GDPR - in a nutshell
4.3 (1,122 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
2,959 students enrolled

GDPR - in a nutshell

EU General Data Protection Regulation (GDPR) - key awareness topics for small business
4.3 (1,122 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
2,959 students enrolled
Last updated 6/2018
English
English, German [Auto-generated]
Current price: $16.99 Original price: $24.99 Discount: 32% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 2 hours on-demand video
  • 21 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Why data protection regulation is necessary
  • To interpret the GDPR's principles and a data subject’s rights
  • How to deal with a subject access request
  • The impact of the GDPR on direct marketing
  • To determine GDPR compliance actions for a personal data breach
Requirements
  • No specific prerequisites
Description

The EU General Data Protection Regulation (GDPR) was enforced in May 2018.  It affects all organisations and businesses anywhere in the world, that process the personal data of EU citizens.


The GDPR headlines are all about the fines – up to €20 million or 4% of global turnover.  Fortunately, the supervisory authorities aim to encourage organisations and businesses to apply sound data protection principles.  


That’s what this ‘GPDR – in a nutshell’ course is all about.   


It explains the rationale for data protection regulation and provides an overview of the GDPR.  It outlines the six data protection principles and the accountability principle.  It explains the new and enhanced data subjects’ rights.  Significant compliance issues, such as subject access requests, the impact on direct marketing and personal data breach reporting are considered.  


This is an introductory, GPDR staff awareness course.  It concentrates on the compliance issues and concerns faced by small businesses and organisations.  

    

Course content and overview  

This GDPR awareness training is structured around four topics  

  • GDPR – rationale and overview  

  • Principles and accountability  

  • Individual rights  

  • Applying the GDPR  


This course comprises of 25 lectures and around 1.5 hours of lecture content.  Each topic divides into several short lectures.  Lectures typically last 4-10 minutes.  There are practice activities and resources: i.e. content-based and scenario-based quizzes, a downloadable lecture pdf and a topic bibliography.  


Course topics  

   

GDPR – rationale and overview  

This topic introduces the GDPR.  The GDPR’s background, key roles and definitions are outlined.  The increased penalties and exemptions are described.  

   

Principles and accountability  

This topic introduces the six data protection principles underpinning the GDPR.  The overarching accountability principle is explained.  

   

Individual rights  

This topic outlines the individual rights that EU citizens have under the GDPR.  It also considers the business impact of serving those rights.  


Applying the GDPR  

This topic considers three challenging GDPR compliance subjects.  These are: subject access requests (SARs), the impact on direct marketing and personal data breach reporting.


Who this course is for:
  • Anyone who works with, or is responsible for personal data
  • Anyone seeking an introduction to the EU General Data Protection Regulation (GDPR)
Course content
Expand all 25 lectures 01:45:45
+ Introduction
1 lecture 02:01

This lecture introduces the GDPR – in a nutshell course

  • Why this curriculum?
  • What’s in it for you?
  • Who is this course for?
  • Course structure and content
  • GDPR – topics introduced
  • Resources


    Preview 02:01
    + GDPR - rationale and overview
    7 lectures 25:37

    These GDPR – rationale and overview lectures are structured as follows

    • Context – almost every organisation stores and processes personal information, and there are real dangers to people if this information gets into the wrong hands
    • Main concepts – introduces the GDPR: its background, key roles and definitions, increased penalties and exemptions
    • Practical implications – it’s the law, affecting any organisation dealing with the personal information of an EU citizen, failing to comply could lead to huge fines 
    • Summary and conclusions – presents a summary of key points plus final comments
    Preview 02:08

    This lecture discusses

    • Why is data protection regulation necessary?
    • Key data protection concerns
    • GDPR’s purpose
    • How the GDPR works
    • Changes from prior data protection regulation 
    • GDPR headline features
    Preview 05:52

    This GDPR background quiz asks three multiple-choice questions.


    Each question has four answer choices.  


    Read each question and answer choice carefully and choose the one best answer.


    Each answer choice, right or wrong provides a brief explanation.  

    Content-based - Background
    3 questions


    Let’s imagine that you work in a small, UK-based business.  It’s a ‘traditional’ small and medium sized enterprise (SME).  It manufactures and sells its own products to consumers and businesses.  It also partners with other small firms in an industry supply chain.

     

    It has around seventy employees.  You are an experienced, senior manager, trusted, liked and well-respected throughout the firm.

     

    Unexpectedly, the boss tasks you with ‘sorting the GDPR’ and casually adds data protection to your list of responsibilities.

