Course Details

Gain a recognised qualification in data protection.

Gain an understanding of the key changes that the GDPR and the Data Protection Act (2018) bring to data protection.

Gain an understanding of the new rights available to data subjects and the implications of those rights with the GDPR and Data Protection Act (2018).

Gain an understanding of individual and organisational responsibilities under the GDPR and the Data Protection Act (2018), particularly the need for effective record keeping.

Gain an understanding of the increased obligations faced by data controllers and data processors as a result of the GDPR coming into force and the Data Protection Act (2018) being enacted.

Be better placed to support your organisation in processing customer data in compliance with the GDPR and the Data Protection Act (2018).

Course curriculum

  • 2

    Chapter 1 History of Data Protection in the UK

    • Learning objectives

    • Introduction to data protection

    • History of data protection in Europe

    • History of data protection in Europe

    • History of data protection in the UK

    • Effect of Brexit on GDPR

    • General Data Protection Regulation

    • UK GDPR - Territorial scope

    • GDPR - Territorial scope

    • Main establishment

    • Case Study: CNIL fines Google €50million

    • Knowledge check

  • 3

    Chapter 2 Principles of Data Protection & Applicable Terminology

    • Learning objectives

    • Terminology

    • Personal Data

    • Special Categories of Personal Data (and genetic and biometric data)

    • Criminal offence data

    • Pseudonymisation

    • Processing

    • Controller

    • Processor

    • Joint Controllers

    • Filing system

    • Third party

    • Cross-border processing

    • Profiling

    • Personal Data Breach

    • Data Protection Principles

    • Data Protection Principles

    • Knowledge check

  • 4

    Chapter 3 Lawful bases for processing Personal Data

    • Learning objectives

    • Lawful bases

    • Lawful bases

    • Lawful bases

    • Special category data conditions

    • Knowledge check

  • 5

    Chapter 4 Governance & Accountability

    • Learning objectives

    • Accountability

    • Accountability

    • Article 24

    • Article 25

    • Article 30 (1)

    • Article 30 (2)

    • Article 32

    • Article 35

    • Article 35

    • Article 35

    • Article 36

    • Articles 37 - 39: DPOs

    • Governance

    • Knowledge check

  • 6

    Chapter 5 Interaction between Controller and Processor

    • Learning objectives

    • Controller and processor

    • Controller and processor

    • Joint controllers

    • Knowledge check

  • 7

    Chapter 6 Transfers of Personal Data to third Countries

    • Learning objectives

    • Forms of transferring data

    • Adequacy

    • EU-US Privacy Shield

    • Standard Contractual Clauses

    • Binding Corporate Rules

    • Other methods

    • Knowledge check

  • 8

    Chapter 7 Data Subject Rights

    • Learning objectives

    • Data Subject Rights

    • Article 12

    • Article 13 & 14

    • Article 13

    • Article 14

    • Common approaches to privacy notices

    • Article 15

    • Article 16

    • Article 17

    • Article 18

    • Article 19

    • Article 20

    • Article 21

    • Article 22

    • Restrictions

    • Knowledge check

  • 9

    Chapter 8 Independent Supervisory Authorities (ISAs)

    • Learning objectives

    • Independent Supervisory Authorities

    • ISAs

    • Co-operation and consistency

    • European Data Protection Board

    • Information Commissioner's Office (ICO)

    • Knowledge check

  • 10

    Chapter 9 Breaches, Enforcement and Liability

    • Learning objectives

    • Remedies

    • Breaches

    • Breaches

    • Fines

    • Enforcement

    • Liabilities

    • knowledge check

  • 11

    Chapter 10 Privacy & Electronic Communications Regulations

    • Learning objectives

    • E-Privacy Directive & PECR

    • Opt-In vs Opt-Out

    • Knowledge check

  • 12

    Exam Preparation


  • Who Is It For?

    This qualification is primarily aimed at those who need to have an understanding of data protection, and the GDPR in particular, to do their job; or those whose effectiveness in their role would be enhanced by knowledge of the law in this area. The Foundation Certificate will also provide a stepping stone for those who have, or who will have, some responsibility for data protection within an organisation.

  • What Will I Learn?

    Build your knowledge of how GDPR and Data Protection will affect your business, helping you to ensure your organisation will be compliant. Help you to understand the new rules and train you to be a subject matter expert. Explore the application of current data protection laws, including the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

  • Exam

    A one hour ‘closed book’ exam, with 40 multiple-choice questions. The pass mark is 65% (26/40) and you can take the exam from home (computer with webcam required). You will have 12 months access to the course to help you prepare.

  • Entry Requirements

    None. Although some knowledge of data protection law would be an advantage, as well as basic working knowledge of IT and GDPR.

  • What Do I Get?

    As well as gaining new skills and knowledge, upon successful completion, you will receive a globally recognised Professional Certificate awarded by the BCS at SFIA Plus Level 2, with free annual Associate Membership to the BCS to help further develop your career and grow your professional network.

  • How Long Does It Take To Complete

    It usually takes a minimum of 18 hours to prepare for the exam.

  • What Support Is Available?

    A qualified tutor is on hand to answer any questions you have about the course and the content, via email or the student discussion forum.

  • What Career Support Is Available?

    When you pass your exam, you will receive a one-year free membership to the BCS (worth £90) which offers professional networking and career development opportunities through their careers service: ’Springboard'.


Company Director and Accredited Trainer

Darren Winter

Darren is the Company Director of Duco Digital, a digital marketing & training business providing business analysis and delivering professional marketing solutions including websites, social media marketing, SEO, marketing strategies and training. In 2020, he launched Duco Digital Training offering BCS accredited distance learning courses. In 2017 he graduated from Newcastle University with an MA with merit in Cross-Cultural Communication and International Marketing, previously graduating with a BSc in Computing from Teesside University where he was also a University Governor. He is the Chair of the Redcar Cleveland Ambassadors and the Redcar Town Deal Board, and also manages the Redcar and Cleveland Business Network.

Start Your Data Protection Journey Today. For Only £950!

Price includes 12 months access, tutor support and exam costs.

What If I Change My Mind?

If you change your mind about your course purchase, you can apply for a refund within 14 days of purchase, provided that you haven't accessed your course material. Please note that you are no longer eligible if you have accessed your course material or communicated with any course tutor.