What is Certified EU General Data Protection Regulation (EU GDPR) Foundation Course?
The Certified EU GDPR Foundation Course is designed to give Learners a fundamental understanding of the EU General Data Protection Regulation (GDPR). This course covers GDPR's basic concepts, principles, and requirements, enabling learners to comprehend its significance and practical implications for organisations.
Learners will learn about the core components of GDPR, including data subject rights, lawful processing, and accountability principles. This foundational course lays the groundwork for individuals seeking to develop expertise in data protection and progress to advanced GDPR certifications.
This comprehensive 2-day Certified EU GDPR Foundation Course by Oakwood International provides learners with the knowledge to ensure essential compliance with GDPR and establish a strong foundation in data protection practices.
Course Objectives:
- Learn the principles and essential requirements of GDPR
- Gain insights into data subject rights and lawful processing
- Recognise the roles and responsibilities of Data Controllers and Processors
- Understand the importance of accountability and transparency in GDPR
- Learn how to manage and secure personal data effectively
- Prepare for advanced GDPR certifications and roles in data protection
Upon completion, Learners will have the foundational knowledge to support GDPR compliance efforts and contribute to their organisation’s data protection strategies.
Course Outline
Certified EU General Data Protection Regulation (EU GDPR) Foundation Course
Module 1: Introduction to the GDPR
- GDPR in a Nutshell
- Generate Customer Confidence
- Focus of GDPR
- What is Personal Information?
- Who has PII?
- Lawful Processing of Personal Data
Module 2: Binding Corporate Rules
- Introduction
- Scope
- UK ICO’s View of the Scope
- Processing GDPR Definition
- Who Processes PII?
- What is Special Data?
- Legal Framework
- Timeline and Derogations
- Some Key Areas for Derogation
- Data Breaches/Personal Data Breach
- Consequences of Failure
- Governance Framework
Module 3: GDPR Terminology and Techniques
- Key Roles
- Data Set
- Subject Access Request (SAR)
- Data Protection Impact Assessments (DPIA)
- What Triggers a Data Protection Impact Assessment?
- DPIA is Not Required
- Processes to be Considered for a DPIA
- Responsibilities
- DPIA Decision Path
- DPIA Content
- How Do I Conduct a DPIA?
- Signing Off the DPIA
- Mitigating Risks Identified by the DPIA
- Privacy by Design and Default
- External Transfers
- Profiling
- Pseudonymisation
- Principles, User Rights, and Obligations
- One Stop Shop
Module 4: Structure of the Regulation
- Parts of the GDPR
- Format of the Articles
- Articles
Module 5: Principles and Rights
- Introduction
- Legality Principle
- How the Permissions Work Together ?
- Lawfulness of Processing Conditions
- Lawfulness for Special Categories of Data
- Criminal Offence Data
- Consent
- Transparency Principle
- Fairness Principle
- Rights of Data Subjects
- Purpose Limitation Principle
- Minimisation Principle
- Accuracy Principle
- Storage Limitation Principle
- Integrity and Confidentiality Principle
- Accountability Principle
Module 6: Demonstrating Compliance
- Demonstrating Compliance with the GDPR
- Impact of Compliance Failure
- Administrative Fines
- What Influences the Size of an Administrative Fine?
- Joint Controllers
- Processor Liability Under GDPR
- Demonstrating Compliance
- Protecting PII is Only Half the Job
- What must be Recorded?
- Additional Ways of Demonstrating Compliance
- Demonstrating a Robust Process
- PIMS (Personal Information Management System)
- Cyber Essentials
- ISO 27017 Code of Practice for Information Security Controls
- Risk Management
Module 7: Incident Response and Data Breaches
- What is a Personal Data Breach?
- Notification Obligations
- What Breaches Do I Need to Notify the Relevant Supervisory Authority About?
- What Information Must Be Provided to the SA?
- How do I Report a Breach to the SA?
- Notifying Data Subjects
- What Should I do to Prepare for Breach Reporting?
