The Foundation Certificate is the recommended program for anyone dealing with Data Protection issues.

What's included


  • Public
    Schedule
  • Onsite class
    available
  • Foundation
    Level
  • Pre-course
    reading
  • 3 Day
    course
  • Instructor
    Led
  • End of
    course exam

3 Day program – Vocational qualification QCF Level 2

Course Overview

The BCS Foundation Certificate in Data Protection will benefit anyone who's role encompasses the protection of an individual's personal information or their privacy.

The Certificate gives confidence and knowledge to those with data protection responsibilities, which form part of their role. It is ideally suited for businesses preparing for the implementation of the General Data Protection Regulation (GDPR). It also benefits new starters embarking on a career in Information Rights, acting as a stepping stone towards the Practitioner Certificate.

The aim is to impart a general understanding of UK data protection law. This includes the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications Regulations 2003 (PECR). It also examines changes to UK law with the introduction of the General Data Protection Regulation (2016).

Delivered over 3 days. The course follows the latest BCS Syllabus and prepares participants for the BCS Foundation Exam. The BCS one-hour multiple-choice examination concludes the course.

Who should attend

This course is intended for:

  • Data Protection Officers in small and medium size businesses
  • Information Governance (IG) and Information Assurance (IA) teams
  • Marketing professions and heads of customer facing departments
  • It also benefits coporate IT and HR teams along with project managers

By obtaining the Foundation Certificate individuals will:

  • Hold a recognised accredited qualification in data protection
  • Have an understanding of individual and organisational responsibilities under DPA
  • Be better placed to support their organisation in managing and handling customer/staff data in compliance with the DPA

The BCS Foundation Certificate in Data Protection aligns with the vocational qualification QCF Level 2.

Itinerary

The BCS Foundation Certificate in Data Protection course is conducted over 3 consecutive days. The schedule is as follows:

Day 1 9:00 Introduction & Housekeeping
9:10 Course Aims - Examination details and technique
9:30 How to read an Act of Parliament
9:45 Historical overview
10:15 Introducing the Information Commissioner
10:30 Morning refreshments
10:45 Data Protection Act - Definitions
12:45 Lunch
13:30 Multiple-choice exercise
12:45 Data Protection Act - Principle 1, inc. Schedules 2 and 3
15:00 Afternoon Tea
15:30 Data Protection Act - Principle 2 - 5
Homework Revision reading and multi-choice sample questions
Day 2 9:00 Review and questions
9:10 Data Protection Act - Principle 6
10:30 Morning refreshments
10:45 Data Protection Act - Principles 7 and 8
11:30 Awareness and Notification
12:00 Main Exemptions & Subject Access Modifications
12:30 Lunch
13:15 Disclosures & Confidentiality
14:30 The ICO - Codes of Practice & Good Practice
15:00 Afternoon Tea
15:15 Good Practice (concluded)
Homework Revision reading and multi-choice sample questions
Day 3 9:00 Review and questions
9:10 Enforcement
10:30 Morning refreshments
10:45 Enforcement (concluded)
11:30 Privacy & Electronic Communications Regulations 2003
12:30 Lunch
13:00 Revision Exercises
15:30 BCS 1 hour multiple-choice examination

Course contents

The topics covered in this course include:

  • Context:
    • EU Charter of Fundamental Rights (Article 8)
    • EU Data Protection Directive 95/46/EC
    • The Data Protection Act (1998)
    • The Human Rights Act (1998)
    • Privacy and Electronic Communications Regulations (2003)
    • General Data Protection Regulation (2016)
    • Privacy Shield (2016)
  • The role of The Information Commisioner:
    • Codes of Practice
  • Definitions
  • The 8 Data Protection Act Principles
    • Individual Rights
  • Notifications
  • Enforcement
  • Exemptions
    • Understanding Disclosures
  • Criminal Ofences
  • Good Practice
  • Making Complice happen in practice

BCS Foundation Certificate in Data Protection (FCDP) Syllabus

Knowledge of UK data protection law, and an understanding of how it is applied in practice, is important for any organisation holding personal information. The BCS Foundation Certificate in Data Protection is designed for those who wish to get a sound grounding in the key elements of the law and its practical application.

