CEPAS Principles of GDPR

CEPAS Principles of GDPR
Enquire Now

In a society where technology is almost a second nature, data and information is constantly being shared by consumers and organisations. The aim of GDPR is to protect all EU citizens from breaches and make sure data remains private from nuisances.

GDPR is designed to replace the Data Protection Directive 1995. The Data Protection Directive was created in 1995. Life has changed immeasurably since then with consumers being online at almost all times, and more places for customers to input their details and share their information for the latest deal, or to subscribe to a particular service. GDPR will place stronger responsibility on the shoulders of organisations to ensure that customer information remains protected.

GDPR Requirements

  • For data subjects to have more control over personal data that is processed automatically.
  • Companies must implement reasonable data protection measures to protect consumers’ personal data.
  • Controllers must notify a Supervisory Authority in the case of a personal data breach within 72 hours of learning of the breach, providing specific details about the breach.
  • Companies must perform Data Protection Impact Assessments to identify risks to consumer data.
  • Some companies must hire a Data Protection Officer who will serve to advise companies about compliance.

What does GDPR mean for my company?

The biggest change to data privacy comes with the extended jurisdiction of GDPR. It applies to all companies processing the personal data of subjects residing in the European Union, regardless of a company’s location.

Due to many high-profile court cases, GDPR’s applications have been made clear – it will apply to the processing of personal data anywhere in the EU or data that has come from the EU, regardless of whether the act of processing takes place in the EU or not.

Offering goods or services to EU citizens (irrespective of whether payment is required) or processing personal data of subjects in the EU by a controller or processes not established in the EU means non-EU businesses must appoint a representative in the EU.

GDPR Penalties

Organisations in breach of GDPR can be fined up to 4% of their annual global turnover or €20million (whichever is greater). There is a tiered approach to fines, e.g. a company can be fined 2% of their annual global turnover for not having their records in order.


This course is delivered through a mobile application (the online course will be available from June 2018) and will play a vital role in your GDPR compliance through giving your staff awareness and education. Directors are made personally liable for any breaches under GDPR, so deploying this course across your organisation can help towards avoiding fines, and a blemish against your name which can lead to a loss of customers and a tarnished reputation.

Courses modules include:

  • What is GDPR?
  • Types of Data Covered
  • Rights of Data Subjects
  • Subject Access Requests
  • Legal Basis for Processing Personal Data
  • Consent Management
  • Accountability
  • Data Protection Officers
  • Data Protection by Design
  • Data Protection Impact Assessments
  • Breach
  • Liability
  • Costs of Non-Compliance
  • International

Once the course has been completed, whoever has been studying will take a short, 30-minute test, during which they will need to answer 20 multiple-choice questions to ensure the knowledge developed throughout the course has been retained.


  • A cost-effective solution to ensure all staff are following GDPR.
  • The course can be deployed for existing employees or as part of an induction process for new hires.
  • Delivered through our mobile platform so that you incur no technology, course attendance or integration costs.
Course Code
Online Course
Course Access
1 Year
Exams Included
1 gigahertz (GHz)
2 GB
Operating Systems
Windows 7
Windows 8
Windows 10
Mac OS
Internet Explorer 10 or above
Google Chrome
Safari 7 or above
Mozilla Firefox
Windows, Mac, iPhone