What is Certified EU General Data Protection Regulation (EU GDPR) Foundation Course?

The Certified EU GDPR Foundation Course is designed to give Learners a fundamental understanding of the EU General Data Protection Regulation (GDPR). This course covers GDPR's basic concepts, principles, and requirements, enabling learners to comprehend its significance and practical implications for organisations.

Learners will learn about the core components of GDPR, including data subject rights, lawful processing, and accountability principles. This foundational course lays the groundwork for individuals seeking to develop expertise in data protection and progress to advanced GDPR certifications.

This comprehensive 2-day Certified EU GDPR Foundation Course by Oakwood International provides learners with the knowledge to ensure essential compliance with GDPR and establish a strong foundation in data protection practices.
 

Course Objectives:
 

  • Learn the principles and essential requirements of GDPR
  • Gain insights into data subject rights and lawful processing
  • Recognise the roles and responsibilities of Data Controllers and Processors
  • Understand the importance of accountability and transparency in GDPR
  • Learn how to manage and secure personal data effectively
  • Prepare for advanced GDPR certifications and roles in data protection

Upon completion, Learners will have the foundational knowledge to support GDPR compliance efforts and contribute to their organisation’s data protection strategies.

Course Outline

Certified EU General Data Protection Regulation (EU GDPR) Foundation Course

Module 1: Introduction to the GDPR 

  • GDPR in a Nutshell
  • Generate Customer Confidence
  • Focus of GDPR
  • What is Personal Information?
  • Who has PII?
  • Lawful Processing of Personal Data
     

Module 2: Binding Corporate Rules 

  • Introduction
  • Scope
  • UK ICO’s View of the Scope
  • Processing GDPR Definition
  • Who Processes PII?
  • What is Special Data?
  • Legal Framework
  • Timeline and Derogations
  • Some Key Areas for Derogation
  • Data Breaches/Personal Data Breach
  • Consequences of Failure
  • Governance Framework 
     

Module 3: GDPR Terminology and Techniques 

  • Key Roles
  • Data Set
  • Subject Access Request (SAR)
  • Data Protection Impact Assessments (DPIA)
  • What Triggers a Data Protection Impact Assessment?
  • DPIA is Not Required
  • Processes to be Considered for a DPIA
  • Responsibilities
  • DPIA Decision Path
  • DPIA Content
  • How Do I Conduct a DPIA?
  • Signing Off the DPIA
  • Mitigating Risks Identified by the DPIA
  • Privacy by Design and Default
  • External Transfers
  • Profiling
  • Pseudonymisation
  • Principles, User Rights, and Obligations
  • One Stop Shop 
     

Module 4: Structure of the Regulation 

  • Parts of the GDPR
  • Format of the Articles
  • Articles
     

Module 5: Principles and Rights 

  • Introduction
  • Legality Principle
  • How the Permissions Work Together ?
  • Lawfulness of Processing Conditions
  • Lawfulness for Special Categories of Data
  • Criminal Offence Data
  • Consent
  • Transparency Principle
  • Fairness Principle
  • Rights of Data Subjects
  • Purpose Limitation Principle
  • Minimisation Principle
  • Accuracy Principle
  • Storage Limitation Principle
  • Integrity and Confidentiality Principle
  • Accountability Principle 
     

Module 6: Demonstrating Compliance 

  • Demonstrating Compliance with the GDPR
  • Impact of Compliance Failure
  • Administrative Fines
  • What Influences the Size of an Administrative Fine?
  • Joint Controllers
  • Processor Liability Under GDPR
  • Demonstrating Compliance
  • Protecting PII is Only Half the Job
  • What must be Recorded?
  • Additional Ways of Demonstrating Compliance
  • Demonstrating a Robust Process
  • PIMS (Personal Information Management System)
  • Cyber Essentials
  • ISO 27017 Code of Practice for Information Security Controls
  • Risk Management 
     

Module 7: Incident Response and Data Breaches 

  • What is a Personal Data Breach?
  • Notification Obligations
  • What Breaches Do I Need to Notify the Relevant Supervisory Authority About?
  • What Information Must Be Provided to the SA?
  • How do I Report a Breach to the SA?
  • Notifying Data Subjects
  • What Should I do to Prepare for Breach Reporting?
  • Updating Policies and Procedures
  • Breach Reporting and Responses
  • Ways to Minimise the Breach Impact 
     

