A GDPR eLearning Course course outlining the new General Data Protection Regulation (GDPR). The course covers how GDPR is different from the Data Protection Act, what the changes mean for those who process personal data and what is required to remain compliant.
Summary lesson 1 – Overview:
- GDPR will replace the EU Data Protection Directive 1995 and the UK Data Protection Act 1998.
- As a regulation GDPR applies directly and should reduce the level of national data protection variation across member states of the EU.
- GDPR applies to organisations based in the EU and organisations based outside the EU if they process the personal data of EU residents.
- GDPR introduces much tougher financial penalties for non-compliance with data protection.
Summary Lesson 2 – Roles and data:
- You must be familiar with the role you play so that you are aware of your responsibilities under GDPR.
- Personal data will include location data and online identifiers.
- If your primary basis for processing personal data is that you have consent, then this consent must be informed, specific and unambiguous.
- You must obtain an individual’s explicit consent if you wish to process special category data.
- GDPR highlights the importance of protecting children’s personal data used for online activities.
Summary Lesson 3 – Principles:
- GDPR principles determine how personal data should be processed.
- If you process personal data you must comply with these principles.
- GDPR includes a new accountability principle for data controllers and processors whereby they must be able to demonstrate their compliance.
- Privacy should be the default and incorporated into the design of systems.
Summary Lesson 4 – Individuals’ rights:
- Individuals have the right to obtain information from the data controller on how and where their data is being used and for what purpose.
- The data controller must provide this information free of charge and in a commonly used electronic format.
- If rights are infringed, individuals can take legal action against data controllers and data processors.
- GDPR imposes restrictions on the transfer of personal data outside the EU.