Name: BCS Foundation Certificate in Data Protection
Brand: Freevacy
Price: 1295 GBP
Availability: InStock
Rating: 4.74 (192 reviews)

Course Features

Pre-course reading

3.5 hour online sessions

Live, interactive Instructor-led training

Unlimited 1-2-1 coaching

60-minute online BCS exam

Course Overview

First launched in 2014, the BCS Foundation Certificate in Data Protection is intended for a wider audience. The certificate is particularly suitable for key personnel (privacy champions) and specialised teams who process the personal information of customers, service users and employees as part of their daily roles. It is also the recognised entry point for compliance team members before advancing to the BCS Practitioner Certificate.

Since its introduction, the BCS has issued thousands of DP Foundation certificates across IT, HR, marketing, customer support, and other service delivery departments, as well as managerial roles and company directors of smaller businesses. Investing in the BCS DP Foundation to train business users can help reduce unnecessary human errors that lead to devastating and costly data breaches, potentially resulting in a cut to cyber-insurance premiums. Ultimately, however, it means that maintaining compliance with the GDPR will become a more realistic objective.

Participants attending this BCS-accredited GDPR training course will develop a practical understanding of UK data protection laws and how to apply them in everyday workplace situations. The focus is the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

This latest version of the BCS syllabus (v3.8) from February 2025 covers the legislative changes following the end of the transition period on 31 December 2020, when the UK formally ceased to be a member state of the EU, and everything up to the changes introduced by the Data (Use and Access) Act 2025 (DUA Act). It also introduces the concepts of artificial intelligence and information access.

The course is delivered online, although onsite and online in-company options are also available. Delegates can gain a recognised data protection qualification by attending five x 3.5-hour live online sessions across one week. The course prepares participants for the 1-hour multiple-choice BCS Foundation Exam, which is administered separately via Questionmark through online remote proctoring.

Note: the next official BCS syllabus update for the DP Foundation Certificate is scheduled for release on 2 February 2026. This update will incorporate the changes introduced by the Data (Use and Access) Act 2025. As Freevacy develops course materials for BCS-accredited professional certifications in-house, we have already incorporated these changes into our courseware. This ensures that attendees receive the most current and accurate information.

Course Costs

Attend the BCS Foundation Certificate in Data Protection for:

£1,295.00 + VAT

10% discount for subscribing to our PrivacyNewsfeed & Training Announcement Newsletters
15% additional online saving for multiple bookings on public schedule courses
In-company options available for teams of 6 or more

BCS training package includes:

5 x 3.5-hour live online sessions across 1 week, or
3 days for a traditional classroom setting
Entrance to the 1-hour, multiple-choice online BCS Examination
1-2-1 coaching and support
1st year BCS Associate membership

Course materials:

Detailed eBook course manual (see here for eBook features & print options)
Includes free lifetime updates, which means it will never go out of date
Copy of the General Data Protection Regulation & Data Protection Act 2018
Full course PowerPoint presentation
Exercises & revision materials
Sample exam questions

Book Now

Intended Audience

The BCS Foundation Certificate in Data Protection is suitable for key individuals and privacy champions with the following responsibilities as part of their roles:

Data protection
Information governance
Governance, risk and compliance
Information security, IT Security and IT
Human resources
Marketing and sales
Customer support and service delivery
Project managers
Procurement
Heads of departments, managers, and directors of SME businesses

Learning Outcomes

By attending the BCS Foundation Certificate in Data Protection, learners will:

Hold a recognised foundation-level qualification in UK data protection law
Develop an understanding of the UK's post-Brexit data protection legislative framework (UK GDPR, DPA18 & PECR)
Learn about the obligations placed on controllers, joint controllers and processors
Discover the rights of data subjects
Learn about the six lawful bases for processing
Understand the importance of accountability
Examine the rules surrounding international data transfers under UK GDPR
Understand the role of the Information Commissioner's Office (ICO)
Learn about personal data breaches, enforcement and liability
Contribute towards the ongoing commitment to maintain UK GDPR compliance

Course Itinerary

The BCS Foundation Certificate in Data Protection is a UK GDPR course conducted over 5 consecutive morning sessions (or 3 full days when delivered in-company).