Module 8: Understanding the Principle Roles

  • What the GDPR Makes Businesses Responsible For?
  • Difference Between a Data Controller and a Data Processor
  • How the Roles Split?
  • Controllers and Processors
  • Main Obligations of Data Controllers
  • Demonstrate Compliance
  • Joint Controllers and EU Representative
  • Controller-Processor Contract
  • Maintain Records and Keeping Records for Small Businesses
  • Cooperation with Supervisory Authorities
  • Keeping PII Secure
  • Data Breach Transparency
  • Role of the Data Processor
  • Controller-Processor Contract
  • Main Obligations of the Processor
  • Perform Only the Data Processing Defined by the Data Controller
  • Update the Data Controller
  • Sub-Process or Appointment
  • Keep PII Confidential
  • Maintaining Records
  • Cooperate with Supervisory Authorities
  • Security
  • Appoint a DPO – If Necessary
  • Transferring Data Outside the EU
     

Module 9: Role of the DPO

  • Role of a Data Protection Officer
  • Involvement of the DPO
  • Main Responsibilities of the DPO
  • Working Environment for the DPO
  • Must We Have A DPO?
  • Public Body
  • What does Large Scale mean?
  • Systematic Monitoring
  • Who Can Perform the Role of DPO?
  • Skills Required
  • Monitoring Compliance
  • Training and Awareness
  • Data Protection Impact Assessments (DPIAs)
  • Risk-Based Approach
  • Business Support for the DPO
  • DPO Independence
  • DPO – Conflict of Interest
     

Module 10: UK Implementation

  • Key Differences Between the Data Protection Act and the GDPR
  • Highlights from the Data Protection Bill
  • Definition of Controller
  • Health, Social Work, Education, and Child Abuse
  • Age of Consent
  • Exemptions for Freedom of Expression
  • Research and Statistics
  • Archiving in the Public Interest
     

Module 11: Key Features

  • Specific Permission
  • Privacy by Design
  • Data Portability
  • Right to be Forgotten
  • Definitive Consent
  • Information in Clear Readable Language
  • Limits on the Use of Profiling
  • Everyone Follows the Same Law
  • Adopting Techniques
     

Module 12:  Subject Access Requests and How to Deal with them?

  • Subject Access Requests (SAR)
  • Dealing with SAR
  • Recognise the Request
  • Understand the Time Limitations
  • Dealing with Fees and Excessive Requests
  • Identify, Search, and Gather the Requested Data
  • Learn about What Information to Withhold
  • Developing and Sending a Response

Included

Included

  • No course includes are available.

Offered In This Course:

  • vedio Video Content
  • elearning eLearning Materials
  • exam Study Resources
  • certificate Completion Certificate
  • study Tutor Support
  • workbook Interactive Quizzes
Individual Training

Individual Training fosters personal growth, enhances professional skills, and builds confidence.

Get a Quote rightblue-arrow
Corporate Training

Corporate Training improves employee skills, increases productivity, and aligns teams with company objectives.

Learning Options

Discover a range of flexible learning options designed to meet your needs. Select the format that best supports your personal growth and goals.

Online Instructor-Led Training

  • Live virtual classes led by experienced trainers, offering real-time interaction and guidance for optimal learning outcomes.

Online Self-Paced Training

  • Flexible learning at your own pace, with access to comprehensive course materials and resources available anytime, anywhere.

Build your future with Oakwood International

We empower you with the skills, knowledge, and confidence to excel in your career. Join us and take the first step towards realising your professional goals.

Frequently Asked Questions

Q. What topics are covered in the Certified EU GDPR Foundation Course?

The course covers GDPR fundamentals, data protection principles, roles and responsibilities, data subject rights, and compliance preparation.

Q. How can this training benefit my career?

This training provides foundational GDPR knowledge, helping you support compliance initiatives and advance your career in data protection and privacy roles.

Q. Is GDPR applicable only to EU organisations?

No, GDPR applies to organisations worldwide that process the personal data of EU citizens.

Q. What support is provided during the training?

Learners receive comprehensive study materials, hands-on exercises, and expert instructor support to ensure a practical understanding of GDPR concepts.

Q. Is this course suitable for beginners?

Yes, this course is designed for individuals who have yet to gain prior experience and provides a strong foundation in GDPR concepts and compliance practices.

Didn’t Find What You’re Looking For?