Hero Image

UK GDPR TRAINING

BCS Practitioner Certificate
in Data Protection

Book Now

An advanced practitioner certificate for data protection officers &
compliance professionals with processing operations based in the UK


ABOUT THIS COURSE

First launched in 1999, the BCS (formerly ISEB) Practitioner Certificate in Data Protection is the leading independent professional workplace qualification for individuals with privacy or data protection responsibilities. Over the years, the BCS has continued to evolve the practitioner certificate to keep pace with the advances in UK and EU legislation. In doing so, the BCS Practitioner Certificate has become the most trusted data protection training programme in the UK and is often listed by employers as a required qualification. The current version of the BCS syllabus (v9.7) from June 2023 covers the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). It takes into account the legislative changes following the end of the transition period on 31 December 2020, when the UK formally ceased to be a member state of the EU, and also considers the proposed changes within the Data Protection and Digital Information (No.2) Bill. It also examines the concepts of artificial intelligence and the overlap with information access requirements.

WHAT'S INCLUDED

Pre-course
reading

3.5-hour
online sessions

40+ hours
self-study

Flexible live
interactive training

Exam
preparation

90-minute online
BCS examination

8 to 12 week programme

COURSE DATES

Code Course Start Duration Location Booking
PC-DP BCS Practitioner Certificate in Data Protection 20 Jan 25 10 X 3.5hr Sessions Online Book now
24 Mar 25 10 X 3.5hr Sessions Online Book now
12 May 25 10 X 3.5hr Sessions Online Book now

BCS Practitioner Certificate in Data Protection (PC-DP)

Starts: 20 Jan 25

Duration: 10 X 3.5hr Sessions

Location: Online

Book now

BCS Practitioner Certificate in Data Protection (PC-DP)

Starts: 24 Mar 25

Duration: 10 X 3.5hr Sessions

Location: Online

Book now

BCS Practitioner Certificate in Data Protection (PC-DP)

Starts: 12 May 25

Duration: 10 X 3.5hr Sessions

Location: Online

Book now

Course Overview

The BCS Practitioner Certificate in Data Protection recognises the ability of award holders to fulfil the mandatory role of a Data Protection Officer (DPO) or to lead UK General Data Protection Regulation (GDPR) compliance within their organisation, department or group.

This BCS-accredited GDPR training course requires participants to develop a deep understanding of both UK and EU data protection laws and how to apply them in a workplace environment. Rather than focus on the rigid mechanics of regulation, the data protection course places privacy in the context of human rights and promotes good practice within organisations.

The data protection training course examines the UK GDPR's 10 chapters, 99 articles and 173 recitals (specifically those that remain relevant after being saved into UK Law). It concentrates on the complexity of the interactions between the GDPR and the Data Protection Act 2018, including its derogations and exemptions, along with the Privacy and Electronic Communications Regulations (PECR).

The course is delivered online for convenience and for the significant environmental and sustainability benefits it offers. Delegates can gain a recognised practitioner-level workplace qualification at home or from their desk by attending ten consecutive 3.5-hour live online sessions across two weeks. This data protection course follows the latest BCS Syllabus (v9.7) and prepares participants for the 90-minute multiple-choice BCS Practitioner Certificate in Data Protection Exam, administered separately via Questionmark through online remote proctoring. Participants will also receive a separate 1-day online revision course to help prepare for the BCS Practitioner Exam.

Itinerary

The BCS Certificate in Data Protection is a GDPR training course conducted over 10 consecutive morning sessions (or 5 full days when delivered in-company). 

The following schedule is intended as a guide:

