Skip to main content

GDPR Level 2 – General Data Protection Regulation (eLearning)

Target Audience

This Level 2 course is aimed at departmental line managers, Heads of Function, company directors and those responsible for ensuring organisational compliance with the GDPR.

The other GDPR Level 1 e-learning is aimed at staff, supervisors and line managers working in data handling related positions with no experience of GDPR. The GDPR Level 2 e-learning is not a continuation of Level 1 and the GDPR modules do not need to be completed in succession.


The data protection regulation commonly referred to as the ‘GDPR’, came into force throughout the EU and EEA on May 25th, 2018. This regulation is highly significant for any organisation who handles or monitors the personal data of individuals within the EU and EEA.

The regulation aims to:

  • Safeguard the personal data privacy rights of individuals.
  • Heighten accountability for how personal data is acquired and handled.

The GDPR applies to organisations (and sole traders) who:

  • collect, share and use the personal data of EU/EEA residents;
  • or, who offer goods and services to, or monitors EU/EEA residents.

The GDPR applies, irrespective of the country where the organisation is established. Thus, the GDPR has expanded the territorial scope of EU data protection law.

This course can be accessed for up to 60 days after purchase.

Course Structure

The course is divided into 15 component parts and takes approximately two hours to complete. Practical templates are provided with course topics. Participants should allow for additional time to fully complete the practical work associated with the lessons in the course. Topics are self-contained to facilitate micro-learning for the time conscious participant.

1. Introduction to the GDPR

This introductory lesson will help you to familiarise yourself with what the General Data Protection Regulation is and who the Regulation applies to. It also provides you with an opportunity to learn about the Data Protection Principles that organisations must adhere if they are to comply with the GDPR when processing personal data.

2. Key Data Protection Terminology

Defining what we mean by the terms ‘Data Subject, ‘Data Controller’, ‘Data Processor’, ‘Data Processing’ and ‘Supervisory Authority’.

3. Strengthening the Rights of Individuals

This lesson provides you with an overview of the privacy rights of individuals and the compliance implications of the GDPR.

4. The Principle of Accountability

The Accountability Principle is highly significant, as it compels organisations to demonstrate how they are complying with the data protection principles contained in the GDPR. How organisations demonstrate or evidence compliance will reflect the nature of their activities and organisation size. But irrespective of how large an organisation is, accountability for and transparency in the processing of personal data is a must!

5. Complying with the GDPR

Building on what we learned about the rights of individuals in Lesson 3, in this lesson we look at some of the practical ways in which the GDPR may impact on staff (or charity volunteers) in their day-to-day work. It also provides participants with a quick summary of the actions that should be taken to ensure GDPR compliance.

6. Keeping Data Secure – Personal Top Tips

In this lesson we take a quick look at some of the things we can each do, to help keep personal data secure in our organisations.

7. Preparing a Compliance Strategy

A clear but focused compliance strategy articulated in a GDPR Action Plan will help everyone to better understand what steps an enterprise should take to achieve GDPR compliance.

8. The Data Journey

To ensure compliance with the GDPR, an organisation will need to identify any potential weaknesses in its current methods for handling personal and/or sensitive data. To ensure that there are no ‘weak’ points in how personal data is processed, it may be helpful to consider the journey that different types of personal data takes as it goes through the organisation.

9. Data Security

There is a significant number of factors to consider when reviewing data and cyber security within an organisation. In this lesson, we consider a checklist of questions that managers may find helpful to answer when reviewing data security in their organisations.

10. Data Breaches

The GDPR requires an organisation to be able to respond appropriately to a data breach incident.

11. Data Handling Processes

In this lesson, we consider how managers should approach a review of the processes relating to the handling and processing of personal data.

12. Policy Development and Documentation

Compliance with the GDPR will require organisations to review their policies around data protection. It is necessary for organisations to be able to document and evidence their compliance with the Regulation.

13. Staff Training

To ensure ongoing compliance with the GDPR and the organisation’s data protection policies, it will be necessary for all organisations to provide adequate training to staff and volunteers (where appropriate in non-profits). In this lesson, we provide you with resources to support you in this task.

14. GDPR Management Review

GDPR makes data protection a board-level topic that should appear on the agendas of directors and management committees for discussion. The consequences for an organisation of a data breach can be significant and therefore a board of directors (or management committee) must ensure that adequate policies and procedures are in place to safeguard personal and sensitive data and protect the reputation of the organisation.

15. Course Assessment

Upon successful completion of the final course assessment each participant will be able to independently download a Certificate of Course Completion.


Note: Once an e-Learning course is booked, it could take up to 48 hours for login details to be provided.

NOTE: When booking, please make sure to input all the correct contact details onto the booking form as the information will be used to create learner profiles. Should information be entered incorrectly it could delay the booking process.


€75Nonprofit Organisation
€75Carmichael Resident Organisation
€75Statutory Organisation
€75Corporate Organisation

Book Now