An entry-level BCS certificate for new compliance team members and
privacy champions handling personal data in the wider workplace
Intended for the wider workforce, the BCS Foundation Certificate in Data Protection is ideal for privacy champions and teams with specific data processing requirements as part of their role. As such, the BCS DP Foundation is suitable for anyone involved in the collection, use and protection of personal information. Since its introduction in 2014, the BCS has issued thousands of data protection certifications across IT, HR, marketing, customer support and other service delivery departments, alongside those new to core compliance and information security roles. This latest version of the BCS syllabus (v3.7) from June 2023 covers the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). Version 3.7 takes into account the legislative changes following the end of the transition period on 31 December 2020, when the UK formally ceased to be a member state of the EU, and everything up to the proposed changes within the Data Protection and Digital Information (No.2) Bill. It also introduces the concepts of artificial intelligence and information access.
The BCS Data Protection Foundation Certificate will benefit all members of staff who are processing the personal information of customers and service users, company employees, or any other partners and stakeholders as part of their daily role. Alongside these key personnel (privacy champions), the BCS Foundation is suitable for management roles and executives who are in some way responsible for business areas that routinely handle personal information. The Foundation Certificate is also the recognised entry point for compliance team members before advancing to the BCS Practitioner Certificate, and IAPP certified training.
Participants attending this BCS accredited GDPR training course will develop a practical understanding of UK data protection laws and how to apply them in everyday workplace situations. The focus is on the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018, along with the Privacy and Electronic Communications Regulations (PECR).
The course is delivered online for convenience and for the significant environmental and sustainability benefits it offers. Delegates can gain a recognised workplace data protection qualification, whether working at their desk or from home, by attending five x 3.5-hour live online sessions across one week. The course follows the latest BCS Syllabus (v3.7) and prepares participants for the 1-hour multiple-choice BCS Foundation Exam, which is administered separately via Questionmark through online remote proctoring.
Choosing the BCS Foundation Certificate in Data Protection qualification to develop the skills of select personnel within departments that process high volumes of personal information will be viewed as a positive step. One that outwardly demonstrates a strong commitment to building deeper, more trusting relationships with customers, service users, stakeholders and employees alike.
Investing in the BCS Data Protection Foundation to train operational employees will also help to reduce unnecessary human errors that can lead to a devastating and costly data breach, potentially resulting in a cut to cyber-insurance premiums. Ultimately, however, it means maintaining a constant state of compliance with the GDPR will become a more realistic objective.
The BCS Foundation Certificate in Data Protection is a UK GDPR course conducted over 5 consecutive morning sessions (or 3 full days when delivered in-company).
The following schedule is intended as a guide:
Introductions, Learning outcomes
Exam details & techniques data
Introduction to the History of Data Protection in the UK• Introduction to Data Protection and Digital Information (No.2) Bill (DPDIB)
|The Scope of the EU & UK General Data Protection Regulation (GDPR)
• Article 2 Material scope
• Article 3 Territorial Scope and jurisdiction of UK GDPR and alignment with EU GDPR
• Article 27 When a Representative is needed
• EU GDPR mechanisms for cross-border, one-stop-shop, and Main Establishment
Principles of Data Protection and Applicable Terminology• Article 4 UK & EU GDPR Definitions
• Article 5 UK & EU GDPR Principles
|The Lawful bases for processing
• Article 6 Lawful Basis of Processing
• Article 9 Processing special categories of personal data
• Additional safeguards:
- Article 9
- DPA18 Schedule 1 Parts 1-4
• Article 5(2) & Article 24 The accountability obligations.
• Article 35 The purpose of and how to conduct Data Protection Impact Assessments (DPIAs)
• Article 36 Prior notification
|Accountability Principle (continued)
• Article 30 Records of Processing Activity (ROPA)
• Articles 13 & 14 Interplay with Privacy notices
• Article 25 Adopting a data protection by design and by default approach
• Article 32 Security of personal data
• Articles 37-39 The position, tasks, and role of the Data Protection Officer
|Obligations of Controller, Joint Controllers and Processors
• Article 24 Responsibilities of the Controller
• Article 28 Responsibilities of the Processor
|International Data Transfers under EU and UK GDPR
• Article 44 General principles for transfers
• Article 45 UK Adequacy Regulations and EU Adequacy Decisions
• Article 46 Appropriate safeguards; UK International Data Transfer Agreement (IDTA) and EU Standard Contractual Clauses
• Article 47 Binding Corporate Rules
|Data Subject Rights
• Article 12 Transparency and Modalities
• Articles 13 & 14 The right to be informed
• Article 15 Right of Access
• Article 16 Right of rectification
• Article 17 Right to erasure
• Article 18 Right of restriction (not examined)
• Article 19 Notification obligations (not examined)
• Article 20 Data Portability (not examined)
• Article 21 Right to object
• Article 22 Automated decision making and profiling
|Fundamental Rights of other regimes
• Access rights of FOI and EIR
|Impact of artificial intelligence (AI) on data rights
• What is meant by AI
• The Data Protection Principles and AI
|Independent Supervisory Authority and the Role of the ICO
• Article 58 Investigative and corrective powers
• Articles 60 -66 EU GDPR Cooperation and Consistency
• ICO guidance and codes of practice (statutory and non-statutory)
• ICO good practice in the UK and Internationally
|Breaches, Enforcement and Liabilities
• Articles 33 & 34 Obligations to report personal data breaches to ICO and data subjects
• Sanctions due to complaints and breaches
• Notices and Administrative fines
• Liabilities of controllers and processors
• Criminal liabilities – offences in DPA18
|Privacy and Electronic Communications (EC Directive) Regulations (2003) (PECR)
• Link to GDPR consent definition
• Types of electronic marketing and obligations
This course is suitable for key individuals and other privacy champions with the following responsibilities:
By obtaining the Data Protection Foundation Certificate, individuals will:
The BCS Data Protection Foundation Certificate exam format is a one-hour multiple-choice examination. The exam is closed book, i.e. no materials can be taken into the examination room.
|Type||Multiple-choice, 40 Questions (1 mark each)|
An additional 15 minutes will be allowed for candidates sitting the examination in a language that is not their native language.
|Pass Mark||26/40 (65%)|
|Calculators||No, calculators cannot be used during this examination|
|Delivery||Digital or paper-based|
Adjustments and/or additional time can be requested in line with the BCS reasonable adjustments policy for candidates with a disability or other special considerations, including English as a second language.
Get this BCS Data Protection Foundation Certificate for:
Sign-up for our Privacy Newsfeed weekly newsletter to get your discount code. Receive additional offers by selecting training announcements option. Please choose your desired subscription option and then enter your details to subscribe.
Freevacy has been shortlisted in the Best Educator category. The PICCASO Privacy Awards recognise the people making an outstanding contribution to this dynamic and fast-growing sector.