GDPR: Expanded

Provides an overview of the GDPR plus topic-focused webinars.

Questions? Contact Us
Scroll Down Arrow


About this Course

This independent learner course helps individuals determine the broad reach of the GDPR, review how and when the regulation may apply, and examine a framework for compliance with the GDPR.

This course is comprised of all the modules in the GDPR for Research and Higher Ed course plus topic-focused webinars. The additional webinars review the GDPR and how the regulation affects research in the U.S., when the GDPR might be applicable to research with human subjects, and what researchers should do for compliance with the GDPR.  Additionally, the webinars distinguish potential areas of noncompliance in higher education and strategies to mitigate risk when activities involve personal data.

Language Availability: English

Suggested Audiences: Compliance Officers and Departments, Contract Research Organizations (CROs), Contracts and Grants Officers, Higher Education Organizational Administrators, HRPPs, Institutional Officials, IRB Members and Administrators, Privacy Officers, Regulatory Affairs, Researchers, Risk Management Officers, Sponsors

Organizational Subscription Price: For independent learners only - See GDPR for Research and Higher Ed
Independent Learner Price: $149 per person

Demo Instructions


Course Content

GDPR Overview

This first module serves as the foundational module for the course. It discusses the important elements of the regulation, including different categories of data and regulatory roles, and when the GDPR may apply to U.S.-based organizations and researchers. Introduces important GDPR concepts such as lawful grounds for processing data and legal bases, governance requirements, individual rights, and breach notification.

Recommended Use: Required
ID (Language): 20030 (English)
Author(s): Cindy Gates, JD, RN, CIP - University of Miami

GDPR and Human Subjects Research Considerations

This topic-focused module covers scientific research and the GDPR, including researcher responsibilities as data controllers and processors. Examines when the regulation may apply to U.S.-based research, identifies potential lawful bases for processing and transferring data for research, as well as additional elements of consent required by the GDPR. Discusses GDPR issues with secondary research and using sensitive categories of personal data.

Recommended Use: Supplemental
ID (Language): 20031 (English)
Author(s): Rubi Linares-Orozco, MAS, CIP, CCRP, CHC - City of Hope; Elizabeth Peterson, JD, CIPM - Delta Dental of Washington

Legal Basis for Processing Personal Data Subject to the GDPR

This supplemental module explores the legal basis requirement from the GDPR and the limitations on an organization's ability to process personal data. Reviews categories of personal data under the GDPR, potential safeguards for processing, and documentation practices to demonstrate compliance.

Recommended Use: Supplemental
ID (Language): 20032 (English)
Author(s): Cindy Gates, JD, RN, CIP - University of Miami

GDPR and Data Protection Impact Assessments

This module delves into the steps for conducting a data protection impact assessment (DPIA) according to the GDPR. Reviews the concept of privacy by design (PbD), discusses the roles and responsibilities of controllers, processors, and data protection officers (DPOs) for compliance with the regulation.

Recommended Use: Supplemental
ID (Language): 20033 (English)
Author(s): Cindy Gates, JD, RN, CIP - University of Miami

GDPR and Consent for Data Processing in Research

This in-depth module describes consent for data processing per the GDPR—where consent is both a legal basis (Article 6)(1)(a)) for the prohibition on processing personal data and an exemption (Article 9(1)(a)) for processing sensitive personal data (in other words, special categories of personal data). Differentiates between informed consent to participate in research and consent for processing personal data. Considers limitations when consent is used as a legal basis for processing.

Recommended Use: Supplemental
ID (Language): 20034 (English)
Author(s): Sara Stevenson, MPA - College of Charleston

GDPR and Organizational Responsibilities

This module goes beyond the basic overview and reviews the organizational duties of controllers and processors under the GDPR, including obligations to maintain a record or processing activities, notify data subjects and regulators of a breach, and conduct a data protection impact assessment. Discusses the appointment and role of a data protection officer (DPO) and a representative in the EU, when applicable.

Recommended Use: Supplemental
ID (Language): 20035 (English)
Author(s): David Babaian, JD, LLM, CIP, RAC - Advarra Consulting

Introduction to the GDPR for U.S. Higher Education Organizations: Beyond Research

This module discusses how the GDPR relates to U.S. organizations of higher education. Reviews the regulation’s basic elements, identifies higher ed activities that fall under the GDPR’s scope, and reviews special categories of data and provides examples of how an organization may process the data using different legal bases. Overviews subject rights under GDPR.

Note: Organizations may elect to provide this module as standalone in courses when individuals not involved in research but who work in university areas would benefit from a review of higher education concerns.

Recommended Use: Supplemental
ID (Language): 20036 (English)
Author(s): Ann Kristin Glenster, BFA, MFA, MEGA, LLM - University of Cambridge


Additional Modules of Interest

Webinar - GDPR & Human Subject Research in the U.S.

Presented by: Cynthia Gates, JD, RN, CIP, CCRP - University of Miami

This webinar reviews the European Union’s (EU) General Data Protection Regulation (GDPR) and how the regulation affects research in the U.S. It discusses the effective date, noncompliance penalties, and applicability of the regulation. Additionally, the webinar identifies when GDPR may apply to human subjects research, what researchers and organizations should do to be compliant, and where to go for further information. This webinar was presented on 5 December 2018.

Recommended Use: Supplemental
ID (Language): 19374 (English)

Webinar - GDPR: Top Noncompliance Risks and Mitigation Strategies

Presented by: Ann Kristin Glenster, LLM, LLM, MEGA, MFA, BFA - University of Cambridge

Learning Objectives:

  • Review how the GDPR relates to higher ed and research.
  • Identify higher ed and research activities that may pose a risk to GDPR compliance.
  • Identify and devise strategies to mitigate those risks.

Recommended Use: Supplemental
ID (Language): 20430 (English)