- Updating Policies and Procedures
- Breach Reporting and Responses
- Ways to Minimise the Breach Impact
Module 8: Understanding the Principle Roles
- What the GDPR Makes Businesses Responsible For?
- Difference Between a Data Controller and a Data Processor
- How the Roles Split?
- Controllers and Processors
- Main Obligations of Data Controllers
- Demonstrate Compliance
- Joint Controllers and EU Representative
- Controller-Processor Contract
- Maintain Records and Keeping Records for Small Businesses
- Cooperation with Supervisory Authorities
- Keeping PII Secure
- Data Breach Transparency
- Role of the Data Processor
- Controller-Processor Contract
- Main Obligations of the Processor
- Perform Only the Data Processing Defined by the Data Controller
- Update the Data Controller
- Sub-Process or Appointment
- Keep PII Confidential
- Maintaining Records
- Cooperate with Supervisory Authorities
- Security
- Appoint a DPO – If Necessary
- Transferring Data Outside the EU
Module 9: Role of the DPO
- Role of a Data Protection Officer
- Involvement of the DPO
- Main Responsibilities of the DPO
- Working Environment for the DPO
- Must We Have A DPO?
- Public Body
- What does Large Scale mean?
- Systematic Monitoring
- Who Can Perform the Role of DPO?
- Skills Required
- Monitoring Compliance
- Training and Awareness
- Data Protection Impact Assessments (DPIAs)
- Risk-Based Approach
- Business Support for the DPO
- DPO Independence
- DPO – Conflict of Interest
Module 10: UK Implementation
- Key Differences Between the Data Protection Act and the GDPR
- Highlights from the Data Protection Bill
- Definition of Controller
- Health, Social Work, Education, and Child Abuse
- Age of Consent
- Exemptions for Freedom of Expression
- Research and Statistics
- Archiving in the Public Interest
Module 11: Key Features
- Specific Permission
- Privacy by Design
- Data Portability
- Right to be Forgotten
- Definitive Consent
- Information in Clear Readable Language
- Limits on the Use of Profiling
- Everyone Follows the Same Law
- Adopting Techniques
Module 12: Subject Access Requests and How to Deal with them?
- Subject Access Requests (SAR)
- Dealing with SAR
- Recognise the Request
- Understand the Time Limitations
- Dealing with Fees and Excessive Requests
- Identify, Search, and Gather the Requested Data
- Learn about What Information to Withhold
- Developing and Sending a Response
Included
Included
- No course includes are available.
Offered In This Course:
-
Video Content
-
eLearning Materials
-
Study Resources
-
Completion Certificate
-
Tutor Support
-
Interactive Quizzes
Learning Options
Discover a range of flexible learning options designed to meet your needs. Select the format that best supports your personal growth and goals.
Online Instructor-Led Training
- Live virtual classes led by experienced trainers, offering real-time interaction and guidance for optimal learning outcomes.
Online Self-Paced Training
- Flexible learning at your own pace, with access to comprehensive course materials and resources available anytime, anywhere.
Build your future with Oakwood International
We empower you with the skills, knowledge, and confidence to excel in your career. Join us and take the first step towards realising your professional goals.
Frequently Asked Questions
Q. What topics are covered in the Certified EU GDPR Foundation Course?
The course covers GDPR
fundamentals, data protection principles, roles and responsibilities, data
subject rights, and compliance preparation.
Q. How can this training benefit my career?
This training provides
foundational GDPR knowledge, helping you support compliance initiatives and advance
your career in data protection and privacy roles.
Q. Is GDPR applicable only to EU organisations?
No, GDPR applies to
organisations worldwide that process the personal data of EU citizens.
Q. What support is provided during the training?
Learners receive comprehensive
study materials, hands-on exercises, and expert instructor support to ensure a
practical understanding of GDPR concepts.
Q. Is this course suitable for beginners?
Yes, this course is
designed for individuals who have yet to gain prior experience and provides a
strong foundation in GDPR concepts and compliance practices.