Module 1
Introductions, Learning outcomes
BCS Exam details & techniques
Data protection, privacy and its history in the UK
   • Article 2 Material scope of UK and EU GDPR
   • Article 3 Territorial scope and jurisdiction of UK and EU GDPR
   • Awareness of EU Main Establishment, one-stop-shop mechanism (OSS)
   • Article 27 UK and EU requirements for Representation
 Principles of Data Protection and Applicable Terminology
   • Article 4 Definitions of UK and EU GDPR 
   • Article 5 Principles of UK and EU GDPR 
Module 2
Principles of Data Protection and Applicable Terminology (continued)
Lawfulness of Processing Personal Data
   • Article 6 Lawful Basis of Processing
   •   • Article 9 Processing special categories of personal data
   • Additional safeguards: UK GDPR Article 9 and DPA18 Schedule 1
Module 3
Lawfulness of Processing Personal Data (continued)
   • Article 9 Processing special categories of personal data (continued)
   • The Rules for processing criminal offence data
Accountability Principle
   • Article 5(2) Accountability and Article 24 Responsibility of the controller (accountability obligations)
   • Article 35 Data Protection Impact Assessments (DPIA)
   • Article 30 Records of Processing Activity (ROPA)
   • Articles 13 and 14 Interplay with Privacy Notices
Module 4
Accountability Principle (continued)
   • Article 25 Data Protection by Design and Default
   • Article 32 Security of personal data
   • Article 37-39 The position, tasks and role of the Data Protection Officer
Obligations of Controller, Joint Controllers and Processors
   • Article 24 Responsibilities of the Controller
   • Article 28 Responsibilities of the Processor
   • Cloud Service Providers (CSPs)
Module 5
Obligations of Controllers, Joint Controllers and Processors (continued)
   • Article 26 Joint Controllers
   • Article 28(3) Data processing agreements
International Data Transfers under EU and UK GDPR
   • Article 44 General principles for transfers
   • Article 45 UK Adequacy Regulations and EU Adequacy Decisions
   • Article 46 Appropriate safeguards:
      - UK International Data Transfer Agreement (IDTA)
      - EU Standard Contractual Clauses (SCCs)
   • Article 47 Binding corporate rules
   • Article 49 Derogations for specific situations
Data Subjects Rights
   • Article 12 Transparency and Modalities
   • Articles 13 and 14 Information to be provided to a data subject
   • Article 15 Right of Access
   • Section 184 Prohibition against enforced subject access requests
   • Section 185 Void contractual terms relating to health records
Module 6
Data Subjects Rights (continued)
   • Article 16 Right of rectification
   • Article 17 Right to erasure
   • Article 18 Right of restriction
   • Article 19 Notification obligations
   • Article 20 Data portability
   • Article 21 Right to object
   • Article 22 Automated decision making and profiling
Restrictions that may affect Data Subject Rights (as per Article 23 Restrictions and DPA18, Schedules 2 and 3)
   • Access rights of FOI and EIR
   • Impact of AI on data rights
The Role of the Supervisory Authority (EU)
   • The role and importance of supervisory authorities
   • Article 57 Tasks of the Independent Supervisory Authorities
   • Article 68-73 European Data Protection Board (EDPB)
Module 7
The Information Commissioner’s Office (ICO)
   • The role of the ICO
   • Investigative and corrective powers of the ICO as the UK regulator
   • ICO guidance and codes of practice
   • Promoting public awareness
   • Promotion of Privacy Seals, certification schemes and commonly used standards
   • Advice and reporting to Parliament
   • Data Protection Fees and Exceptions
Breaches, Enforcement and Liabilities and Role of the Tribunal
   • Articles 33 & 34 Obligations to report personal data breaches to ICO and data subjects
   • Data Protection Complaints
   • Sanctions that can be imposed due to breaches or complaints
   • Reprimands
   • Notices and Administrative fines
   • Liabilities of controllers and processors
Module 8
Breaches, Enforcement and Liabilities and Role of the Tribunal (continued)
   • Criminal liabilities – Offences
   • Offences under the Computer Misuse Act 1990
   • The role of the Tribunal
Processing of personal data in relation to children
   • Article 8 Consent in relation to Information Society Service
   • Children’s right to erasure
   • Age Appropriate Design Code (Children's Code)
Specific provisions relevant to public authorities
   • Meaning of Public Authority/Body
   • Article 6(1)(e) Public Task lawful basis of processing considerations
   • DPA18 Section 7(2) interplay for public authorities with Article 6(1)(f)
   • Relevant exemptions from Schedules 2 & 3
Module 9
Application of data protection legislation in key areas of industry
   • Overview of ICO Codes of Practice:
      - Employment Code
      - Surveillance Cameras and Personal Information Code
      - How the use of cookies and digital technologies is governed by data protection law (and PECR)
      - Data Sharing Code
AI and the processing of personal data
   • What is meant by AI
   •  AI Risks and Benefits
   •  The Data Protection Principles and AI
   • DPIAs and AI
Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR)
   • Link to GDPR consent definition
   • Types of electronic marketing and obligations
Module 10
Questions & Answers
Individual 1-2-1 tutorials

Who should attend?

This course is suitable for the following individuals:

  • Data Protection Officers
  • Information Governance (IG), Information Assurance (IA) and other compliance professionals (all grades)
  • Freedom of Information managers
  • Solicitors advising on information law
  • Information Security, IT Security and IT managers, Chief Information Security Officers (CISO)
  • Human Resource managers
  • Senior marketing professionals, Chief Marketing Officers (CMO)
  • Company directors of businesses that handle high volumes of personal information

By obtaining the Practitioner Certificate in Personal Data Protection, individuals will:

