GDPR & Data Protection Course
This online GDPR & Data Protection Course gives every employee, manager and business owner the practical knowledge they need to handle personal data safely under UK data protection law — completed online in around 90 minutes for £14 per learner.
Covering the UK GDPR, the Data Protection Act 2018 and the EU GDPR, it explains the key data protection principles, data subject rights, lawful bases for processing, and what to do in the event of a data breach. CPD accredited, with an instant certificate the moment you pass.
- Level
- Staff awareness
- Format
- 100% online
- Duration
- 90 minutes
- Modules
- 5 short modules
- Assessment
- Multiple-choice exam
- Pass mark
- 80% · free unlimited retakes
- Certificate
- Instant printable PDF
- Accreditation
- CPD certified
What is the GDPR & Data Protection Course?
This online GDPR & Data Protection Course gives every employee, manager and business owner the practical knowledge they need to handle personal data safely under UK data protection law. Covering the UK GDPR, the Data Protection Act 2018 and the EU GDPR, it explains the key data protection principles, data subject rights, lawful bases for processing, and what to do in the event of a data breach.
This CPD-accredited online course is suitable for any organisation that handles personal data — from small businesses managing customer records to HR teams handling employee files, marketing teams managing email lists, and healthcare or public-sector employees handling sensitive information. Complete in 90 minutes, get your certificate instantly, and demonstrate that your team is appropriately trained as required under UK data protection law.
Studied entirely online and at your own pace, you’ll receive an instant, printable certificate the moment you pass. GDPR & Data Protection Course is part of Online CPD Academy — a UK provider of accredited online training spanning health & safety, fire safety, first aid and more.
What you'll learn
This online GDPR & Data Protection Course gives learners:
- The relationship between UK GDPR, EU GDPR and the Data Protection Act 2018
- The key data protection principles every organisation must follow
- The rights of data subjects, including subject access requests and how to handle them within the legal timescales
- The lawful bases for processing personal data, including how to obtain valid consent
- How to recognise, contain and report data breaches in line with UK data protection law
- Your data protection responsibilities as an employee, manager or DPO
- The implications of non-compliance — for individuals and the organisation
The course combines clear explanations, real-world workplace examples and short interactive checks — making sure every learner finishes with the practical knowledge to handle personal data safely and stay on the right side of UK data protection law.
Course content
The course is divided into five short, interactive modules, each with quick reviews to reinforce learning and prepare you for the final assessment. Work through them at your own pace and revisit any topic as often as you like.
1Introduction to GDPR and UK Data Protection LawHow the law fits together.
What's covered
- What the UK GDPR, the Data Protection Act 2018 and the EU GDPR are
- How the three frameworks relate to one another
- Why data protection matters for every organisation
- An overview of what the rest of the course covers
2The Data Protection PrinciplesThe rules every organisation must follow.
What's covered
- The key data protection principles of the UK GDPR
- How to apply each principle in everyday work
- What lawful, fair and transparent processing means in practice
- The accountability duties placed on organisations
3Data Subject Rights and Subject Access RequestsThe rights of the people whose data you hold.
What's covered
- The rights data subjects have under the UK GDPR
- What a subject access request is
- How to handle a subject access request within the legal timescales
- The right to be informed, to erasure and to rectification
4Lawful Bases, Consent and Processing Personal DataGetting the legal basis right.
What's covered
- The lawful bases for processing personal data
- How to choose the right lawful basis
- How to obtain valid consent
- Special category data and the extra protections it requires
5Data Breaches, Cyber Security and ReportingWhat to do when things go wrong.
What's covered
- How to recognise a personal data breach
- The steps to contain a breach
- When and how to report a breach in line with UK data protection law
- Practical cyber security measures that protect personal data
Assessment & certificate
At the end of the course there is a short final assessment in multiple-choice format with an 80% pass mark. If you don’t pass first time, retakes are completely free of charge — there’s no limit on attempts and no extra cost.
Once you’ve passed, your CPD-accredited GDPR certificate is issued instantly and is available to download and print straight from your account — ready for staff records, audits, supplier reviews and your data protection compliance file. The certificate has no expiry date, though we recommend refreshing your GDPR training every three years.
Who is this course for?
This GDPR & Data Protection Course is suitable for any employee, manager or business owner whose work involves handling personal data — which, in 2026, covers almost every role in almost every organisation. It is designed for:
- Office staff handling customer or supplier data
- HR and recruitment teams managing employee records
- Marketing, sales and CRM teams managing email and contact lists
- Healthcare, education, charity and public-sector employees
- Managers responsible for data protection within a team
- Owners and directors of small and medium-sized businesses
It’s also ideal as refresher training, as mandatory induction training for new staff, and as a quick way for organisations to demonstrate they’ve trained anyone who handles personal data.
Not sure if your team needs it? Our GDPR guides explain who’s covered and what UK data protection law expects of your organisation.
Training your whole team
Buy any number of seats in one transaction, assign them as people join, and keep everything organised under one admin account.
