Key Details

Duration: 3 Hours
Delivery: Inhouse


The General Data Protection Regulation (GDPR) is applicable throughout the European Union from 25 May 2018. This introductory course puts the GDPR into context, highlighting its core requirements in a way that is sufficiently comprehensive to be suitable for all staff needing to be aware of its purpose and impact.

The course is made up of the following subsections:


  • The aim of the GDPR
  • Why it is necessary
  • Who it applies to
  • When it applies

The Principles

  • The seven principles of the GDPR:
  • Fair, lawful and transparent processing
  • Purpose limitation
  • Data limitation
  • Accuracy
  • Data retention period
  • Data security
  • Accountability

Lawful Processing (incl consent)

  • The main instances that provide organisations with the legal basis they require
  • What makes consent valid

Individual’s Rights

  • Right to be informed
  • Right of access
  • Right to rectify
  • Right of erasure
  • Right to data portability

Accountability and governance

  • Maintaining policies and procedures regarding data processing
  • Keeping documentation that records the processing activities undertaken
  • Training staff on the requirements surrounding processing personal data
  • Undertaking internal audits of the processing activities
  • Adhering to a suitable Code of Conduct or certification scheme

Breaches and notifications

  • Notification requirements of a personal data security breach

Data Transfers

  • Restriction on the transfer of personal data to recipients outside of the European Economic Area (EEA) except in limited circumstances
  • The limited circumstances in which personal data may be transferred
  • The potential fine for breaching the data transfer requirements

After attending this course, participants will:

  • Be able to describe the core requirements of the GDPR
  • Be better equipped to consider and assess the implications of GDPR on their Firm