1. Introduction (0.5 hours - 3%)

The objective is to ensure a basic appreciation of the context of data protection law, and a basic understanding of the role of the role of the Information Commissioner.

1.1 Context of Data Protection law

  • EU Data Protection Directive 1995/46/EC
  • Privacy and Electronic Communications Directive 2002/58/EC
  • UK Human Rights Act 1998
  • EU Charter of fundamental rights and freedoms (Article 8)

Candidates are expected to have a basic understanding of the aims of these four key legal instruments. Candidates are not expected to have a detailed knowledge of their provisions.

1.2 The role of the Information Commissioner

  • Provision of guidance
  • Codes of practice
  • Enforcement role

NB details of enforcement provisions and specific codes are covered elsewhere in the syllabus

2. Identification of processing subject to the Act (2 hours - 13%)

The objective is to ensure that candidates know the key definitions in the Act and how to apply them in order to identify which information and processing activities are subject to the Act.

  • Definition of ‘Data’ (1(1) a, b and c)
  • Definition of Relevant Filing System
  • Definition of Personal Data (including Sensitive Personal Data)
  • Definition of Data Controller · Definition of Data Processor
  • Definition of Processing
  • Definition of Data Subject
  • Domestic purposes exemption (Section 36)

3. Understanding the principles (5 hours - 31%)

The objective is to ensure an understanding of how the principles regulate the processing of personal data, as well as an understanding of the application of individual principles in the light of the interpretation provisions in Part II of Schedule 1. Candidates will be required to show an understanding of the need to interpret and apply the principles in context.

  • First and Second Principles, including transparency, Schedules 2 and 3 and purpose limitation
  • Third Principle
  • Fourth Principle
  • Fifth Principle
  • Sixth Principle
  • Seventh Principle – including data processing contracts
  • Eighth Principle – including:
    • What constitutes a transfer
    • The implications of transferring personal data outside of the EEA
    • A broad appreciation of the different ways of achieving adequacy
    • An understanding of Schedule 4

NB Candidates are not expected to have an in-depth understanding of the detail of the different options for ensuring adequacy.

4. The rights (2 hours - 13%)

The objective is to ensure an awareness of all the rights conferred by the Act and a more detailed understanding of the application of key rights

Awareness of:

  • Rights in relation to automated decision taking
  • Right to rectification, blocking, erasure and destruction

A more detailed understanding of:

  • Right to attempt to prevent processing likely to cause damage or distress
  • Right to prevent processing for the purpose of direct marketing
  • Right to compensation
  • Right of subject access - including:
    • Process, timescale and fee
    • Approach to third-party data
    • An awareness of the existence of the main exemptions

Candidates are only expected to know the standard fee not to know, for example, the fee regime in respect of educational records.

Candidates are not expected to have a detailed knowledge of the subject information exemptions but are expected to understand the main areas in which exemptions are likely to be applicable and have a basic understanding of the effect of these provisions:

  • Crime and Taxation - Section 29(1)
  • Serious harm in connection with certain types of records - Data Protection (Subject Access Modification) (Social work) Order 2000 and Data Protection (Subject Access Modification) (Health) Order 2000
  • Negotiations - Schedule 7

5. Privacy and Electronic Communications (EC Directive) Regulations 2003 – rules relating to direct marketing (1 hr - 6%)

The objective is to ensure an awareness of the relationship between the Regulations and the Act, and an awareness of the main provisions relating to marketing:

  • Objective and broad scope
  • Provisions relating to marketing calls (automated and live)
  • Provisions relating to marketing emails and SMS

NB Candidates are not expected to know the conditions for marketing by fax

The only preference service candidates are expected to know about is the Telephone Preference Service (TPS)/ Corporate Telephone Preference (CTPS)

6. Notification (0.5 hr - 3%)

The objective is to ensure a broad awareness of notification including:

The requirement for data controllers to notify unless they are exempt (including a broad understanding of the ‘core business purposes’ exemption, not for profit exemption, and the fact that processing of manual data does not require notification)

The requirement for data controllers to comply with the DPA even if they are exempt from notification

NB Candidates are expected to be aware that there are fees for notification but are not expected to have knowledge of the fee structure or to know the registrable particulars.