One admin, unlimited learners
A single admin login lets you assign courses to colleagues in seconds — no need for everyone to buy separately.
Live progress tracking
See who’s completed, who’s in progress and who hasn’t started — so you can prompt the right people instead of chasing the whole team.
Automatic certificates
Every pass is logged against the learner’s name and downloadable for your audit file — no chasing paperwork.
Audit-ready records
Completion dates and certificate numbers stored centrally — exactly what auditors, the ICO and clients want to see as evidence of training.
Add new starters anytime
Buy seats now and assign them the day someone joins — course credits never expire until they're used.
One invoice, bulk discount
A single payment with the bulk discount applied automatically. Need a proforma invoice or PO? Just get in touch.
How many do you need?
Enter your headcount and we’ll work out the licences, the bulk discount that applies and your total — then add them all to your basket in one click.
Add 5 more to reach 10 and unlock 10% off.
Bigger orders = bigger discounts
Get more value from your training by purchasing in bulk. Secure a lower rate today and use your courses whenever it suits you. You can even mix and match different courses — your discount applies across your entire order.
Discounts are applied automatically at checkout based on your total quantity. For 500+ seats or multi-site rollouts, ask us about custom pricing.
Why take this course?
Almost every UK business handles personal data — customer email lists, employee records, supplier contacts, CRM databases, website analytics. Mishandling that data carries real legal, financial and reputational risk. This course equips employees and employers to handle personal data correctly and stay compliant.
Independently CPD accredited
Our GDPR & Data Protection Course is fully CPD accredited and covers everything required by UK data protection law. You’ll see other providers carrying various badges and affiliations — but neither the UK GDPR nor the Data Protection Act 2018 mandates any specific accrediting body for staff data protection training. What the legislation requires is that the people processing personal data are appropriately trained to do so safely and lawfully. That’s exactly what this CPD-accredited course delivers.
Your certificate, ready the moment you pass
The second you finish the final assessment, a printable PDF certificate is ready to download from your dashboard. CPD-accredited and recognised by employers across the UK for staff records, audits, supplier reviews and your data protection compliance file.
- ✓High-resolution printable PDF certificate
- ✓Shows the course name, your name and completion date
- ✓CPD accredited, with no expiry date
Certified in three simple steps
No classrooms, no scheduled sessions, no waiting around. Buy your course, study online, and walk away with an accredited certificate.
Buy in seconds
Add the course to your basket and check out by card. Buying for a team? Use the calculator to work out how many you need and unlock bulk discounts automatically.
Learn at your own pace
Work through five short modules online. Your progress saves automatically, so you can pause and pick up where you left off — most learners finish in around 90 minutes.
Pass and get certified instantly
Score 80% or more on the multiple-choice assessment and download your CPD-accredited certificate as a printable PDF straight away. Free unlimited retakes if you need them.
GDPR & data protection course FAQs
Is this course recognised by employers? +
Yes. Our GDPR & Data Protection Course is CPD accredited — one of the most widely recognised UK accreditations for professional training. Neither the UK GDPR nor the Data Protection Act 2018 specify which body must accredit data protection training; they specify that staff who handle personal data must be appropriately trained. Our course delivers exactly that, and is accepted as suitable evidence by employers, auditors and clients across the UK.
How long does the course take? +
Most learners complete the course in around 90 minutes. You can pause at any time and return when it suits you — your progress is saved automatically.
Is GDPR training mandatory? +
For people in your organisation who handle personal data, yes — the UK GDPR and the Data Protection Act 2018 require organisations to make sure staff who process personal data are appropriately trained. This course satisfies that requirement for general staff awareness.
Does this course cover both UK GDPR and EU GDPR? +
Yes. The two regulations share most of their substance. This course covers the UK GDPR and the Data Protection Act 2018 in detail, with clear reference to the EU GDPR for organisations that handle the personal data of EU residents.
What if I fail the assessment? +
Retakes are completely free of charge. There’s no limit on attempts and no extra cost.
Will I get a certificate? +
Yes. A CPD-accredited GDPR certificate is issued instantly on completion of the course and is downloadable from your account.
Does the certificate expire? +
The certificate doesn’t have an expiry date — once you’ve passed, it’s yours. We recommend refreshing your GDPR training every 3 years, or sooner if UK data protection law, ICO guidance, or your organisation’s data handling processes change significantly.
Does this course replace the need for a Data Protection Officer? +
No. This is awareness training for anyone who handles personal data. Some organisations are legally required to appoint a Data Protection Officer (DPO) under the UK GDPR; the DPO role goes further and typically requires more advanced training and ongoing professional development. If you’re a DPO, this course is a useful refresher of the principles — but the role itself sits on top of awareness training, not in place of it.
Get GDPR trained in 90 minutes
Instant access, learn at your own pace, and download your CPD-accredited certificate the moment you pass.
Popular GDPR & data protection guides
Browse our GDPR and data protection guides — clear, practical articles on the UK GDPR, the Data Protection Act 2018, subject access requests, lawful bases and data breaches.