     

    Your company uses networked computers for marketing, sales, production and maintaining staff records.  Computers, laptops, tablets and mobiles are internet enabled.

     

    Most, but not all office applications are now cloud-based.  The payroll and Human Resource (HR) systems operate on a local area network.

    Scenario-based - Background
    3 questions

    This lecture discusses

    • Key GDPR roles 
    • Personal data
    Key roles and definitions
    05:03

    This key roles and definitions quiz asks three multiple-choice questions.


    Each question has four answer choices.  


    Read each question and answer choice carefully and choose the one best answer.


    Each answer choice, right or wrong provides a brief explanation.  

    Content-based - Key roles and definitions
    3 questions


    As your company’s resident ‘GDPR expert’, everyone now turns to you for advice and guidance.  


    Why don’t they research for it themselves?

    Scenario-based - Key roles and definitions
    3 questions

    This lecture discusses

    • A tougher regulatory regime 
    • Fines aren’t the biggest threat
    Increased penalties
    03:58

    This increased penalties quiz asks three multiple-choice questions.


    Each question has four answer choices.  


    Read each question and answer choice carefully and choose the one best answer.


    Each answer choice, right or wrong provides a brief explanation.  

    Content-based - Increased penalties
    3 questions


    Whenever the GDPR gets mentioned, people talk about the increased financial penalties.

    Scenario-based - Increased penalties
    3 questions

    This lecture discusses

    • Are small businesses exempt?
    • General exemptions
    • Proposed UK exemptions 
    • GDPR and Brexit
    Exemptions
    05:45

    This exemptions quiz asks three multiple-choice questions.


    Each question has four answer choices.  


    Read each question and answer choice carefully and choose the one best answer.


    Each answer choice, right or wrong provides a brief explanation.  


    Content-based - Exemptions
    3 questions


    The boss returns very happy from a long business lunch … his friend has told him that small businesses with less than 250 employees like yours, are totally exempt from the GDPR.

    Scenario-based - Exemptions
    3 questions

    This lecture explains

    • Why it matters

    And asks 

    • Where might this lead?
    Practical implications
    01:21

    This lecture summarises the GDPR – rationale and overview topic and draws conclusions

    Summary and conclusions
    01:30
    + Principles and accountability
    5 lectures 25:22

    These principles and accountability lectures are structured as follows

    • Context – data protection principles and accountability underpin the General Data Protection Regulation (GDPR)
    • Main concepts – introduces 6 GDPR data protection principles and the accountability principle
    • Practical implications – failing to comply will lead to serious consequences, so do the right thing 
    • Summary and conclusions – presents a summary of key points plus final comments
    Preview 01:48

    This lecture discusses

    • The six GDPR data protection principles
    • Principle #1 – Lawful, fair and transparent
    • Principle #2 – Specified, explicit, legitimate purposes
    • Principle #3 – Adequate, relevant and limited
    • Principle #4 – Accurate and up to date
    • Principle #5 – For no longer than is necessary
    • Principle #6 – Handled securely 
    Data protection principles
    10:43


    This data protection principles quiz asks three multiple-choice questions.


    Each question has four answer choices.  


    Read each question and answer choice carefully and choose the one best answer.


    Each answer choice, right or wrong provides a brief explanation.  

    Content-based - Data protection principles
    3 questions


    There’s always one.  The barrack room lawyer.  


    He’s been studying the data protection principles, trying to find any holes in what you’re doing.

    Scenario-based - Data protection principles
    3 questions

    This lecture discusses

    • An overarching responsibility 
    • Demonstrating compliance
    Preview 10:31

    This accountability quiz asks three multiple-choice questions.


    Each question has four answer choices.  


    Read each question and answer choice carefully and choose the one best answer.


    Each answer choice, right or wrong provides a brief explanation.  

    Content-based - Accountability principle
    3 questions


    How much GDPR compliance activity does a small company need to do to satisfy the supervisory authorities? 

    Scenario-based - Accountability principle
    3 questions

    This lecture explains

    • Why it matters

    And asks 

    • Where might this lead?
    Practical implications
    01:03

    This lecture summarises the principles and accountability topic and draws conclusions

    Summary and conclusions
    01:17
    + Individual rights
    5 lectures 22:03

    These individual rights lectures are structured as follows

    • Context – the GDPR extends people’s individual rights, so organisations need to prepare
    • Main concepts – introduces the data subject’s rights and considers the business impact of serving them
    • Practical implications – organisations need to update their processes to serve enhanced individual rights 
    • Summary and conclusions – presents a summary of key points plus final comments
    Preview 02:04

    This lecture discusses

    • Data subject’s rights 
    • New and clearer individual rights
    Data subjects' rights
    10:01

    This data subjects' rights quiz asks three multiple-choice questions.


