What's the difference between UK GDPR and EU GDPR?

After Brexit, the UK retained the GDPR framework with minor modifications via the Data Protection Act 2018 — collectively known as UK GDPR. Functionally near-identical to EU GDPR for most workforce-training purposes. Differences include: ICO replaces the EU one-stop-shop, IDTA replaces SCCs for UK transfers, the UK Data Protection and Digital Information Bill (in passage) may further diverge. Our curriculum flags the differences clearly.

Do you cover the upcoming UK Data Protection and Digital Information Bill?

Yes — we track the bill's passage and update the curriculum as it progresses. Major changes (e.g. relaxed cookie consent for analytics, ICO restructure, accountability simplifications) will be reflected in the annual refresher cycle, included in multi-year terms.

Do you cover EU member state specifics?

Yes — we cover key member-state-specific rules where relevant: BDSG (Germany), CNIL guidance (France), AEPD (Spain), Garante (Italy), DPC (Ireland), AZOP (Croatia), and others. The base curriculum is GDPR-uniform with member-state overlays where the supervisor diverges materially.

How is this different from your '/en/training/gdpr' page?

The data protection page is the UK-flavoured + multi-jurisdiction synonym hub — it's the page UK buyers searching 'data protection training' or 'data privacy training' land on. The /en/training/gdpr page is the same underlying curriculum with EU-first framing. Same product, two SEO destinations.

How long does a typical enterprise rollout take?

Most rollouts are live for the workforce within 5 business days of contract signature. Multi-jurisdiction rollouts (UK + EU + global operations) typically take 7–10 business days due to per-jurisdiction tailoring.

How does pricing work for a team of 500 employees?

Enterprise pricing is volume-based with discount tiers at 25, 50, 100, 250, and 500+ seats. A 500-seat rollout typically lands 35–40% below list price. Multi-year terms unlock further discounts and include the annual refresher cycle plus content updates.

Can we add custom modules — e.g. our privacy policy?

Yes. We routinely add policy attestations and custom modules: privacy policies, ROPAs, breach response procedures, DSAR handling playbooks, retention schedules, vendor onboarding briefings. Your CSM scopes the additions during onboarding.

Do you offer single sign-on and SCIM?

Yes — SAML 2.0, OIDC, and SCIM provisioning are included on enterprise plans. New joiners are auto-enrolled into the right modules based on department; leavers are de-provisioned automatically.

Can we white-label certificates and learner emails?

Yes — your logo is added to certificates and learner-facing emails on every enterprise plan. Single-tenant white-label and custom domain are available on request.

Data Protection & Privacy Training

Done-for-you data protection training for your whole workforce

We deliver mandatory UK GDPR, EU GDPR, and broader data privacy training across your workforce — Data Protection Act 2018, ICO guidance, lawful basis, data subject rights, and breach response. Managed rollout, audit-ready evidence accepted by the ICO, EU supervisors, and customer due-diligence reviewers. Live for your team in under a week.

Get a Team Quote Browse the Course Catalog

100,000+ professionals trained
ICO + EU supervisor audit-ready
Live for your team in 5 business days

admin.compliquest.com / data-protection / training

Data Protection Programme · Q2 2026

Training completion overview

● LIVE

847

Enrolled

92%

Completed

4.8★

Rating

Overdue

All Employees

100%

HR & People Ops

96%

Marketing & Sales

88%

IT & Security

74%

Audit-ready

Article 39 met

Records signed & timestamped

Certificate Issued

847 employees

4-WEEK ROLLOUT

Programmes running at

RocheCoca-ColaSamsungHuaweiMicrosoftJPMorgan ChaseVolkswagenShellNestléSiemensBMWUnileverAXALufthansaPfizerAdidasRocheCoca-ColaSamsungHuaweiMicrosoftJPMorgan ChaseVolkswagenShellNestléSiemensBMWUnileverAXALufthansaPfizerAdidas

// why teams choose us

Why data protection training is mandatory — not optional

The UK GDPR (incorporating the EU GDPR into UK law via the Data Protection Act 2018) and the EU GDPR both make data protection accountability a controller obligation. The ICO's Accountability Framework explicitly lists 'adequate, regular and refreshed' staff training as a documented control. ICO investigations and EU supervisory authority decisions consistently cite inadequate training as an aggravating factor. Customer audits, ISO 27001 certifications, SOC 2 reviews, and procurement due-diligence reviews all require evidence of staff training.

ICO Accountability Framework — adequate, regular, refreshed staff training is a documented control

UK GDPR / DPA 2018 — controllers must demonstrate compliance under Article 5(2) accountability

EU GDPR Article 39(1)(b) — DPO is responsible for staff training; supervisors expect documented evidence

Customer audits, ISO 27001 (A.6.3), and SOC 2 reviews routinely require training evidence

02 — Curriculum

Role-based
by default.

Different roles face different risks. Training tailored to job responsibilities.

01
All Employees
All Employees
02
HR & People Ops
HR & People Ops
03
Marketing & Sales
Marketing & Sales
04
IT & Security
IT & Security
05
DPO & Privacy Office
DPO & Privacy Office
06
Vendor & Procurement
Vendor & Procurement

03 — Process

From kickoff to fully trained in under four weeks.

weeks avg.

92%

completion

01Step
Week 1 · Discovery
Scope your risk
A 60-min working session with a specialist. We map your obligations, current training gaps, and regulator priorities in your jurisdiction.
- Compliance scan
- Regulator review
- Role-based gap analysis
02Step
Week 2–3 · Build
Tailor & integrate
Your processes, contacts, and policies go into the modules. We brand the LMS, wire SSO, and connect HRIS so enrolment is automatic.
- Custom scenarios
- White-label LMS
- HRIS / SSO sync
03Step
Week 4+ · Operate
Deploy & evidence
Roll out to all staff. Automated nudges hit non-completers. Manager dashboards in real time. Audit-ready records when regulators ask.
- Automated nudges
- Real-time dashboards
- Evidence pack

Ready to scope your programme?

