ABOUT THIS COURSE

First launched in 1999, the BCS (formerly ISEB) Practitioner Certificate in Data Protection is the leading independent professional workplace qualification for individuals with privacy or data protection responsibilities. Over the years, the BCS has continued to evolve the practitioner certificate to keep pace with the advances in UK and EU legislation. In doing so, the Practitioner Certificate has become the most trusted data protection training programme in the UK and is often listed by employers as a required qualification. The current version of the BCS syllabus (v9.6) from January 2023 covers the UK GDPR, Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). It takes into account the legislative changes following the end of the transition period at 11 pm on 31 December 2020, when the UK formally ceased to be a member state of the EU, and everything thereafter.

WHAT'S INCLUDED

Book Icon
Pre-course
reading
10 Icon
3.5-hour
online sessions
Clock Icon
40+ hours
self-study
Whiteboard Icon
Flexible Live
interactive training
Checklist Icon
Exam
preparation
Examination Icon
90-minute online
BCS examination
8 to 12 week programme

COURSE DATES

Code Course Start Duration Location Booking
PC-DP BCS Practitioner Certificate in Data Protection 15 May 23 10 X 3.5hr Sessions Online Sold out
5 Jun 23 10 X 3.5hr Sessions Online Book now
17 Jul 23 10 X 3.5hr Sessions Online Book now

BCS Practitioner Certificate in Data Protection (PC-DP)

Starts: 15 May 23

Duration: 10 X 3.5hr Sessions

Location: Online

Sold out

BCS Practitioner Certificate in Data Protection (PC-DP)

Starts: 5 Jun 23

Duration: 10 X 3.5hr Sessions

Location: Online

Book now

BCS Practitioner Certificate in Data Protection (PC-DP)

Starts: 17 Jul 23

Duration: 10 X 3.5hr Sessions

Location: Online

Book now

Course Overview

The BCS Practitioner Certificate in Data Protection recognises the ability of award holders to fulfil the mandatory role of a Data Protection Officer (DPO) or to lead UK General Data Protection Regulation (GDPR) compliance within their organisation, department or group.

This BCS-accredited GDPR training course requires participants to develop a deep understanding of both UK and EU data protection laws and how to apply them in a workplace environment. Rather than focus on the rigid mechanics of regulation, the data protection course places privacy in the context of human rights and promotes good practice within organisations.

The data protection training course examines the UK GDPR's 10 chapters, 99 articles and 173 recitals (specifically those that remain relevant after being saved into UK Law). It concentrates on the complexity of the interactions between the GDPR and the Data Protection Act 2018, including its derogations and exemptions, along with the Privacy and Electronic Communications Regulations (PECR).

Due to environmental and sustainability benefits, this data protection online training course, which is traditionally taught in a classroom setting over 5-days, is now delivered across a secure WebEx platform with all the support and interactivity found in the classroom. Delegates can gain a recognised practitioner-level workplace qualification at home or from their desk by attending ten x 3.5-hour live online sessions across two weeks.

Participants will also receive a separate 1-day online revision course to help prepare for the BCS Practitioner Certificate in Data Protection Exam. This data protection course follows the latest BCS Syllabus (v9.6) and prepares participants for the 90-minute multiple-choice BCS Practitioner Exam, administered separately via Questionmark through online remote proctoring.

Itinerary

The BCS Certificate in Data Protection is a GDPR training course conducted over 5 consecutive days.

The following schedule is intended as a guide:

Module 1 Introductions, Learning outcomes
Exam details & techniques data
Protection, privacy and its history in the UK
   • Articles 2 &3 Territorial scope and jurisdiction of GDPR
   • Main Establishment Cross Border processing, the one-stop-shop mechanism (OSS) and the requirement for EU Representation
Principles of Data Protection and Applicable Terminology
   • GDPR Article 4 Definitions
   • GDPR Article 5 Principles
Module 2 Principles of Data Protection and Applicable Terminology cont.
Lawfulness of Processing Personal Data
   • Article 6 Lawful Basis of Processing
   • Processing special categories of personal data
   • Article 9 Processing of Special Category Data and interlink to DPA2018 Schedule 1 conditions
Module 3 Lawfulness of Processing Personal Data cont.
   • Article 9 Processing special categories of personal data concluded.
Governance and Accountability
   • Summary of the Accountability Obligations in Article 5(2)
   • Article 35 Data Protection Impact Assessments
   • Article 30 Records of Processing Activity (ROPA)
   • Controller and Processor ROPA responsibilities
   • Interplay with Privacy Notices
Module 4 Governance and Accountability cont.
   • Article 25 Data Protection by Design and Default
   • Article 32 Security of personal data
   • Article 38 The position, tasks and role of the Data Protection Officer
Interaction between Controller and Processor
   • Article 24 Responsibilities of the Controller
   • Article 28 Processor Obligations
Module 5 Interaction between Controller and Processor case law
   • Summary of a key case law involving the SWIFT
   • Considerations around Cloud Service Providers as processors
   • Article 26 Joint Controllers
   • Article 28(3) Data processing agreements
   • Standard Contractual Clauses (SCC)
   • Article 29 Processing under authority of a controller or processor
Transfers of Personal Data to Third Countries or International organisations
   • Article 44 General principles for transfers
   • Article 45 Transfers based on an adequacy decision
   • Article 46 Transfers subject to appropriate safeguards
Data Subjects Rights and Restrictions to Data Subjects Rights
   • Article 12 Transparency and modalities
   • Articles 13 & 14 Information to be provided to a data subject
   • Article 15 Right of Access
Module 6 Data Subjects Rights and Restrictions to Data Subjects Rights cont.
   • Article 16 Right of rectification
   • Article 17 Right to erasure
   • Article 18 Right of restriction
   • Article 19 Notification obligations
   • Article 20 Data portability
   • Article 21 Right to object
   • Article 22 Automated decision making and profiling
   • Restrictions that may affect Data Subject Rights (as per Article 23 Restrictions and DPA2018, Schedules 2 and 3)
The Role of the Supervisory Authority
   • Summary of the role of Supervisory Authorities including Independence
   • Competence and Powers, cooperation and consistency
   • Articles 35(4-5) & 36 Reviews of DPIAs in cases of unmitigated risk
Module 7 The Role of the ICO as UK Supervisory Authority Sections 114/115
   • As a regulator – Investigative and corrective powers
   • ICO guidance and codes of practice (statutory and non-statutory)
   • ICO good practice in UK and Internationally
   • Promotion of Privacy Seals, certification schemes and commonly used standards
   • Advise and reporting to Parliament
   • Summary of the European Data Protection Board (EDPB) Articles 68 -73
Breaches, Enforcement and liabilities and Role of the Tribunal
   • Articles 33 & 34 Obligations to report personal data breaches to ICO and data subjects
   • Overlap with NIS Directive
   • Sanctions due to complaints and breaches
   • Notices and Administrative fines
   • Liabilities of controllers/processors
Module 8 Breaches, Enforcement and liabilities and Role of the Tribunal Cont.
   • Criminal liabilities – offences in DPA2018
Processing of personal data in relation to children
   • Considerations regarding Article 8 Childs Consent in relation to Information Society Services
   • Right to erasure applying to children's data
   • Overview of the Age Appropriate Design Code of Practice
Specific provisions relevant to public authorities
   • Meaning of Public Authority/Body
   • Article 6(1)(e) Public Task lawful basis of processing considerations
   • DPA'18 Section 7(2) interplay for public authorities with Article 6(1)(f)
   • Relevant exemptions from Schedules 2 & 3
Module 9 Application of data protection legislation in key areas of industry
   • Overview of ICO Codes of Practice:
   • Employment Code
   • CCTV Code
   • Use of cookies and digital technologies and interlink to PECR
   • Data Sharing Code
Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR)
   • Link to GDPR consent definition
   • Types of electronic marketing and obligations
   • ePrivacy regulations status update
Module 10 Questions & Answers
Individual 1 to 1 tutorials

Who should attend?

This course is suitable for the following individuals:

  • Data Protection Officers
  • Information Governance (IG), Information Assurance (IA) and other compliance professionals (all grades)
  • Freedom of Information managers
  • Solicitors advising on information law
  • Information Security, IT Security and IT managers, Chief Information Security Officers (CISO)
  • Human Resource managers
  • Senior marketing professionals, Chief Marketing Officers (CMO)
  • Company directors of businesses that handle high volumes of personal information

By obtaining the Practitioner Certificate in Personal Data Protection, individuals will:

  • Hold a recognised practitioner level qualification in GDPR
  • Gain an in-depth understanding of the key changes that the GDPR and the UK Data Protection Act 2018 introduce to data protection
  • Understand the individual and organisational responsibilities, particularly the need for effective record keeping
  • Be able to apply the new rights available to data subjects and understand the implications of those rights
  • Be capable of performing the tasks a Data Protection Officer is expected to undertake
  • Develop the know-how to adopt a Data Protection by Design/Default approach when implementing new processing systems
  • Understand the legal mechanisms available that facilitate and enable the transfer of personal data outside of the UK and EU
  • Be able to prepare an organisation to achieve and maintain compliance with the GDPR and the UK Data Protection Act 2018
  • Possess the knowledge to implement and oversee relevant data protection learning and development programmes throughout the organisation, including the creation of privacy champions

BCS Syllabus

Practitioner Certificate in Personal Data Protection (PC-DP)
Extracted from syllabus version 9.6
January 2023

Download the new syllabus (PDF)

This professional certification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification in Wales, CCEA or SQA.

