What is GDPR?

With the Global Data Protection Regulation (GDPR) fully in effect, organizations are transitioning from initial to ongoing compliance efforts. As many businesses have found, the EU’s “data protection laws are national but in the online environment, data does not respect borders.”(1) GDPR applies to any organization that conducts targeted business research, or monitoring operations within the European Union and collects, stores, processes or transmits personal data of data subjects. Personal data may be classified as sensitive, pseudonymous, anonymized, genetic, and/or biometric – all are covered under the Regulation. There is a strong focus not only on the data, but also on the specific purposes for the secure and transparent processing of data with the consent of the data subject. 

The GDPR greatly expands the rights and protections granted to data subjects in the European Union with regards to privacy control over any personal information. It does this by unifying and strengthening all previous data protection laws from EU member countries. In addition to setting policies and frameworks for all personal data handling, GDPR requirements state that organizations must obtain consent for any processing of personal data. This applies to both customer data AND employee data, thus affecting multiple aspects of any business.

Is GDPR Training Required for Compliance?

GDPR compliance training for employees plays a crucial role in ensuring that companies meet and maintain compliance with GDPR requirements. Although the GDPR legislation does not specify details about training requirements, there is a clear expectation that training is a responsibility of the Data Protection Officer (Article 39) or any organization subject to Binding Corporate Rule (Article 47), and of the European Data Protection Board (Article 70). GDPR requires “the appropriate data protection training to personnel having permanent or regular access to personal data.” (Article 47). (2) Compliance with the Regulation hinges on an organization’s members understanding of what is personal information (and what isn’t).

It is true that some of the GDPR requirements can be met with technological solutions, but GDPR compliance should be a business project, not just an IT or security project. When a company interfaces with data subjects within the EU, every employee shares responsibility for protecting the personal information. In addition, since GDPR compliance also encompasses employee data, virtually all departments of international organizations play a role in meeting the data privacy requirements. This means that most employees in your organization require training on how to properly handle personal data.

GLS’ General Data Protection Regulation (GDPR) 7101

GDPR compliance training from GLS focuses on this shared responsibility and teaches learners to:

  • Articulate the purpose of GDPR
  • Define personal data and sensitive personal data under GDPR
  • Explain key processes needed to protect personal data, including consent requirement and breach reporting
  • Describe the responsibilities of an individual within the organization under GDPR

GLS’s General Data Protection Regulation (GDPR) 7101 translates the broad statements of the GDPR legislation into everyday vernacular and pairs it with common scenarios that demonstrate how to apply the regulations in your employee’s daily work. In conjunction with demonstrating the daily application of the regulations, this course also takes a two-path approach to GDPR training for employees, allowing them to choose a traditional or game-based path through the same content. 


Gamification increases learners’ motivation to take and complete the GDPR training, while also boosting their retention of the material. Learners who have completed gamified courses also score higher on knowledge assessments than those who took a more traditional learning route. Adding gamification to GDPR compliance training increases the likelihood that learners will understand the material and internalize the critical nature of following GDPR requirements. This particular game increases GDPR awareness by using scenarios to demonstrate GDPR concepts, and presents them via an electronic version of a traditional game board. Each stop on the game board presents specific information and a regulatory problem to solve to help learners apply the relevant GDPR regulations. 

Traditional eLearning

On the other hand, some people feel that a gaming approach makes light of serious content and is not professional. For this audience, the course also offers a traditional approach to presenting the same content. Learners may choose to complete the GDPR training via a traditional text-based eLearning interface with comprehension questions interspersed throughout the course and a final test of 10 multiple choice questions. This version also meets GDPR training requirements and provides employees all relevant information.

Global Learning Systems offers an engaging and informative eLearning course that provides employees with the critical knowledge necessary for GDPR compliance. Whether you choose a gamified or non-gamified version, learners are encouraged to analyze data-handling situations and make secure choices in accordance with GDPR guidelines.

Duration: 25 minutes


1 Eurpoean Data Protection Supervisor (2019). Data Protection. Retrieved from https://edps.europa.eu/data-protection/data-protection_en

2 Council of the European Union. (2016, April 6) EU General Data Protection Regulation. Retrieved from http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf


gdpr training for employees
  • Compliance

  • Courseware