Sales 0333 577 5016

Support 0333 577 5017
No. of licences % saving
10-19 10%
20-49 20%
50-99 25%
100-149 30%
150-199 35%

For discounted prices on 200+ licences, please email us at or call us on 0333 577 5016.


Click on the image below to download the GDPR (Level 2) flyer.

Data Protection and the GDPR (Level 2)

Duration: 2 hours
Cost: £20+VAT

The General Data Protection Regulation, or GDPR for short, is the biggest change to data protection law for a generation.

This online Data Protection and the GDPR training is a comprehensive, step-by-step explanation of the purpose of the GDPR, the duties and obligations it places upon organisations and individuals that handle personal information, and the steps that need to be taken to comply with the GDPR.

The training incorporates guidance provided by the Information Commissioner’s Office (ICO) and the EU’s Article 29 Working Party, and identifies the key differences between the requirements of the GDPR and the Data Protection Act 1998 (DPA) that it replaces.

The approximate duration of this training is 2 hours.

We also offer the Data Protection and the GDPR (Level 1) training course.

Who is it for?

The training is suitable for all individuals who may handle personal data or have access to it.

When do I get my certificate?

When you have successfully passed the course you will be able to download and print your certificate straight away.

As this course has been accredited by the CPD Certification Service, your certificate will contain the CPD logo and can be used to provide evidence for compliance.

What does the course cover?

The course contains the following 10 topics and includes an assessment:

Background to the GDPR

  • How data protection regulations have evolved.
  • From when the GDPR applies.
  • The impact of new technologies on data use and storage.
  • The organisation that is responsible for policing data protection.
  • What is meant by the terms ‘data’ and ‘personal data’.
  • Why it is necessary to protect personal data.

Transfers of personal data

  • Why the GDPR applies globally.
  • The aim of the restrictions on the transfer of data.
  • Examples of safeguards required before data can be transferred abroad.

Personal data covered by the GDPR

  • The categories of personal data covered by the GDPR.
  • The difference between personal data and sensitive personal data.
  • When IP addresses, usernames and other online identifiers qualify as ‘personal data’ under the GDPR.

How personal data is protected by the GDPR

  • How the GDPR seeks to prevent personal data from falling into the wrong hands.
  • Who is responsible for enforcing the GDPR.
  • What the ICO is.
  • The information that must be provided when registering with the ICO.
  • What is meant by the terms Data Controller, Data Processor and Data Subject.
  • The purpose of the 7 data protection principles.

The 7 data protection principles

  • The purpose of the data protection principles.
  • The 7 data protection principles.
  • Examples where one or more of the principles apply.

The 8 rights of data subjects

  • What data subject rights are.
  • The 8 data subject rights.
  • Examples where a data subject might exercise his/her rights.
  • What can happen if a data subject's rights are ignored.

Accountability and compliance

  • The measures that can be put in place to demonstrate compliance with the GDPR.
  • Privacy by default and privacy by design.
  • The purpose and benefit of carrying out a DPIA.
  • When a DPIA is mandatory.
  • The role of a Data Protection Officer and when one must be appointed.
  • The basic requirements that must form part of a contract between Data Controllers and Processors.

Data breaches and the GDPR

  • What is meant by a breach of personal data.
  • When a breach needs to be reported.
  • Who the breach must be reported to and when it must take place.

Exemptions and partial exemptions

  • What is meant by a derogation from the GDPR.
  • The categories of data that are exempt or partially exempt under the GDPR.
  • The probable exemptions and partial exemptions.

Preparing for the GDPR

  • The need to start preparing for the GDPR now.
  • The 12 steps that can be taken to prepare for the GDPR.


The assessment is generated from question banks so that the questions change each time a candidate takes the assessment – making the training suitable for initial and refresher training.

There is no limit on the number of attempts at the assessment and informative feedback is given so candidates can learn from their incorrect responses.

Can’t find the training you want? Just email us at or call us on 0333 577 5016 to discuss what you are looking for. We regularly add to our training portfolio and adapt existing training to specific end user requirements.