    Each question has four answer choices.  


    Read each question and answer choice carefully and choose the one best answer.


    Each answer choice, right or wrong provides a brief explanation.  

    Content-based - Data subjects' rights
    3 questions


    Under the GDPR, data subjects have new and enhanced rights.  


    It is the responsibility of the data controller to notify data subjects of their rights.   

    Scenario-based - Data subjects' rights
    3 questions

    This lecture discusses

    • Business impact
    • Review existing systems and processes
    • Train staff
    • Updating privacy policies and notices
    • Are your existing contacts happy?
    Preview 07:23

    This business impact quiz asks three multiple-choice questions.


    Each question has four answer choices.  


    Read each question and answer choice carefully and choose the one best answer.


    Each answer choice, right or wrong provides a brief explanation.  

    Content-based - Business impact
    3 questions


    ‘Sorting the GDPR’, amongst other things, means that you’ll need to review existing systems and processes, train staff and update your business’s privacy policies and notices.

    Scenario-based - Business impact
    3 questions

    This lecture explains

    • Why it matters

    And asks

    • Where might this lead?
    Practical implications
    01:11

    This lecture summarises the individual rights topic and draws conclusions

    Summary and conclusions
    01:24
    + Applying the GDPR
    6 lectures 26:26

    These applying the GDPR lectures are structured as follows

    • Context – the GDPR raises many significant issues for organisations – we’ll consider a few common ones
    • Main concepts – introduces subject access requests (SARs), the impact on direct marketing and personal data breach reporting
    • Practical implications – meeting GDPR obligations is challenging – especially dealing with subject access requests, obtaining explicit consent to use personal data and reporting a personal data breach within 72-hours 
    • Summary and conclusions – presents a summary of key points plus final comments
    Preview 01:42

    This lecture discusses

    • Citizen’s rights
    • Can a fee be charged?
    • How long to comply?
    • Unfounded or excessive requests
    • How to provide the information 
    • Large requests
    Subject access requests (SARs)
    05:52

    This subject access requests (SARs) quiz asks three multiple-choice questions.


    Each question has four answer choices.  


    Read each question and answer choice carefully and choose the one best answer.


    Each answer choice, right or wrong provides a brief explanation.  

    Content-based - Subject access requests (SARs)
    3 questions


    There’s no escaping it.  Under the GDPR, EU citizens now have greatly enhanced individual rights.  


    Like it or loathe it, your business must fully serve those data subjects’ rights.

    Scenario-based - Subject access requests (SARs)
    3 questions

    This lecture discusses

    • Implications
    • Consent must be given and not assumed
    • What about ‘legitimate interest’? 
    • Being mindful of other regulations
    Direct marketing implications
    08:38

    This direct marketing implications quiz asks three multiple-choice questions.


    Each question has four answer choices.  


    Read each question and answer choice carefully and choose the one best answer.


    Each answer choice, right or wrong provides a brief explanation.  

    Content-based - Direct marketing implications
    3 questions


    The GDPR changes how the personal data of EU Member State citizens is handled.  


    This has considerable consequences for a company’s sales and marketing practices.

    Scenario-based - Direct marketing implications
    3 questions

    This lecture discusses

    • What is a personal data breach?
    • What personal data breaches require notification?
    • When must individuals be notified?
    • What information does the ICO require?
    • How quickly must a data breach be notified? 
    • Preparing for personal data breach reporting
    Preview 07:06

    This personal data breach notification quiz asks three multiple-choice questions.


    Each question has four answer choices.


    Read each question and answer choice carefully and choose the one best answer.


    Each answer choice, right or wrong provides a brief explanation.  

    Content-based - Personal data breach notification
    3 questions


    Not all information security breaches involve personal data.  


    But, for those that do, it may be necessary to inform the supervisory authority, i.e. in the UK, the ICO.

    Scenario-based - Personal data breach notification
    3 questions

    This lecture explains

    • Why it matters

    And asks 

    • Where might this lead?
    Practical implications
    01:23

    This lecture summarises the applying the GDPR topic and draws conclusions

    Summary and conclusions
    01:45
    + Course summary and conclusions
    1 lecture 04:16
    Course summary and conclusions
    04:16