General Data Protection Regulation (GDPR)
Units one and two in this e-learning course cover the key purposes of the legislation providing learners with an overview of the General Data Protection Regulation (GDPR), what they must do to comply with the legislation and the penalties for non-compliance. It is aimed at the decision makers and managers within an organisation who are responsible for planning, implementing and managing the handling of data and associated processes.
Units three and four include a definition of ‘personal data’ and cover the new rights for individuals introduced by the GDPR and how the GDPR strengthens some of the rights that existed under the old Data Protection Act (DPA).
The online materials include quizzes and exercises to help reinforce learning. There is also an online assessment to test students’ understanding of the topic on completion of the course.
Unit Titles and Learning Objectives
Unit 1 – Introduction to the GDPR
- Understanding what the General Data Protection Regulation (GDPR) is and why it was implemented
- What Data Processors and Data Controllers are
- The reasons for establishing and documenting a lawful basis for processing personal data
- The importance of Data Processing Agreements
- The purpose of Privacy Impact Assessments (PIAs)
- The role of a Data Protection Officer (DPO).
Unit 2 – Complying with the GDPR
- What needs to be done to comply with the GDPR
- The importance of reviewing personal data collection processes
- Handling requests for data and understanding what data portability is
- Recognising when a data breach has occurred and following the correct data breach notification procedures
- The penalties for non-compliance with the GDPR
- The importance of privacy by design and default.
Unit 3 – The Rights of Individuals – Part 1
- The definition of ‘personal data’
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure.
Unit 4 – The Rights of Individuals – Part 2
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.