7. Enforcement (2 hours - 13%)

The objective is to ensure an awareness of the ways in which the Information Commissioner and the Courts enforce the provisions of the Act.

The candidates will be expected to have an awareness of:

  • Information Notices
  • Undertakings
  • Enforcement Notices
  • Civil Monetary Penalties
  • Power to conduct a compulsory audit (Section 41A Assessment Notices)
  • Section 55

Candidates should understand where enforcement powers apply to the DPA and to PECR

8. Understanding when disclosures are permitted (1.5 hours - 9%)

Objectives include a basic knowledge of:

  • Fairness and compatibility in the context of making disclosures of personal data
  • Disclosures that may be permitted, including use of exemptions Section 29 (3), Section 35 (1) and (2)
  • Powers and constraints other than data protection (e.g. confidentiality, a basic awareness of the fact that there may be other considerations for public sector organisations making disclosures)
  • Considerations when sharing data (the Information Commissioner’s Data Sharing Code of Practice)

9. Good practice (1.5 hours - 9%)

Objectives include a basic knowledge of;

9.1 Codes of practice

  • The status and use of codes of practice
  • An awareness of ICO codes in key areas - Privacy Notices, Subject Access, Employment Practices, CCTV – but not the content of those codes

9.2 Making compliance happen in practice

A basic understanding of:

  • The reasons for and broad approach to making Privacy Impact Assessments
  • Role of a Data Protection Officer
  • Training of staff

The full BCS FCDP Syllabus can be viewed on the BCS website.

BCS Exam

Duration and Format of the Examination

The format for the examination is a one-hour multiple-choice examination. The examination is closed book i.e.no materials can be taken into the examination room.

TThe BCS Examination is held on the last afternoon of the course.

Pass Mark

The pass mark is 26/40.

This equates to 65%

Format of the Examination

Type Multiple-choice, 40 Questions.
Duration 1 Hour. An additional 15 minutes will be allowed for candidates sitting the examination in a language that is not their native language
Supervised Yes
Open Book No
Pass Mark 26/40 (65%)
Distinction Mark None
Calculators Calculators cannot be used during this examination
Delivery Paper based examination

Additional time for candidates requiring Reasonable Adjustments

Candidates may request additional time if they require reasonable adjustments. Please refer to the reasonable adjustments policy for detailed information on how and when to apply.

Additional time for candidates whose language is not the language of the exam

An additional 25% (15 minutes) will be allowed for candidates sitting the examination in a language that is not their mother tongue. If the examination is taken in a language that is not the candidate’s native/official language then they are entitled to use their own paper language dictionary (whose purpose is translation between the examination language and another national language) during the examination. Electronic versions of dictionaries will not be allowed into the examination room.

Course dates

Code Course Starts Ends Exam prep Exam
FC-DP BCS Foundation Certificate in Data Protection 08 Nov 16 10 Nov 16 - 10 Nov 16
13 Feb 17 15 Feb 17 - 15 Feb 17
19 Jun 17 21 Jun 17 - 21 Jun 17
09 Oct 17 11 Oct 17 - 11 Oct 17
Code Course Course starts Course ends Exam prep Exam
FC-DP BCS Foundation Certificate in Data Protection 08 Nov 16 10 Nov 16 - 10 Nov 16
FC-DP BCS Foundation Certificate in Data Protection 13 Feb 17 15 Feb 17 - 15 Feb 17
FC-DP BCS Foundation Certificate in Data Protection 19 Jun 17 21 Jun 17 - 21 Jun 17
FC-DP BCS Foundation Certificate in Data Protection 09 Oct 17 11 Oct 17 - 11 Oct 17

Onsite option

If you have a team of 3 or more, we can deliver the training at your location.

Let us know when you have in mind and the size of your group.

Ask about an Onsite Course

What our customers have to say

  • Good overall structure, well paced and easy going and personable tutor.

    Thoroughly enjoyable

    Prakash Mistry
  • Joyce is a fantastic tutor who thoroughly knows her subject and made a very dry course incredibly enjoyable. The delivery and materials are excellent and I will be recommending Freevacy for future use.

    Caroline Higton
  •  Freevacy is an excellent training provider for BCS DPA courses.

    Justine Wright