The EU General Data Protection Regulation (GDPR) was enforced in May 2018. It affects all organisations and businesses anywhere in the world, that process the personal data of EU citizens.
The GDPR headlines are all about the fines – up to €20 million or 4% of global turnover. Fortunately, the supervisory authorities aim to encourage organisations and businesses to apply sound data protection principles.
That’s what this ‘GPDR – in a nutshell’ course is all about.
It explains the rationale for data protection regulation and provides an overview of the GDPR. It outlines the six data protection principles and the accountability principle. It explains the new and enhanced data subjects’ rights. Significant compliance issues, such as subject access requests, the impact on direct marketing and personal data breach reporting are considered.
This is an introductory, GPDR staff awareness course. It concentrates on the compliance issues and concerns faced by small businesses and organisations.
Course content and overview
This GDPR awareness training is structured around four topics
This course comprises of 25 lectures and around 1.5 hours of lecture content. Each topic divides into several short lectures. Lectures typically last 4-10 minutes. There are practice activities and resources: i.e. content-based and scenario-based quizzes, a downloadable lecture pdf and a topic bibliography.
GDPR – rationale and overview
This topic introduces the GDPR. The GDPR’s background, key roles and definitions are outlined. The increased penalties and exemptions are described.
Principles and accountability
This topic introduces the six data protection principles underpinning the GDPR. The overarching accountability principle is explained.
This topic outlines the individual rights that EU citizens have under the GDPR. It also considers the business impact of serving those rights.
Applying the GDPR
This topic considers three challenging GDPR compliance subjects. These are: subject access requests (SARs), the impact on direct marketing and personal data breach reporting.