course for board level staff/trustees. The PDFs are a great tool to help refresh knowledge at a later date.”
Learner - GDPR Board Training
“As an introduction course it fits well with the GDPR and the alignment for staff who will be working with personal data. It creates the awareness of the top requirements of the GDPR.”
Learner - GDPR Core Training
Upcoming webinars
View past webinars

Useful resources

Video Library
GDPR for Charities
Steps to Compliance - Refresher Guide
10 things to do to avoid GDPR fines
Top 5 GDPR Myths - Busted
Buying marketing lists under GDPR
How to conduct a data audit for GDPR
7 key changes GDPR brings
How to write a privacy notice
What is consent under GDPR?

Contact us

Please complete the form below if you would like to request a trial or a quote, or to speak with one of our representatives.


What is GDPR?

The GDPR (General Data Protection Regulation) is the European Union’s new regulation on data and cyber-security. It’s designed to strengthen data protection for everyone, and create a single data protection regime for businesses and consumers to rely on.

What is the point of the GDPR?

The GDPR replaces the 1998 Data Protection Act (DPA) and has a much greater emphasis on consent (ensuring that we agree to businesses having our data) and the documentation data controllers must keep (maintaining good records of data storage).

There are very good reasons for GDPR. It aims to bring European data protection laws up to date with the modern technological age. It will unify the various existing data protection laws across Europe. And in some cases, it will bring companies outside the EU within the scope of European law where applicable.

When does the GDPR come into effect?

The GDPR came into effect on 25th May 2018 and remains unchanged by Britain’s decision to leave the EU.

Who does the GDPR apply to?

The regulation applies to any data controller doing business in the EU; and it doesn’t matter whether you’re based in the EU or not. If your company processes, stores or transmits personal data belonging to EU residents, then you still have to comply.

Why do organisations need to comply?

Usually, when you collect data, you have to provide people with certain information, such as your identity and how you plan to use their data. This is usually done via a privacy notice. Under the GDPR you will have to also outline your “lawful basis” for processing the data, detail your data retention periods and explain that the participating individual has certain rights.

These rights include the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and the right not to be subject to automated decision-making, including profiling.

What are the penalties for failing to comply with GDPR?

The penalties for failing to comply with GDPR can be severe: maximum fines of up to 4% of worldwide annual turnover of €20m, to be exact.

Will every data breach result in a fine?

It’s unlikely that every data breach will result in a fine. You only have to notify the relevant supervisory authority of a breach where it is likely to result in a risk to the rights and freedoms of individuals.

A breach notification will need to contain the categories and number of individuals concerned as well as the type and number of personal data records involved. However, such a breach must be reported to the relevant supervisory authority within 72 hours of your organisation becoming aware of it.

Do all organisations require a data protection officer (DPO)?

Not all organisations require a data protection officer. Under the GDPR, you’re obliged to appoint a DPO if you are a public authority (unless you are a court acting in a judicial capacity), if you carry out large-scale systematic monitoring of individuals or the processing of special categories of data, or you use data which relates directly to criminal convictions and offences.

The DPO’s job is to (independently) oversee GDPR compliance and advise staff who deal with personal data. They should have expert knowledge of data protection law and practices. It is crucial that your data protection officer has no conflict of interests; so the DPO should not also be a controller of processing activities (for example, your head of HR). They should also not be on a short- or fixed-term contract and should not report to a direct superior or line manager (i.e. they should be senior enough to report to top-tier management).

Which department is responsible for handling the GDPR?

The DPO should be someone with a good grounding in the technical controls required as well as the legal aspects of the new regulation. The DPO sits somewhere between the IT department and senior management team but in fact it’s the job of every department to know about the impact of the GDPR.


The shape of GDPR today

Cybercrime costs businesses and individuals heavily – and the data that feeds it is far too freely available. In 2016, losses of £1bn were attributed to online crime by UK companies.

The GDPR (General Data Protection Regulation) came into effect in May 2018 and aims to tighten data control and processing procedures in order to make cybercrime much easier to trace and prevent.

It’s not just about data being hacked. GDPR compliance will also be about making data freely available to those who have requested it, and protecting the rights of consumers who  want their personal information afforded some protection.

Although the GDPR is an EU regulation, our submission to it is not affected by Brexit and it will continue to apply under the UK Data Protection Bill.

The GDPR compliance landscape might seem tricky at first but a bit of basic knowledge plus having a data protection officer (DPO) in place where appropriate should ensure you don’t fall foul of the legislation.

It might be easy to assume that an IT director can just do the job of a DPO but legally there should not be a conflict of interest between the DPO and any other role (for example, the IT director cannot also be responsible for signing off on compliance if they are also responsible for its processing).

And GDPR affects the entire company, not just the IT department. Getting to grips with GDPR means effecting a change across the entire organisation and creating a change in mindset among everyone who obtains personal data, in any capacity. Depending on your activities, that can include call centre staff, field engineers and shop floor staff; so there’s no time to lose in getting the message out to your team.

There isn’t long to ensure you’re up to speed on GDPR requirements but there are things you can do to be ahead of the game. Building privacy and data protection into any new IT systems or operational processes will make it much easier to stick to the guidelines in the future. Having breach notification procedures already in place will make things go more smoothly if the unthinkable does happen.

A privacy impact assessment (PIA) is a privacy risk tool that can help organisations to assess the potential effects of a project on the privacy of individuals and compliance with data protection legislation. A PIA can also help to determine how these outcomes might be avoided or dealt with.

And GDPR training is essential for organisations working with data. Educating staff about data protection legislation is crucial to ensure avoidance of hefty fines, disgruntled customers and (often most costly of all) a loss of reputation.

Whatever the nature of your business, you shouldn’t be afraid to ask for GDPR guidance. Staying up to speed could make the difference between fines and reputational damage and a good night’s sleep.

Do you have a question?

Whether it’s a technical question or a sales enquiry, our helpdesk
and sales teams will be happy to help.

About Me Learning

For over 10 years we have been providing engaging, informative and clearly explained e-learning materials in a flexible format for our learners.

We've won awards, we've won hundreds of organisations as clients, and we've been used by hundreds of thousands of satisfied learners.

Me Learning Ltd, Registered in England and Wales: Company Number: 5842638
Registered office: Basepoint Business Centre, Little High Street, Shoreham-by-Sea, West Sussex. BN43 5EG