GDPR - in a nutshell
- 2 hours on-demand video
- 21 downloadable resources
- Full lifetime access
- Access on mobile and TV
- Certificate of Completion
Get your team access to 4,000+ top Udemy courses anytime, anywhere.
Try Udemy for Business- Why data protection regulation is necessary
- To interpret the GDPR's principles and a data subject’s rights
- How to deal with a subject access request
- The impact of the GDPR on direct marketing
- To determine GDPR compliance actions for a personal data breach
- No specific prerequisites
The EU General Data Protection Regulation (GDPR) was enforced in May 2018. It affects all organisations and businesses anywhere in the world, that process the personal data of EU citizens.
The GDPR headlines are all about the fines – up to €20 million or 4% of global turnover. Fortunately, the supervisory authorities aim to encourage organisations and businesses to apply sound data protection principles.
That’s what this ‘GPDR – in a nutshell’ course is all about.
It explains the rationale for data protection regulation and provides an overview of the GDPR. It outlines the six data protection principles and the accountability principle. It explains the new and enhanced data subjects’ rights. Significant compliance issues, such as subject access requests, the impact on direct marketing and personal data breach reporting are considered.
This is an introductory, GPDR staff awareness course. It concentrates on the compliance issues and concerns faced by small businesses and organisations.
Course content and overview
This GDPR awareness training is structured around four topics
GDPR – rationale and overview
Principles and accountability
Individual rights
Applying the GDPR
This course comprises of 25 lectures and around 1.5 hours of lecture content. Each topic divides into several short lectures. Lectures typically last 4-10 minutes. There are practice activities and resources: i.e. content-based and scenario-based quizzes, a downloadable lecture pdf and a topic bibliography.
Course topics
GDPR – rationale and overview
This topic introduces the GDPR. The GDPR’s background, key roles and definitions are outlined. The increased penalties and exemptions are described.
Principles and accountability
This topic introduces the six data protection principles underpinning the GDPR. The overarching accountability principle is explained.
Individual rights
This topic outlines the individual rights that EU citizens have under the GDPR. It also considers the business impact of serving those rights.
Applying the GDPR
This topic considers three challenging GDPR compliance subjects. These are: subject access requests (SARs), the impact on direct marketing and personal data breach reporting.
- Anyone who works with, or is responsible for personal data
- Anyone seeking an introduction to the EU General Data Protection Regulation (GDPR)
This lecture introduces the GDPR – in a nutshell course
- Why this curriculum?
- What’s in it for you?
- Who is this course for?
- Course structure and content
- GDPR – topics introduced
- Resources
These GDPR – rationale and overview lectures are structured as follows
- Context – almost every organisation stores and processes personal information, and there are real dangers to people if this information gets into the wrong hands
- Main concepts – introduces the GDPR: its background, key roles and definitions, increased penalties and exemptions
- Practical implications – it’s the law, affecting any organisation dealing with the personal information of an EU citizen, failing to comply could lead to huge fines
- Summary and conclusions – presents a summary of key points plus final comments
This lecture discusses
- Why is data protection regulation necessary?
- Key data protection concerns
- GDPR’s purpose
- How the GDPR works
- Changes from prior data protection regulation
- GDPR headline features
Let’s imagine that you work in a small, UK-based business. It’s a ‘traditional’ small and medium sized enterprise (SME). It manufactures and sells its own products to consumers and businesses. It also partners with other small firms in an industry supply chain.
It has around seventy employees. You are an experienced, senior manager, trusted, liked and well-respected throughout the firm.
Unexpectedly, the boss tasks you with ‘sorting the GDPR’ and casually adds data protection to your list of responsibilities.
Your company uses networked computers for marketing, sales, production and maintaining staff records. Computers, laptops, tablets and mobiles are internet enabled.
Most, but not all office applications are now cloud-based. The payroll and Human Resource (HR) systems operate on a local area network.
These principles and accountability lectures are structured as follows
- Context – data protection principles and accountability underpin the General Data Protection Regulation (GDPR)
- Main concepts – introduces 6 GDPR data protection principles and the accountability principle
- Practical implications – failing to comply will lead to serious consequences, so do the right thing
- Summary and conclusions – presents a summary of key points plus final comments
This lecture discusses
- The six GDPR data protection principles
- Principle #1 – Lawful, fair and transparent
- Principle #2 – Specified, explicit, legitimate purposes
- Principle #3 – Adequate, relevant and limited
- Principle #4 – Accurate and up to date
- Principle #5 – For no longer than is necessary
- Principle #6 – Handled securely
This data protection principles quiz asks three multiple-choice questions.
Each question has four answer choices.
Read each question and answer choice carefully and choose the one best answer.
Each answer choice, right or wrong provides a brief explanation.
This lecture discusses
- An overarching responsibility
- Demonstrating compliance
These individual rights lectures are structured as follows
- Context – the GDPR extends people’s individual rights, so organisations need to prepare
- Main concepts – introduces the data subject’s rights and considers the business impact of serving them
- Practical implications – organisations need to update their processes to serve enhanced individual rights
- Summary and conclusions – presents a summary of key points plus final comments
This lecture discusses
- Business impact
- Review existing systems and processes
- Train staff
- Updating privacy policies and notices
- Are your existing contacts happy?
These applying the GDPR lectures are structured as follows
- Context – the GDPR raises many significant issues for organisations – we’ll consider a few common ones
- Main concepts – introduces subject access requests (SARs), the impact on direct marketing and personal data breach reporting
- Practical implications – meeting GDPR obligations is challenging – especially dealing with subject access requests, obtaining explicit consent to use personal data and reporting a personal data breach within 72-hours
- Summary and conclusions – presents a summary of key points plus final comments
This subject access requests (SARs) quiz asks three multiple-choice questions.
Each question has four answer choices.
Read each question and answer choice carefully and choose the one best answer.
Each answer choice, right or wrong provides a brief explanation.
This direct marketing implications quiz asks three multiple-choice questions.
Each question has four answer choices.
Read each question and answer choice carefully and choose the one best answer.
Each answer choice, right or wrong provides a brief explanation.
This lecture discusses
- What is a personal data breach?
- What personal data breaches require notification?
- When must individuals be notified?
- What information does the ICO require?
- How quickly must a data breach be notified?
- Preparing for personal data breach reporting
This personal data breach notification quiz asks three multiple-choice questions.
Each question has four answer choices.
Read each question and answer choice carefully and choose the one best answer.
Each answer choice, right or wrong provides a brief explanation.