Skip to content
Step 1 /
hub The essentials

You have worked through the four rules

Nice work. Before we head to the final exam, let us refresh the essentials: what the GDPR is really about, and what the four core rules are.

group Personal data
  1. check Data minimisation
  2. check Transparency
  3. check Security
  4. check Rights of data subjects
flag Introduction

Recap of the essentials

A short refresher of what you have learned. Take it calmly, and then you are ready for the exam.

target In this module
  • check_circle The four rules in a row again
  • check_circle How personal data and the rules fit together
  • check_circle Ready for the final exam
menu_book Recap · 1 of 2

What it is all about: personal data

It all starts with personal data: every piece of information linked to an identifiable individual, whether that is a customer, employee, supplier, or third party.

category Three kinds

About people (name, address, age), related to people (purchase history, email, IP address), and special category data (health, biometric, criminal-conviction), which is extra protected.

menu_book Recap · 2 of 2

The four rules in one sentence

1 Data minimisationarrow_forward Use only data that is strictly necessary, tied to a business purpose and a valid lawful basis. 2 Transparencyarrow_forward Communicate proactively and in plain language which data you use, how, why, and for how long. 3 Securityarrow_forward Protect data with technical and organisational measures against unauthorised access, loss, or damage. 4 Rights of data subjectsarrow_forward Facilitate the rights (access, rectification, objection, erasure ...) and respond within 30 days.
quiz Practice · question 1 of 3
info Not for points, choose the correct answer to continue
"What does every processing of personal data need?"
Correct: data minimisation requires every use to have a documented business purpose and a valid lawful basis.
quiz Practice · question 2 of 3
"You want to secure your systems well. Which approach fits?"
Correct: they reinforce each other. Strong passwords and 2FA, no shared accounts, and least privilege all belong together. Security is only as strong as the weakest link.
quiz Practice · question 3 of 3
"A data subject submits a request for access. What applies?"
Correct: facilitate the rights of data subjects and respond to requests in principle within 30 days.
summarize Summary

The essentials in four points

  • bolt Personal data is all information linked to an identifiable individual; special category data is extra protected.
  • bolt Data minimisation: only what is strictly necessary, with a purpose and a lawful basis.
  • bolt Transparency: communicate proactively and clearly; Security: technical and organisational.
  • bolt Rights of data subjects: facilitate them and respond within 30 days.
workspace_premium Ready for the exam

Ready for the final exam 🎓

You know the essentials. In the final exam you test your knowledge across the whole course. Pass with at least 70% and you will receive your certificate.

lock_open 7 of 8 modules

One step left: the final exam

Complete the final exam with at least 70% and receive your personal “GDPR essentials for SMEs” certificate, in your name and with a verifiable code.

check_circle Modules 1-7 completeradio_button_unchecked Final exam ≥ 70%
workspace_premium