Hi, yes, I took both. I think the second one can be worth it depending on your role and involvement in the GDPR process in your org. You don’t need to be a tech person for these courses, as they are very much more focused on business processes, risk management, and compliance. The Foundation course is more focused on getting through the regulation, and the second is more about practical implementation. In between the two courses, I read through the actual regulation once completely. There are so many moving pieces in the whole thing that I think it’s worth doing both courses and reading through the reg. In fact, after that it’s still a little bit vague about how one actually does the implementation itself, but you have at least a framework to hang it all in as you figure out how to apply it in your case. Thanks!