The EU General Data Protection Regulation (GDPR) was enforced in May 2018. It affects all organisations and businesses anywhere in the world, that process the personal data of EU citizens.The GDPR headlines are all about the fines up to 20 million or 4% of global turnover. Fortunately, the supervisory authorities aim to encourage organisations and businesses to apply sound data protection principles. Thats what this GPDR in a nutshell course is all about. It explains the rationale for data protection regulation and provides an overview of the GDPR. It outlines the six data protection principles and theaccountability principle. It explains the new and enhanced data subjects rights. Significant compliance issues, such as subject access requests, the impact on direct marketing and personal data breach reporting are considered. This is an introductory, GPDR staff awareness course. It concentrates on the compliance issues and concerns faced by small businesses and organisations. Course content and overview This GDPR awareness training is structured around four topics GDPR rationale and overview Principles and accountability Individual rights Applying the GDPR This course comprises of 25 lectures and around1.5 hours of lecture content. Each topic divides into several short lectures. Lectures typically last 4-10 minutes. There are practice activities andresources: i.e. content-based and scenario-based quizzes,a downloadable lecture pdf and a topic bibliography. Course topics GDPR rationale and overview This topic introduces the GDPR. The GDPRs background, key roles and definitions are outlined. The increased penalties and exemptions are described. Principles and accountability This topic introduces the six data protection principles underpinning the GDPR. The overarching accountability principle is explained. Individual rights This topic outlines the individual rights that EU citizens have under the GDPR. It also considers the business impact of serving those rights. Applying the GDPR This topic considers three challenging GDPR compliance subjects. These are: subject access requests (SARs), the impact on direct marketing and personal data breach reporting.