Book a 30-min discovery call — no slides, no pitch, just specifics.

// platform & delivery

What every enterprise rollout includes

Managed rollout in 5 business days

Dedicated customer success manager handles enrolment, role mapping, kickoff communications, and reminder cadence.

ICO + EU audit-ready evidence

Dated certificates per learner, exportable completion logs, and role-mapped curriculum records that meet ICO Accountability Framework expectations and EU supervisor documentation requirements.

Manager dashboard & reporting

Track completion across teams, jurisdictions, and entities. Export evidence packages for ICO investigations, EU supervisor queries, and customer due-diligence.

Single sign-on (SSO) & SCIM

SAML 2.0, OIDC, and SCIM provisioning. New joiners enrolled automatically. Leavers de-provisioned. Zero admin overhead.

Annual refresher cycle built-in

Multi-year licensing rolls learners forward each year with content updates as the ICO, EDPB, and member-state supervisors release guidance and the UK Data Protection and Digital Information Bill progresses.

Custom modules & policy attestations

Your logo on certificates, co-branded learner emails, and the option to attach your privacy policy, ROPA, breach response procedure, or DSAR handling playbook to any module.

// from a customer

We have UK and EU operations and our DPO needed evidence of consistent training across both. The single rollout covered UK GDPR for our London office and EU GDPR for our Munich and Paris teams — same dashboard, jurisdiction-aware reports, ICO-ready and BfDI-ready in one package.

Group DPO, Siemens

Industrial — 1,800+ employees trained across UK + EU

★★★★★

// by the numbers

£17.5M

or 4% of global turnover

£35M+

in ICO fines in 2024

Annual

training is the ICO's expectation

// frequently asked

Common questions.

Don't see your question? Send us a note — we usually reply same day.

Ask a question

Both UK GDPR (incorporating into UK law via the Data Protection Act 2018) and EU GDPR make accountability a controller obligation under Article 5(2). The ICO's Accountability Framework explicitly lists 'adequate, regular and refreshed' staff training as a documented control. EU GDPR Article 39(1)(b) makes the DPO responsible for staff training. In practice, mandatory for any organisation processing personal data.

Related guides

Data Protection

GDPR vs UK GDPR: Key Differences, Transfer Mechanisms, and Practical Implications in 2026

Data Protection

What Is a Privacy Impact Assessment (PIA)? Complete Guide for 2026

Data Protection

GDPR Training for Employees: The Complete Guide for 2026

Ready when you are

Ready to brief us on your team rollout?

Tell us your jurisdictions (UK, EU, multi-jurisdiction), your sector, and your headcount. We'll come back with a curriculum proposal, pricing, and a rollout plan within 1 business day.

Get a Team Quote Browse the Course Catalog

// programme summary

Time to deploy

4 weeks

Audience

All staff + role tiers

Languages

12 included

Updates

Quarterly, automatic

Pricing

Done-for-you data protection training for your whole workforce

100,000+ professionals trained

ICO + EU supervisor audit-ready

Live for your team in 5 business days

What every enterprise rollout includes

Managed rollout in 5 business days

Dedicated customer success manager handles enrolment, role mapping, kickoff communications, and reminder cadence.

ICO + EU audit-ready evidence

Dated certificates per learner, exportable completion logs, and role-mapped curriculum records that meet ICO Accountability Framework expectations and EU supervisor documentation requirements.

Manager dashboard & reporting

Track completion across teams, jurisdictions, and entities. Export evidence packages for ICO investigations, EU supervisor queries, and customer due-diligence.

Single sign-on (SSO) & SCIM

SAML 2.0, OIDC, and SCIM provisioning. New joiners enrolled automatically. Leavers de-provisioned. Zero admin overhead.

Annual refresher cycle built-in

Custom modules & policy attestations

Your logo on certificates, co-branded learner emails, and the option to attach your privacy policy, ROPA, breach response procedure, or DSAR handling playbook to any module.

Common questions.

Don't see your question? Send us a note — we usually reply same day.

Ask a question

Done-for-you data protection training for your whole workforce

Why data protection training is mandatory — not optional

Role-basedby default.

From kickoff to fully trained in under four weeks.

Scope your risk

Tailor & integrate

Deploy & evidence

What every enterprise rollout includes

Managed rollout in 5 business days

ICO + EU audit-ready evidence

Manager dashboard & reporting

Single sign-on (SSO) & SCIM

Annual refresher cycle built-in

Custom modules & policy attestations

Common questions.

GDPR vs UK GDPR: Key Differences, Transfer Mechanisms, and Practical Implications in 2026

What Is a Privacy Impact Assessment (PIA)? Complete Guide for 2026

GDPR Training for Employees: The Complete Guide for 2026

Ready to brief us on your team rollout?

Done-for-you data protection training for your whole workforce

Why data protection training is mandatory — not optional

Role-basedby default.

From kickoff to fully trained in under four weeks.

Scope your risk

Tailor & integrate

Deploy & evidence

What every enterprise rollout includes

Managed rollout in 5 business days

ICO + EU audit-ready evidence

Manager dashboard & reporting

Single sign-on (SSO) & SCIM

Annual refresher cycle built-in

Custom modules & policy attestations

Common questions.

GDPR vs UK GDPR: Key Differences, Transfer Mechanisms, and Practical Implications in 2026

What Is a Privacy Impact Assessment (PIA)? Complete Guide for 2026

GDPR Training for Employees: The Complete Guide for 2026

Ready to brief us on your team rollout?

Role-based
by default.

Role-based
by default.