• University of Groningen logo

Understanding the GDPR

Get to grips with the General Data Protection Regulation and take the first steps to ensuring that your organisation is compliant.

58,561 enrolled on this course

EU Flag with binary 0s and 1s streaming down it

Understanding the GDPR

58,561 enrolled on this course

  • 4 weeks

  • 3 hours per week

  • Digital certificate when eligible

  • Introductory level

Find out more about how to join this course

Understand what the GDPR means for you as data subject, controller or processor

On 25 May 2018, the General Data Protection Regulation (GDPR), aiming to improve data protection for individuals across the EU, became directly applicable. Now, organisations need to be compliant with the new rules and should act immediately.

By developing good knowledge of the GDPR and understanding how it affects you, you will learn about the first steps for making your organisation compliant and can immediately start taking them. You will explore data subjects’ rights, data controllers’ and processors’ obligations, and enforcement and compliance notions in the context of the Regulation.

class central badge This course has been ranked as one of the best online courses of all time by online course aggregator class central.
Download video: standard or HD

Skip to 0 minutes and 7 seconds On the 25th of May, 2018, the General Data Protection Regulation will become binding law in the European Union. It is a step forward for the EU data protection regime, to a more effective and consistent protection of personal data in the Union.

Skip to 0 minutes and 32 seconds It entails significant changes to the previous legal framework and requires persons and entities handling personal data to comply with new standards and to change their policies and practices. A possible failure to comply may lead to complex non-compliance proceedings and heavy administrative fines. It is also extremely relevant to individuals whose personal data are being processed. Individuals need adequate protection and should be aware of their rights. Privacy and data protection form a crucial part of human rights in the EU. It is therefore now more than ever necessary to stand still and examine the various aspects of this new legal instrument and its application.

Skip to 1 minute and 13 seconds Members of the Security, Technology, and e-Privacy Research Group from the University of Groningen will explain what natural and legal persons both in processing personal data should or should not do to comply with the GDPR. By closing the gap between theory and practice, you will learn the essentials of the regulation in a coherent and consistent manner from experts in the field. You will identify the main positions of the GDPR, explore rights and obligations of those involved in processing personal data, and evaluate established enforcement and compliance mechanisms. It will help you increase awareness and knowledge about the EU data protection landscape, enable you to meet your obligations, and benefit from your rights to the fullest extent.

Skip to 1 minute and 54 seconds If you’re interested, come join our course.


  • Week 1

    Introduction to data protection and the GDPR

    • General introduction

      In this activity, the course and the GDPR will be introduced to you.

    • Privacy and data protection

      We will learn about the concepts of privacy and data protection, the associated human rights and compliance with them.

    • EU legal regime on data protection

      In this activity, we will focus on the old and new legal regimes of the EU on data protection and discuss the scope of the GDPR and its applicability.

    • Basic fundamentals of the GDPR

      Together, we will examine different concepts and definitions laid down in the GDPR that are essential to understanding the new regulation and assess a number of important data protection roles.

    • Data protection principles, consent and minors

      This activity deals with six essential data protection principles, the issue of consent and minors in the context of the GDPR.

    • Conclusion

      In this activity, we will provide a conclusion of Week 1.

  • Week 2

    Rights of data subjects

    • Introduction to data subjects' rights

      In this activity, we will introduce Week 2 to you, discuss the Google case and the need for data subjects' rights.

    • Transparency and modalities

      The focus of this activity is on the general requirements for the processing of personal data introduced in the GDPR: the so-called transparency and modalities requirements.

    • Rights of access, rectification, objection and restriction of processing

      We will examine four rights that data subjects have under the GDPR. Those are the rights of access, rectification, object and restriction of processing.

    • Rights to erasure and data portability

      In this activity, we would like to address the rights to erasure and to data portability and explain the judgment of the CJEU in the Google Spain case.

    • Rights with regard to complaints, judicial remedies, automated individual decision-making, representation and compensation

      In this activity, we will deal to a spectrum of remaining data subjects rights concerning complaints, judicial remedies, automated individual decision-making, representation and compensation.

    • Restrictions of rights

      We will discuss possible ways to restrict rights of data subjects and talk about the most often used types of restriction.

    • Concluding data subjects' rights

      In this final activity, our goal is to give you a quiz on data subjects' rights testing your acquired knowledge and to conclude Week 2.

  • Week 3

    Obligations of controllers and processors

    • Who are controllers and processors?

      In this activity you will learn how the GDPR defines data controllers, joint controllers and processors before diving into their obligations and responsibilities for legal compliance.

    • Controller's obligations and responsibilities

      In this activity, you will learn what a data controller's obligations and responsibilities are and how to comply with these legal requirements.

    • Information, notification and record keeping

      Controllers need to keep records and inform supervisory authorities and data subjects of their processing activities and notify them in case of a data breach. In this activity you will learn more about this topic.

    • DPIA and DPO

      Under certain circumstances the GDPR provides that Data Protection Impact Assessments need to be carried out and Data Protection Officers need to be appointed. This activity discusses these topics.

    • Joint controllers

      When can a joint controller act in data processing under the GDPR and what are the legal obligations? This activity discusses more on this topic.

    • Processor's obligations and responsibilities

      In the following steps, you will learn the GDPR obligations of data processors and how they might be similar to and different from the obligations of data controllers, taking into account their different data processing roles.

