GDPR for Research and Higher Education

These courses provides core training on the GDPR for research and higher ed applications.

Organizations

LEARN MORE

About these Courses

The General Data Protection Regulation (GDPR) protects the privacy rights of individuals in the European Economic Area (EEA), including all European Union Member States and the three other countries that participate in the European Free Trade Association. Its broad reach means it applies to organizations and individuals in and out of the EU.

We offer two versions of our GDPR content:

GDPR for Research and Higher Ed
GDPR: Expanded, which contains all of the modules from the GDPR for Research and Higher Ed course plus webinars on advanced GDPR topics.

Our content helps individuals gain awareness of the GDPR, understand when and how it may apply, and provide a framework for compliance with essential parts of the regulation. Case studies and examples are interwoven in the modules to explain concepts and applicability.

An overview of the regulation, which discusses the essential elements of the GDPR, establishes the foundation for the courses. This overview includes different categories of data and regulatory roles and when the GDPR may apply to U.S.-based organizations and researchers.

Then additional modules provide in-depth coverage on topical areas, including:

GDPR and Human Subjects Research Considerations
Legal Basis for Processing Personal Data Subject to the GDPR
GDPR and Data Protection Impact Assessments
GDPR and Consent for Data Processing in Research
GDPR and Organizational Duties
Introduction to the GDPR for U.S. Higher Education Organizations: Beyond Research

The GDPR courses are designed to have all learners complete the first module, and then the additional topic-focused modules as applicable.

The Introduction to the GDPR for U.S. Higher Education Organizations module can be taken on its own.

The GDPR: Expanded course is available for independent learners. It brings together the content from our GDPR for Research and Higher Ed course and complements it with two of our most popular webinars on GDPR.

Note: Organizations that subscribe to our GDPR webinars (or our All Access Webinar Package) may add the GDPR webinars to any of their courses.

Language Availability: English

Suggested Audiences: Compliance Officers and Departments, Contract Research Organizations (CROs), Contracts and Grants Officers, Higher Education Organizational Administrators, HRPPs, Institutional Officials, IRB Members and Administrators, Privacy Officers, Regulatory Affairs, Researchers, Risk Management Officers, Sponsors

Basic Courses

GDPR for Research and Higher Ed

Featured

Overview of the European Union’s (EU) General Data Protection Regulation (GDPR).

padlock on a keyboard indicating data privacy

view course

Additional Courses for Independent Learners

GDPR: Expanded

Featured

Provides an overview of the GDPR plus topic-focused webinars.

image of a file folder secured with a padlock

view course

FAQs

Who should take the GDPR course?

This course is designed for individuals who control or process data that may be subject to the GDPR.

How does this GDPR course fit in with other CITI Program courses?

This course supplements other CITI Program courses and provides specific training related to the regulation.

How long does it take to complete the GDPR course?

This course consists of seven modules which can be set as “required” or “supplemental.” Each module contains detailed content and quiz as well as images and case studies (when appropriate).

Modules vary in length, and learners may require different amounts of time to complete them based on their familiarity and knowledge of the topic. However, modules are each designed to take about 30 to 45 minutes to complete.

Is this course eligible for continuing medical education credits?

This course is currently not eligible for continuing medical education credits.

How frequently should learners take this course?

This course is designed to help individuals understand the GDPR. There is no set schedule for completing this course.

It may be helpful for learners to take this course when they interact (manage, control, process, collect) with data that may be subject to the GDPR so that they have awareness and can remain in compliance with the GDPR.

What are the standard recommendations for learner groups?

A recommendation is to set the first (GDPR Overview) module as “required” and the other modules as “supplemental” for initial completion. This would help learners to understand the entire GDPR.

The Introduction to the GDPR for U.S. Higher Education Organizations: Beyond Research is designed to be a standalone module for the higher ed audience. The recommendation would be to set this module as “required” for higher ed learners and not have them complete the other modules in the course.

What are the advantages of CITI Program’s GDPR course?

This course provides specific, peer-reviewed training developed by a range of experts in GDPR. Along with CITI Program's advantages, including our experience, customization options, cost effectiveness, and focus on organizational and learner needs, this makes it an excellent choice for GDPR training.

What is the GDPR: Expanded course for Independent Learners?

This course is only available for independent learners. GDPR: Expanded includes the entire GDPR for Research and Higher Ed course plus additional GDPR topic-focused webinars. It is meant to provide an additional course option that meets the unique needs of independent learners.

Can learner groups include components from HSR and other subjects?

Yes, like all CITI Program educational materials, the modules that make up HSR can be customized to meet the specific needs of your organization. This includes selecting modules from other CITI Program subjects (for example, Responsible Conduct of Research, Information Privacy and Security, Undue Foreign Influence, and Good Clinical Practice), when creating a learner group. Additional subscription charges may apply.

Will I be notified if this course is significantly revised or updated?

Yes, CITI Program will notify administrators via email and post news articles on our website when courses are significantly revised or updated.

Cookie	Duration	Description
BUY_NOW		This cookie is set to transfer purchase details to our learning management system.
CART_COUNT		This cookie is set to enable shopping cart details on the site and to pass the data to our learning management system.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
XSRF-TOKEN	session	The cookie is set by Wix website building platform on Wix website. The cookie is used for security purposes.

Cookie	Duration	Description
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
pll_language	1 year	This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_UA-33803854-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gat_UA-33803854-7	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjIncludedInSessionSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
_uetsid	1 day	This cookies are used to collect analytical information about how visitors use the website. This information is used to compile report and improve site.
BrowserId	1 year	This cookie is used for registering a unique ID that identifies the type of browser. It helps in identifying the visitor device on their revisit.
CFID	session	This cookie is set by Adobe ColdFusion applications. This cookie is used to identify the client. It is a sequential client identifier, used in conjunction with the cookie "CFTOKEN".
CFTOKEN	session	This cookie is set by Adobe ColdFusion applications. This cookie is used to identify the client. It provides a random-number client security token.
CONSENT	16 years 5 months 4 days 4 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
MUID	1 year 24 days	Used by Microsoft as a unique identifier. The cookie is set by embedded Microsoft scripts. The purpose of this cookie is to synchronize the ID across many different Microsoft domains to enable user tracking.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.

Cookie	Duration	Description
_app_session	1 month	No description available.
_gfpc	session	No description available.
_uetvid	1 year 24 days	No description available.
_zm_chtaid	2 hours	No description available.
_zm_csp_script_nonce	session	No description available.
_zm_cta	1 day	No description
_zm_ctaid	2 hours	No description available.
_zm_currency	1 day	No description available.
_zm_mtk_guid	2 years	No description available.
_zm_page_auth	session	No description available.
_zm_sa_si_none	session	No description
_zm_ssid	session	No description available.
AnalyticsSyncHistory	1 month	No description
BNI_persistence	4 hours	No description available.
BrowserId_sec	1 year	No description available.
CookieConsentPolicy	1 year	No description
cred		No description available.
f	never	No description available.
L-veVQq	1 day	No description
li_gc	2 years	No description
owner_token	1 day	No description available.
PP-veVQq	1 hour	No description
renderCtx	session	This cookie is used for tracking community context state.
RL-veVQq	1 day	No description
twine_session	1 month	No description available.
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
web_zak	past	No description
wULrMv6t		No description
zm_aid	past	No description
zm_haid	past	No description