About this template
GDPR training is most effective when it teaches a short routine that everyone in the company can use, not just the legal team. This template gives HR, legal, security, and operations teams a polished privacy course built around what personal data is, why a lawful basis matters, and the Collect, Use, Protect routine for everyday work.
The structure follows the principles set out in the EU General Data Protection Regulation (GDPR), explained in plain language so non-legal teams can make confident judgment calls.
Who this is for
- HR, legal, and people teams running required annual privacy training
- Security and IT teams that need a shared privacy baseline across the company
- Operations and customer-facing teams that handle personal data day to day
- Compliance leads who need an auditable, multilingual GDPR module
Best use cases
Use this template for required GDPR awareness, new-hire onboarding, refreshers after a policy update, and targeted training for teams that handle personal data often. It works especially well when companies want one consistent routine across systems instead of separate trainings for each tool.
What is inside
- A clear explanation of what personal data is, including special categories and indirect identifiers
- The Collect, Use, Protect decision routine learners can apply before any data action
- Lawful bases for processing in plain language, with realistic workplace examples
- Individual rights such as access, correction, and deletion, plus how to route a request
- Three knowledge checks covering personal data recognition, lawful basis selection, and incident reporting
Source basis
This template is informed by the EU General Data Protection Regulation (GDPR) and the guidance published by national data protection authorities. Editor notes inside the template reference the original articles so reviewers can update examples without losing the source trail.
Getting started
Preview the template, create your own copy, and replace the sample data flows and contact details with your company's tools, DPO, and escalation paths. Keep the Collect, Use, Protect routine intact, then adapt examples, language, and quiz answers to match your environment.