    • Summary and concluding remarks

      Week 3 summary and concluding remarks.

  • Week 4

    GDPR enforcement and compliance

    • Responsibilities, liabilities and penalties

      In the following steps you will learn a number of mechanisms that the GDPR provides to ensure the fair and lawful processing of personal data as well as the consequences for data controllers and processors in case of infringement.

    • Data protection supervisory authorities

      In the following steps, you will learn about the legal status, tasks and powers of national data protection supervisory authorities as well as on the European Data Protection Board and their role in enforcing the GDPR.

    • Codes of conducts, certification mechanisms and binding corporate rules

      In the following steps a number of tools for facilitating the operation of data controllers and processors while bringing it in line with the GDPR are presented.

    • Data transfers and processing outside the EU

      In the following steps you will learn about the GDPR requirements for lawful data transfers and processing outside the territory of the EU.

    • Liabilities, responsibilities and penalties

      In the following steps you will learn about the liabilities, responsibilities and penalties of data controllers and processors in case they do not comply with the GDPR provisions.

    • Conclusion

      Is this the end of our course? Of course, not. It is the end of the beginning at most. Now, we should recap what we have discussed and leave it to you to apply this knowledge in practice.

When would you like to start?

Start straight away and join a global classroom of learners. If the course hasn’t started yet you’ll see the future date listed below.

  • Available now

Learning on this course

On every step of the course you can meet other learners, share your ideas and join in with active discussions in the comments.

What will you achieve?

By the end of the course, you‘ll be able to...

  • Identify the main positions of the GDPR, including key concepts, principles and data protection roles.
  • Explore rights of data subjects and their relevance in daily life.
  • Investigate obligations of data controllers and processors and related steps that need to be taken for complying with the GDPR.
  • Evaluate enforcement and compliance mechanisms and international data transfers under the GDPR.

Who is the course for?

The course is specifically developed for professionals working for companies, public authorities and bodies, students, and anyone who wishes to know more about data protection and the GDPR, especially those handling personal data.

What do people say about this course?

"Thank you. The course was very informative and structured well. It made sense of the legal GDPR document and walked us through the different aspects of GDPR."

"This course has given me a broad overview of the GDPR and helped me understand better the duties and responsibilities of data controllers and data processors. It has also given me a better understanding of my rights as a data subject. Thank you to all at the University of Groningen for creating this easy-to-follow online course."

Who will you learn with?

Assistant professor at the Section IT law and research fellow at STeP, carrying out various types of research in the fields of privacy, data protection and biometrics.

Assistant professor in European Technology law and Human Rights at Groningen University.

Research fellow EU projects/ PhD researcher at the University of Groningen working on privacy issues, in particular in healthcare.

As a Chinese scholar, Dr. Bo Zhao was a senior research fellow at STeP (University of Groningen) before his joining the Tilburg Institute for Law, Technology and Society in Oct. 2017.

Who developed the course?

University of Groningen

The University of Groningen is a research university with a global outlook, deeply rooted in Groningen, in the north of the Netherlands.

Ways to learn

Buy this course

Subscribe & save

Limited access

Choose the best way to learn for you!

$134/one-off payment

$349.99 for one year

Automatically renews


Fulfill your current learning needDevelop skills to further your careerSample the course materials
Access to this courseticktick

Access expires 10 Jul 2024

Access to 1,000+ coursescrosstickcross
Learn at your own paceticktickcross
Discuss your learning in commentstickticktick
Tests to check your learningticktickcross
Certificate when you're eligiblePrinted and digitalDigital onlycross
Continue & Upgrade

Cancel for free anytime

Ways to learn

Choose the best way to learn for you!

Subscribe & save

$349.99 for one year

Automatically renews

Develop skills to further your career

  • Access to this course
  • Access to 1,000+ courses
  • Learn at your own pace
  • Discuss your learning in comments
  • Tests to boost your learning
  • Digital certificate when you're eligible

Cancel for free anytime

Buy this course

$134/one-off payment

Fulfill your current learning need

  • Access to this course
  • Learn at your own pace
  • Discuss your learning in comments
  • Tests to boost your learning
  • Printed and digital certificate when you’re eligible

Limited access


Sample the course materials

  • Access expires 10 Jul 2024

Find out more about certificates, Unlimited or buying a course (Upgrades)

Learning on FutureLearn

Your learning, your rules

  • Courses are split into weeks, activities, and steps to help you keep track of your learning
  • Learn through a mix of bite-sized videos, long- and short-form articles, audio, and practical activities
  • Stay motivated by using the Progress page to keep track of your step completion and assessment scores

Join a global classroom

  • Experience the power of social learning, and get inspired by an international network of learners
  • Share ideas with your peers and course educators on every step of the course
  • Join the conversation by reading, @ing, liking, bookmarking, and replying to comments from others

Map your progress

  • As you work through the course, use notifications and the Progress page to guide your learning
  • Whenever you’re ready, mark each step as complete, you’re in control
  • Complete 90% of course steps and all of the assessments to earn your certificate

Want to know more about learning on FutureLearn? Using FutureLearn

Learner reviews

Learner reviews cannot be loaded due to your cookie settings. Please and refresh the page to view this content.

Get a taste of this course

Find out what this course is like by previewing some of the course steps before you join:

Do you know someone who'd love this course? Tell them about it...

You can use the hashtag #FLdataprotection to talk about this course on social media.