CALL US +1 (646) 759 9933

Please register to access the free course

Account Details


EU GDPR Foundations Course

This free online course is designed to teach you everything that needs to be done within your company to be compliant with EU GDPR. This is a beginner-level course, requiring no prior knowledge in data protection regulation.

After passing the exam, you will receive a certificate – a proof that you have a working knowledge of all the GDPR requirements.

The course is organized into 9 modules (content for each module is listed below), and each module has several video lectures and practical activities that will help you learn more quickly. At the end of each module, a practice test will help prepare you for the certification exam. All the video lectures are pre-recorded, conveniently allowing access to the course from anywhere at any time.

  • The total course duration, including the reading of required materials, is approximately 8 hours.
  • Materials provided in the course (video lectures, articles, and activity questions) include all the information you need to learn in order to pass the certification exam.
  • There is no time limit to complete the course, but once you begin, it is recommended that you finish within one week’s time.
  • The access to this course and to the practice exams is completely free; the fee for the online certification exam is 249 EUR – after you pass the exam, we’ll send you your certificate in a matter of days.
ISO training | EU GDPR Foundations Course
Course instructor: Tudor Galos
Course language: English
867 students
This course was developed by privacy specialist Punit Bhatia, CIPM, CIPP-E, COP and author of “Be Ready for GDPR,” one of the most popular books on EU GDPR. The course is presented by Tudor Galos, who brings more than 15 years’ experience in marketing compliance roles, including GDPR.

Course Curriculum

Introduction to the course
Module 1: Privacy origins and GDPR basics
Introduction and suggested reading
Short history of privacy legislation
The General Data Protection Regulation
Related frameworks
Key terms
Key roles
Top myths about GDPR
Business activities that are most impacted by GDPR
Related documentation
Practice exam
Module 2: Legitimate purposes and principles
Introduction and suggested reading
Legitimate purposes of processing personal data
GDPR principles
Understanding the principles through an example
Related documentation
Practice exam
Module 3: Transparency through Privacy Notice
Introduction and suggested reading
The basics of Privacy Notices
Requirements and contents of a Privacy Notice
Related documentation
Practice exam
Module 4: Inventory of processing activities and retention
Introduction and suggested reading
Inventory of Processing Activities – why and what?
Retention of personal data – why and what?
Fulfilling inventory and retention requirements – who and how?
Specific information required for controllers
Specific information required for processors
Related documentation
Practice exam
Module 5: Consent and Data Subject Access Requests
Introduction and suggested reading
Consent – the basics
How and when to ask for consent
Data subject rights
Basic rules for data subject access request (DSAR)
DSAR requests
DSAR exemptions and rejections
Related documentation
Practice exam
Module 6: Data Protection Impact Assessment and risk assessments
Introduction and suggested reading
What is Data Protection Impact Assessment (DPIA)?
Step 1: Listing and grouping data processing activities
Steps 2 and 3: The threshold questionnaire & determining if DPIA is needed
Step 4: Answer the Data Protection Impact Assessment questionnaire
Steps 5 and 6: Identify and list key security risks
Step 7: Recording the implementation; maintenance
Related documentation
Practice exam
Module 7: Security of personal data and privacy by design
Introduction and suggested reading
What is privacy by design?
Policies to be implemented to ensure security of personal data
Best practices to implement privacy by design policies
Related documentation
Practice exam
Module 8: Data transfers and managing third parties
Introduction and suggested reading
Introduction to data transfers
How can data transfers be enabled?
Managing third parties
Related documentation
Practice exam
Module 9: Data breaches
Introduction and suggested reading
The data breach basics
Data breach response
Data breach notifications
After a data breach
Related documentation
Practice exam
Instructions for taking the exam and obtaining the certificate

Course Reviews

  1. Course Review
    This course was great. At first, I had trepidations that I may not understand the concepts with so many new unfamiliar vocabulary words. As the course went on, I realized it was lots of common sense procedures that I have already been practicing to ensure the security of our data but now have actual labels attached to it and detailed procedures attached to it. The speaker articulated really well. There was only one place of confusion on who was responsible in sending a report. I thought it was the Data Protection Officer but it was not. I missed the question and the course did not say who was responsible for the reporting. I will take the course again to become better familiar with the terminology and understanding of the procedures.

  2. ceciles says:

    Module 5
    still going through the course (I’m finishing Module 5) and thought I would point out a typo on a couple of slides:
    – Basic rules for DSAR – data subject access rights : should be data subject access requests
    – response to be provided within 30 days… it’s response with an ‘s’ not responce with a ‘c’!
    I hope this is useful

  3. v.tsibirov says:

    legal issues of GDPR
    I would like to know more about legal side of the GDPR(who is Authorized to check compliance, how can be solved differences between, for ex.risk assessment of the DPO and Authorities representative)

  4. excellent introductionary courses
    nice short snippets of each data protection principle explained clearly with on screen text , useful examples and the animations

  5. Great course for beginners
    This is a great course to get familiar with EU GDPR. Great thing to be able to get familiar with the regulation completely free.

Frequently Asked Questions

The materials provided in the course – recorded video lectures, quizzes, reading, and other activities – are everything you need to successfully pass the exam and obtain the certificate. The best part is: they are completely free with unlimited access!

You can access the course using your PC, Mac, or mobile device, using any major browser (i.e., Chrome, Mozilla, Internet Explorer, Safari); a broadband Internet link will also be needed. And, of course, enough time to attend the course.

The course is a combination of recorded video lectures, quizzes, reading, and other activities – the course takes you through all these materials in an optimal way.

After you finish attending the course, you can go for the exam – if you finish this exam successfully, i.e., if your score is above the minimum, then you will receive the certificate. By the way, during the exam we use an online proctoring service that will ask for proof of your identity, and make sure that you have taken the exam with no external help. Click here to learn more about online proctoring.

The exam, as well as the whole course, is completely done online, from your office, your home, or any other place convenient for you. For the exam we use an online proctoring service – click here to learn more.

Well, we have to make money somehow :). We have made most of the course freely available, but to access the exam and get the certificate you’ll have to pay a fee – by the way, this fee is by far smaller than the fee for attending the classroom-type course.

None. The course was made in such a way that a beginner in this topic can easily understand it.

You can access it any time – the course is a combination of recorded video lectures, quizzes, reading, and other activities, and because all those materials are readily available, you can access them at a time that is convenient for you.

No, you can attend the course as long as you like; however, you should try to finish it in a couple of weeks because otherwise, you won’t get enough benefits out of it.



  • Exemplar Global (formerly RABQSA) is leading international
    authority in certification of training providers.

  • ITIL® is a registered trade mark of AXELOS Limited.
    Used under licence of AXELOS Limited. All rights reserved.

  • DNV GL Business Assurance is one of the leading providers of
    accredited management systems certification.