What is GDPR? EU Data Protection Law Explained

Obtaining valid consent: Knowledge Train is an MSP Accredited Training Organization. Where relied upon, consent must be freely given, specific, informed, and unambiguous.
Appointment of a Data Protection Officer (DPO): AXELOS Peoplecert accredited training organisation for ITIL (IT Infrastructure Library). Public authorities and certain organisations conducting large-scale systematic monitoring or processing of sensitive data must appoint a DPO.
Data breach notification: AXELOS Peoplecert accredited training organisation for ITIL (IT Infrastructure Library). Notifying the relevant supervisory authority within 72 hours of becoming aware of a data breach, and informing data subjects where required.
Documentation and record-keeping: Knowledge Train is an AIPGF Accredited Training Organization. Maintain records of processing activities as evidence of compliance.
Privacy by design and by default: Knowledge Train is an AIPGF Accredited Training Organization. Integrate data protection into business processes and systems from the outset.
Transparency and privacy policy: BCS accredited training partner for Business Analysis. Clearly inform individuals about data practices via concise, accessible privacy policies.

Penalties and Enforcement WHAT YOU WILL GET

Supervisory authorities across the EU, such as national data protection regulators, are responsible for GDPR enforcement. Non-compliance can result in significant administrative fines: Our courses and workshops include:

Type of Breach Certification exam(s) where applicable	Maximum Penalty Accredited training course materials
Standard breaches Expert, experienced trainers to support you	Up to EUR 10 million or 2% of annual global turnover (whichever is higher) Course manual where applicable.
Severe breaches	Up to EUR 20 million or 4% of annual global turnover (whichever is higher)SELF-PACED ONLINE TRAINING COURSES

In addition to fines, organisations may face legal actions, reputational damage, and mandatory changes to data processing practices. Examples of enforcement include penalties for insufficient consent mechanisms and failing to report breaches on time.Self-paced online training courses (e-learning) include:

Checklist: Steps for GDPR ComplianceCertification exam(s) where applicable

Identify if GDPR applies to your organisation’s personal data processing activities.Accredited training course materials
Ensure a clear lawful basis exists for each processing activity.Support from expert, experienced trainers
Update privacy policies to reflect GDPR requirements.Latest educational technology.
Review consent mechanisms for clarity and observability.
Appoint a Data Protection Officer if required.BUSINESS SOLUTIONS
Maintain up-to-date records of processing activities (Article 30 records).
Implement ‘privacy by design and by default’ into your systems and processes.
Prepare protocols for data breach detection, reporting, and investigation.TO HELP ORGANISATIONS IMPROVE
Train staff on GDPR requirements and data handling best practices.We offer solutions to help improve team performance including:
Assess cross-border data transfers and ensure appropriate safeguards are in place when transferring data to a third country.Consultancy services

Commonly Used GDPR AbbreviationsStaff development

Compliance training	Apprenticeship training
Custom e-Learning development
	Find out more

	European Union
UK GDPR	UK’s version of the GDPR post-Brexit CONTACT US

Global Reach and International Implications

GDPR’s extraterritorial provisions mean that organisations outside the EU must comply if they offer goods or services to EEA residents or monitor their behaviour. Special rules apply to international data transfers to countries outside the EEA (third countries), including use of standard contractual clauses or adequacy decisions by the European Commission.

The UK GDPR mirrors the EU GDPR but is tailored to the domestic context post-Brexit. Organisations may need to comply with both UK and EU regulations if operating across these jurisdictions.

FAQs

Who does GDPR apply to? Email

GDPR applies to any organisation processing the personal data of individuals (data subjects) within the European Economic Area, regardless of where the organisation is established. It also covers data controllers and data processors outside the EEA if they offer goods or services to EEA residents or monitor their behaviour.

What are the main penalties for non-compliance with GDPR?

Penalties for non-compliance can reach up to EUR 20 million or 4 percent of annual global turnover, whichever is higher. Lower tier breaches incur up to EUR 10 million or 2 percent of turnover. Authorities may also impose corrective measures or require operational changes. Phone

What types of data does GDPR protect?

GDPR protects ‘personal data’ — any information relating to an identified or identifiable natural person. This includes names, identification numbers, location data, online identifiers, and factors specific to an individual’s identity.

What must organisations do in the event of a data breach? How can we help?

