GDPR  Workshop 


Are you about to embark on your GDPR compliance journey? Are you struggling to implement your GDPR processes and reporting? Are you confused by all the GDPR “noise”? Are you afraid of getting it wrong? Would you like to know how to get it right? Then this GDPR Compliance Workshop is what you need. 

Through a mix of theory and practical exercises, participants are gently brought through a compliance case study, learning-by-doing. The case study is specifically developed to reflect typical GDPR situations faced by most businesses. 

While the case study is central to the workshop, participants are also encouraged to promote their own and listen to the other’s views. By the end of the workshop, participants will have a deeper understanding on exactly what is needed to comply with GDPR. 

Learning Objectives 

On completion of this course participants will be able to: 

  • Explain what’s needed to self-comply with GDPR
  • List the key steps required to meet compliance
  • Describe how to structure a typical compliance effort
  • Describe the contents of The GDPR College pack of template process and report documents
  • Describe how the pack can be applied to meet compliance
  • Describe the role senior management governance plays in GDPR compliance
  • Identify what personal and sensitive data is held by an organisation
  • Identify where data is held by an organisation
  • Describe what’s typically required to secure an organisations data
  • Describe how to securely destroy unnecessary data in a timely fashion
  • Determine which staff need access to an organisations data
  • Give examples of how to restrict staff data access on a “need-to-know” basis
  • Identify business risks within an organisation to its data
  • Understand how other parts of an organisation can impact GDPR
  • Ensure that all organisational data is stored using a legal basis
  • Apply the most appropriate legal basis to common organisational data
  • Understand how to deliver consumer Data Protection rights under GDPR
  • Give examples of tools and resources available to assist with GDPR compliance 

Target Audience 

The target audience for this course is mid to senior management, who are considering their business’ approach to GDPR compliance. 


Participants will have completed our GDPR Overview and Expectations course. 

To maximise the benefit from the course, participants should have a good working knowledge of their organisation, and in particular the type of data processing done within their organisation. 

Course Duration & Class Size 

This is a 4 day workshop and the maximum number of participants is 16. 

Learning Situation 

This workshop is run as an Exercise Led Training, facilitated by an Instructor, in a class room environment.

Participants are broken into teams of no more than 4. Each team collaborates and works through the exercises. Following each exercise, the exercise is discussed with the class as a whole. This exercise review encourages discussion, not only about the exercise itself, but promotes participants to raise questions and issues relating to their own organisations GDPR compliance. While the case study, and the exercises around the case study, are valuable, the real value is obtained from this follow-on discussion, where the class as a whole can consider and solve the real life GDPR challenges faced by the participants. 

Course Syllabus 

  • GDPR Recap
  • Introduce the Case Study
  • Exercise 1: Governance
  • Exercise 2: Data Captured Analysis
  • Exercise 3: Data Flow Analysis
  • Exercise 4: Information Security & Data Disposal
  • Exercise 5: Data Access
  • Exercise 6: Legal Basis
  • Exercise 7: Consumer Rights
  • Exercise 8: Training Plan
  • Exercise 9: Business Risk Analysis
  • Exercise 10: Review The GDPR College template process and reporting pack
  • Preparing for your own GDPR compliance
  • Q&A Session – Participants explore their own GDPR questions
  • Overview of Other Tools & Resources Available to Assist