Exam Preparation

Exam Preparation Day

The topics covered in this session include:

Part 1. Online discussion and presentation
  • Exam technique
  • Timing
  • Completing the exam paperwork
  • How to break down BCS exam questions
    • Reading questions properly
    • Answering questions correctly
  • Exercises
  • Group discussion, 3 example questions
Part 2. Mock exam
  • 45-minute mock exam (50% of the exam paper)
Part 3. Discussion, Q&A, review of the mock exam
  • Group discussion, mock exam answers

Following the examination prep day, the instructor will evaluate each student’s mock paper and provide individual feedback. This will include direct comments on the answers, exam technique and offer guidance for further study areas.

Exam

Duration and Format of the BCS Examination

The BCS Certificate in Data Protection exam format is a 90-minute multiple-choice examination. The exam is a closed book, i.e. no materials can be taken into the examination room.

The BCS Examination for the Practitioner Certificate in Personal Data Protection is now available in paper and online formats.

Pass Mark

The pass mark is 26/40, which equates to 65%

Format of the Examination
Type 40 Multiple Choice questions
Duration 90 minutes
Supervised Yes
Open Book No (no materials can be taken into the examination room)
Pass Mark 26/40 (65%)
Delivery Digital or paper basedy
Advice to candidates

This is a practitioner level qualification, which draws upon various legislation and directives (including the GDPR). Candidates will be required to demonstrate the ability to apply the principles and requirements in a work context. Candidates are also strongly recommended to prepare for the data protection course and examination by committing to personal study before, during and following the course.

Additional time for candidates reasonable adjustments due to a disability

Candidates may request additional time if they require reasonable adjustments. Please refer to the reasonable adjustments policy (see syllabus) for detailed information on how and when to apply.

Additional time for candidates whose language is not the language of the exam

An additional 25% (15 minutes) will be allowed for candidates sitting the examination in a language that is not their native or official language. In these circumstances, candidate's are entitled to use their own paper language dictionary (for translation between the examination language and another national language) during the examination. Electronic versions of dictionaries are not allowed.

Course Cost

Get this BCS Practitioner Certificate in Personal Data Protection for:

£2,349+VAT
  • Receive a 15% online discount for multiple bookings onto public courses
  • Onsite courses can be delivered for teams of 4 or more (when permitted)
BCS Accredited GDPR training package includes:
  • 10 x 3.5 hour live online sessions across 2-weeks, or
  • 5-days for a traditional classroom setting (when permitted)
  • 1-day exam preparation online training course
  • Entrance to the 90-minute, multiple-choice online BCS Examination
  • One to one support up until exam
  • 1st year BCS Associate membership
Courseware: a complete practitioner level GDPR manual
  • Detailed 134-page training manual comes in an A4 bound folder + an editable electronic version
  • Includes free lifetime updates (electronic version), which means it will never go out of date
  • Copy of the General Data Protection Regulation & Data Protection Act 2018
  • Electronic copy of the full course PowerPoint
  • Exercises & Revision materials
  • Sample exam questions
  • Prep day course materials with sample exam questions
  • 1st year BCS Associate membership

You will also receive access to our free professional advisory service, potentially reducing the need for legal advice or consultation fees by supplying the right advice when you need it most.

10% OFF

Save £235 off this course - Pay £2,114

Sign-up for our GDPR, Privacy & FOI weekly newsletter to get your discount code. Receive additional offers by selecting to receive periodic training announcements. Please choose your desired subscription option and then enter your details to subscribe.

COURSE DATES

Code Course Start Duration Location Booking
PC-DP BCS Practitioner Certificate in Data Protection 15 May 23 10 X 3.5hr Sessions Online Sold out
5 Jun 23 10 X 3.5hr Sessions Online Book now
17 Jul 23 10 X 3.5hr Sessions Online Book now

BCS Practitioner Certificate in Data Protection (PC-DP)

Starts: 15 May 23

Duration: 10 X 3.5hr Sessions

Location: Online

Sold out

BCS Practitioner Certificate in Data Protection (PC-DP)

Starts: 5 Jun 23

Duration: 10 X 3.5hr Sessions

Location: Online

Book now

BCS Practitioner Certificate in Data Protection (PC-DP)

Starts: 17 Jul 23

Duration: 10 X 3.5hr Sessions

Location: Online

Book now

Examination Events

In addition to the above course dates, you also need to select the dates for your examination events. Choose a date for your exam preparation day 3-6 weeks after the training course. Then book your BCS exam 2-6 weeks after the exam preparation day.

Exam preparation day
Duration: 1-dayFormat: Online
  • 21 Apr 23
  • 16 Jun 23
  • 7 Jul 23
  • 18 Aug 23
BCS Exam
Duration: 90 minutesLocation: Online
  • 1 May 23
  • 26 Jun 23
  • 28 Aug 23