Organisations must assess the breach, notify the relevant regulatory authority within 72 hours if there’s a risk to the rights and freedoms of individuals, and inform affected data subjects without undue delay when required. Detailed records of the breach must be maintained.

What is the difference between a data controller and a data processor?

A data controller determines the purposes and means of processing personal data, whereas a data processor acts on behalf of, and only under the instructions of, the data controller. Submit

How can organisations demonstrate GDPR compliance?

By implementing appropriate technical and organisational measures, maintaining documentation, training staff, performing data protection impact assessments, and cooperating with supervisory authorities when required.

How does GDPR affect organisations outside the EU?OUR VALUES

Organisations outside the EU must comply with GDPR if they process EEA residents’ personal data for offering goods or services, or for monitoring behaviour. This often requires appointing an EU representative and meeting cross-border data transfer requirements.Our 6 core values are everything we do. They include:

Request a quote

[email protected] +44 (0)207 148 5985

Courses

PROJECT MANAGEMENT

PRINCE2®Foundation

Learn the fundamentals of the PRINCE2 method.

Cyber Security Awareness in Organisations

What is cybersecurity? Types, threats and best practices

5 reasons to study ITIL Foundation online

Slovakia BCS AI

SloveniaFoundation

ITIL v4 certificationSwedenAI Project Governance Framework (AIPGF)

Simon BuehringHomeLearn the fundamentals of the governance framework.

30 Apr 2026AgilePractitioner

Agile Project ManagementIncludes Foundation & Practitioner combined option.Discover the ITIL v4 certification scheme and the paths available. View our infographic for an easy understanding of the certification levels.Agile Project Management CourseWorkshops

MOSCoW prioritisationAI in Project Management

Learn how to use AI tools in everyday project work.

{"@context":"http://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.knowledgetrain.co.uk/"},{"@type":"ListItem","position":2,"name":"Agile","item":"https://www.knowledgetrain.co.uk/agile"},{"@type":"ListItem","position":3,"name":"Agile Project Management","item":"https://www.knowledgetrain.co.uk/agile/agile-project-management"},{"@type":"ListItem","position":4,"name":"Agile Project Management Course","item":"https://www.knowledgetrain.co.uk/agile/agile-project-management/agile-project-management-course"},{"@type":"ListItem","position":5,"name":"MOSCoW prioritisation","item":"https://www.knowledgetrain.co.uk/agile/agile-project-management/agile-project-management-course/moscow-prioritisation"}]}AGILE®

– Agile Project Management

Learn the key principles of Agile Project Management.

Includes Foundation & Practitioner combined option.

PRINCE2

® New to ITIL? This article explains the framework and certification levels, with a free ebook to get you started. Read on for your complete guide. Agile

Foundation

Learn the fundamentals of the PRINCE2 Agile method.

Practitioner Includes Foundation & Practitioner combined option. Scrum

Scrum Essentials

What is GDPR?Scrum Master

Simon BuehringScrum Product Owner

19 Feb 2026Choose Scrum Alliance or Scrum.org Product Owner training courses.

AgileBA GDPR has significantly changed data protection in the EU. Learn what it means for you and your organization by reading on.®

– Agile Business Analysis

Foundation

Learn the fundamentals of Agile Business Analysis. Practitioner 4-day course including Foundation.Copied!

Lean Six SigmaKey takeaways

Simon BuehringGain practitioner certificate in business analysis practices.What is MoSCoW prioritisation?

6 Mar 2026Requirements Engineering

Gain practitioner certificate in requirements engineering.Why should I use it?Learn about ITIL v3 and its updates over the years. Understand its continued relevance in IT service management by reading further.Business Analysis International Diploma

All 4 courses bundled into this Diploma certification package.How to use it

AgileBA

®Summary – Agile Business AnalysisIntroduction Foundation training Read this article to learn more about the MoSCoW method and how to use it.

What is MoSCoW prioritisation?Learn the fundamentals of Agile Business Analysis.

DevOps BooksM4-day course including Foundation.

Simon BuehringS®

19 Feb 2026hould PMI-PBA

CSelf-paced course to prepare you for the exam (exam not included).Explore top DevOps books that cater to both beginners and seasoned professionals. Find the perfect read to advance your knowledge by scrolling down.ould Business Analysis Learning Library (BALL)™

WCHANGE MANAGEMENT