  • Hold a recognised practitioner level qualification in GDPR
  • Gain an in-depth understanding of the key changes that the GDPR and the UK Data Protection Act 2018 introduce to data protection
  • Understand the individual and organisational responsibilities, particularly the need for effective record keeping
  • Be able to apply the new rights available to data subjects and understand the implications of those rights
  • Be capable of performing the tasks a Data Protection Officer is expected to undertake
  • Develop the know-how to adopt a Data Protection by Design/Default approach when implementing new processing systems
  • Understand the legal mechanisms available that facilitate and enable the transfer of personal data outside of the UK and EU
  • Be able to prepare an organisation to achieve and maintain compliance with the GDPR and the UK Data Protection Act 2018
  • Possess the knowledge to implement and oversee relevant data protection learning and development programmes throughout the organisation, including the creation of privacy champions

BCS Syllabus

Practitioner Certificate in Personal Data Protection (PC-DP)
Extracted from syllabus version 9.7
June 2023

Download the new syllabus (PDF)

This professional certification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification in Wales, CCEA or SQA.

Exam Preparation

The topics covered in this session include:

Part 1. Online discussion and presentation
  • Exam technique
  • Timing
  • Completing the exam paperwork
  • How to read and answer BCS exam questions properly
  • Exercises
  • Group discussion, 3 example questions
Part 2. Mock exam
  • 45-minute mock exam (50% of the exam paper)
Part 3. Discussion, Q&A, review of the mock exam
  • Group discussion, mock exam answers

Following the examination prep day, the instructor will evaluate each student’s mock paper and provide individual feedback. This will include direct comments on the answers and offer guidance for further study areas.

Exam

Duration and Format of the BCS Examination

The BCS Practitioner Certificate in Data Protection exam format is a 90-minute multiple-choice examination. The exam is a closed book, i.e. no materials can be taken into the examination room.

Format of the Examination
Type40 Multiple Choice questions
Duration90 minutes
SupervisedYes
Open BookNo (no materials can be taken into the examination room)
Pass Mark26/40 (65%)
DeliveryDigital or paper-based
Additional time for candidates requiring Reasonable Adjustments

Adjustments and/or additional time can be requested in line with the BCS reasonable adjustments policy for candidates with a disability or other special considerations, including English as a second language.

Course Cost

Get this BCS Practitioner Certificate in Data Protection for:

£2,349+VAT

  • Receive a 15% online discount for multiple bookings onto public courses
  • Onsite courses can be delivered for teams of 6 or more
BCS Accredited GDPR training package includes:
  • 10 x 3.5 hour live online sessions across 2-weeks, or
  • 5-days for a traditional classroom setting
  • 1-day exam preparation online training course
  • Entrance to the 90-minute, multiple-choice online BCS Examination
  • 1-2-1 coaching and support
  • 1st year BCS Associate membership
Courseware: a complete practitioner-level GDPR manual
  • Detailed 134-page eBook course manual (see here for eBook features & print options)
  • Includes free lifetime updates, which means it will never go out of date
  • Copy of the General Data Protection Regulation & Data Protection Act 2018
  • Full course PowerPoint presentation
  • Exercises & revision materials
  • Sample exam questions
  • Prep day course materials with sample exam questions

10% OFF

SAVE £235 OFF THIS COURSE - PAY £2,114

Sign-up for our Privacy Newsfeed weekly newsletter to get your discount code. Receive additional offers by selecting training announcements option. Please choose your desired subscription option and then enter your details to subscribe.

COURSE DATES

Code Course Start Duration Location Booking
PC-DP BCS Practitioner Certificate in Data Protection 13 Jan 25 10 X 3.5hr Sessions Online Book now
24 Mar 25 10 X 3.5hr Sessions Online Book now
12 May 25 10 X 3.5hr Sessions Online Book now

BCS Practitioner Certificate in Data Protection (PC-DP)

Starts: 13 Jan 25

Duration: 10 X 3.5hr Sessions

Location: Online

Book now

BCS Practitioner Certificate in Data Protection (PC-DP)

Starts: 24 Mar 25

Duration: 10 X 3.5hr Sessions

Location: Online

Book now

BCS Practitioner Certificate in Data Protection (PC-DP)

Starts: 12 May 25

Duration: 10 X 3.5hr Sessions

Location: Online

Book now

EXAMINATION EVENTS

In addition to the above course dates, you also need to select the dates for your examination events. Choose a date for your exam preparation day 3-6 weeks after the training course. Then book your BCS exam 2-6 weeks after the exam preparation day.

Exam preparation day

Duration: 1-day

Format: Online

  • 10 Jan 25
  • 21 Feb 25
  • 25 Apr 25
BCS Exam

Duration: 90 minutes

Location: Online

  • 20 Jan 25
  • 3 Mar 25
  • 5 May 25

Freevacy has been shortlisted in the Best Educator category.
The PICCASO Privacy Awards recognise the people making an outstanding contribution to this dynamic and fast-growing sector.