The following schedule is intended as a guide:

Module 1	Introductions, Learning outcomes
	Exam details & techniques data
	Introduction to the History of Data Protection in the UK • Introduction to Data Protection and Digital Information (No.2) Bill (DPDIB)
	The Scope of the EU & UK General Data Protection Regulation (GDPR) • Article 2 Material scope • Article 3 Territorial Scope and jurisdiction of UK GDPR and alignment with EU GDPR • Article 27 When a Representative is needed • EU GDPR mechanisms for cross-border, one-stop-shop, and Main Establishment
	Principles of Data Protection and Applicable Terminology • Article 4 UK & EU GDPR Definitions • Article 5 UK & EU GDPR Principles
Module 2	The Lawful bases for processing • Article 6 Lawful Basis of Processing • Article 9 Processing special categories of personal data • Additional safeguards: - Article 9 - DPA18 Schedule 1 Parts 1-4
Module 2	Accountability Principle • Article 5(2) & Article 24 The accountability obligations. • Article 35 The purpose of and how to conduct Data Protection Impact Assessments (DPIAs) • Article 36 Prior notification
Module 3	Accountability Principle (continued) • Article 30 Records of Processing Activity (ROPA) • Articles 13 & 14 Interplay with Privacy notices • Article 25 Adopting a data protection by design and by default approach • Article 32 Security of personal data • Articles 37-39 The position, tasks, and role of the Data Protection Officer
Module 3	Obligations of Controller, Joint Controllers and Processors • Article 24 Responsibilities of the Controller • Article 28 Responsibilities of the Processor
Module 4	International Data Transfers under EU and UK GDPR • Article 44 General principles for transfers • Article 45 UK Adequacy Regulations and EU Adequacy Decisions • Article 46 Appropriate safeguards; UK International Data Transfer Agreement (IDTA) and EU Standard Contractual Clauses • Article 47 Binding Corporate Rules
	Data Subject Rights • Article 12 Transparency and Modalities • Articles 13 & 14 The right to be informed • Article 15 Right of Access • Article 16 Right of rectification • Article 17 Right to erasure • Article 18 Right of restriction (not examined) • Article 19 Notification obligations (not examined) • Article 20 Data Portability (not examined) • Article 21 Right to object • Article 22 Automated decision making and profiling
	Fundamental Rights of other regimes • Access rights of FOI and EIR
	Impact of artificial intelligence (AI) on data rights • What is meant by AI • The Data Protection Principles and AI
Module 5	Independent Supervisory Authority and the Role of the ICO • Article 58 Investigative and corrective powers • Articles 60 -66 EU GDPR Cooperation and Consistency • ICO guidance and codes of practice (statutory and non-statutory) • ICO good practice in the UK and Internationally
	Breaches, Enforcement and Liabilities • Articles 33 & 34 Obligations to report personal data breaches to ICO and data subjects • Sanctions due to complaints and breaches • Notices and Administrative fines • Liabilities of controllers and processors • Criminal liabilities – offences in DPA18
	Privacy and Electronic Communications (EC Directive) Regulations (2003) (PECR) • Link to GDPR consent definition • Types of electronic marketing and obligations

BCS DP Foundation Syllabus

Foundation Certificate in Data Protection (FC-DP)
Syllabus version 3.8
February 2025

Download the new syllabus (PDF)

BCS DP Foundation Examination

Duration and Format of the Examination

The BCS Data Protection Foundation Certificate exam format is a one-hour multiple-choice examination. The exam is closed book, i.e. no materials can be taken into the examination room.

Format of the Examination

Type	Multiple-choice, 40 Questions (1 mark each)
Duration	1 Hour. An additional 15 minutes will be allowed for candidates sitting the examination in a language that is not their native language.
Supervised	Yes
Open Book	No
Pass Mark	26/40 (65%)
Distinction Mark	None
Calculators	No, calculators cannot be used during this examination
Delivery	Digital or paper-based

Additional time for candidates requiring Reasonable Adjustments

Adjustments and/or additional time can be requested in line with the BCS reasonable adjustments policy for candidates with a disability or other special considerations, including English as a second language.