The General Data Protection Regulation (GDPR) protects the privacy rights of individuals in the European Economic Area (EEA), including all European Union Member States and the three other countries that participate in the European Free Trade Association. Its broad reach means it applies to organizations and individuals in and out of the EU.
We offer two versions of our GDPR content:
- GDPR for Research and Higher Ed
- GDPR: Expanded, which contains all of the modules from the GDPR for Research and Higher Ed course plus webinars on advanced GDPR topics.
Our content helps individuals gain awareness of the GDPR, understand when and how it may apply, and provide a framework for compliance with essential parts of the regulation. Case studies and examples are interwoven in the modules to explain concepts and applicability.
An overview of the regulation, which discusses the essential elements of the GDPR, establishes the foundation for the courses. This overview includes different categories of data and regulatory roles and when the GDPR may apply to U.S.-based organizations and researchers.
Then additional modules provide in-depth coverage on topical areas, including:
- GDPR and Human Subjects Research Considerations
- Legal Basis for Processing Personal Data Subject to the GDPR
- GDPR and Data Protection Impact Assessments
- GDPR and Consent for Data Processing in Research
- GDPR and Organizational Duties
- Introduction to the GDPR for U.S. Higher Education Organizations: Beyond Research
The GDPR courses are designed to have all learners complete the first module, and then the additional topic-focused modules as applicable.
The Introduction to the GDPR for U.S. Higher Education Organizations module can be taken on its own.
The GDPR: Expanded course is available for independent learners. It brings together the content from our GDPR for Research and Higher Ed course and complements it with two of our most popular webinars on GDPR.
Note: Organizations that subscribe to our GDPR webinars (or our All Access Webinar Package) may add the GDPR webinars to any of their courses.
Language Availability: English
Suggested Audiences: Compliance Officers and Departments, Contract Research Organizations (CROs), Contracts and Grants Officers, Higher Education Organizational Administrators, HRPPs, Institutional Officials, IRB Members and Administrators, Privacy Officers, Regulatory Affairs, Researchers, Risk Management Officers, Sponsors
Who should take the GDPR course?
This course is designed for individuals who control or process data that may be subject to the GDPR.
How does this GDPR course fit in with other CITI Program courses?
This course supplements other CITI Program courses and provides specific training related to the regulation.
How long does it take to complete the GDPR course?
This course consists of seven modules which can be set as “required” or “supplemental.” Each module contains detailed content and quiz as well as images and case studies (when appropriate).
Modules vary in length, and learners may require different amounts of time to complete them based on their familiarity and knowledge of the topic. However, modules are each designed to take about 30 to 45 minutes to complete.
Is this course eligible for continuing medical education credits?
This course is currently not eligible for continuing medical education credits.
How frequently should learners take this course?
This course is designed to help individuals understand the GDPR. There is no set schedule for completing this course.
It may be helpful for learners to take this course when they interact (manage, control, process, collect) with data that may be subject to the GDPR so that they have awareness and can remain in compliance with the GDPR.
What are the standard recommendations for learner groups?
A recommendation is to set the first (GDPR Overview) module as “required” and the other modules as “supplemental” for initial completion. This would help learners to understand the entire GDPR.
The Introduction to the GDPR for U.S. Higher Education Organizations: Beyond Research is designed to be a standalone module for the higher ed audience. The recommendation would be to set this module as “required” for higher ed learners and not have them complete the other modules in the course.
What are the advantages of CITI Program’s GDPR course?
This course provides specific, peer-reviewed training developed by a range of experts in GDPR. Along with CITI Program's advantages, including our experience, customization options, cost effectiveness, and focus on organizational and learner needs, this makes it an excellent choice for GDPR training.
What is the GDPR: Expanded course for Independent Learners?
This course is only available for independent learners. GDPR: Expanded includes the entire GDPR for Research and Higher Ed course plus additional GDPR topic-focused webinars. It is meant to provide an additional course option that meets the unique needs of independent learners.
Can learner groups include components from HSR and other subjects?
Yes, like all CITI Program educational materials, the modules that make up HSR can be customized to meet the specific needs of your organization. This includes selecting modules from other CITI Program subjects (for example, Responsible Conduct of Research, Information Privacy and Security, Undue Foreign Influence, and Good Clinical Practice), when creating a learner group. Additional subscription charges may apply.
Will I be notified if this course is significantly revised or updated?
Yes, CITI Program will notify administrators via email and post news articles on our website when courses are significantly revised or updated.