A GDPR & DPA18 Practitioner Certificate from BCS for
Data Protection Officers & Compliance Professionals.

About this Course

First launched in 1999, the BCS (formerly ISEB) practitioner certificate is the leading independent professional workplace qualification for individuals with privacy or data protection responsibilities. Over the years, the BCS has continued to evolve the practitioner certificate in order to keep pace with the advances in EU and UK legislation. In doing so, the Practitioner Certificate has become the most trusted data protection training programme in the UK and is often listed by employers as a required qualification. The current version of the BCS Syllabus (v8.5) has been updated to cover the General Data Protection Regulation (GDPR), which came into force on 25 May 2018. This latest revision will ensure the Practitioner Certificate will continue to serve as the benchmark for many years to come.

What's included

  • Pre-course
  • Day
  • Classroom
  • +40 hours
  • Exam
  • 2 hour BCS
8 to 12 week programme

Course Overview

The BCS Practitioner Certificate in Data Protection confirms the ability of award holders to fulfil the mandatory appointed role of a Data Protection Officer (DPO) or to lead GDPR compliance within their organisation, department or group.

This BCS accredited GDPR training course requires participants develop a deep understanding of both EU and UK data protection laws and how to apply them in a workplace environment. Rather than focus on the rigid mechanics of regulation, the course places privacy in the context of human rights and promotes good practice within organisations.

The course concentrates on the incoming EU General Data Protection Regulation (GDPR) with its 10 chapters, 99 articles, and 173 recitals. It examines the complexity of the interactions between the GDPR and the UK Data Protection Act 2018 including its derogations and exemptions. The course also looks at the new EU ePrivacy Regulation, which is set to repeal the Privacy and Electronic Communications Regulations (PECR).

Delivered over 5-days the course follows the latest BCS Syllabus (v8.5). Participants will also receive a separate 1-day online revision course to help prepare for the BCS Practitioner Certificate in Data Protection Exam. The BCS exam is a 2-hour separate event. It consists of 3-parts made up of 20 simple multiple choice questions, 20 complex multiple choice questions, and 12 short answer written questions. The pass mark is 65% with 80% for a distinction.



The BCS Practitioner Certificate in Data Protection is a GDPR training course conducted over 5 consecutive days.

The following schedule is intended as a guide:

Day 1 9:00 Introductions, Course Objectives + BCS Exam details & techniques
9:30 Multiple-choice questions based on pre-course reading
10:00 Privacy, History & Associated legislation
10:15 Morning refreshments
10:30 Privacy, History & Associated legislation cont.
11:45 Moving into a new era of data protection
12:00 Data Protection / GDPR - Definitions
12:45 Lunch
13:00 Data Protection / GDPR - Definitions cont.
14:30 Afternoon tea
14:45 Data Protection Principles - GDPR - Lawful Processing
Homework Prepare questions for Q&A
Day 2 8:45 Review and questions
9:10 Principles - GDPR - Special Processing
10:30 Morning refreshments
10:45 Principles - GDPR - cont.
12:30 Lunch
13:00 Rights of the Data Subject
14:30 Afternoon tea
14:45 Rights of the Data Subject cont.
Homework Prepare questions for Q&A
Day 3 8:45 Review and questions
9:10 Rights of the Data Subject cont.
9:45 Transfers to third countries
10:30 Morning refreshments
10:45 Transfers to third countries cont.
11:30 Registration
12:30 Lunch
13:00 Exemptions - National Derogations
14:15 Afternoon tea
14:30 Exemptions - National Derogations cont.
Homework Prepare for recap exercises
Day 4 8:45 Review and questions
9:10 Controller and Processor - Data Protection by Design/Default
10:30 Morning refreshments
10:45 Controller and Processor - Security/Data Protection Impact Assessments
11:30 Data Protection Officer
12:30 Lunch
13:00 Supervisory Authority - ICO and EDPB
14:30 Afternoon tea
14:45 Enforcement - Liabilities and Penalties
Homework Prepare questions for Q&A
Day 5 8:45 Ask your questions
9:10 Remedies, Liabilities and Penalties
9:30 Appeals - Tribunal - Offences
10:30 Morning refreshments
10:45 Offences
11:15 e-Privacy / Privacy & Electronic Communications Regulations
12:15 Lunch
12:45 e-Privacy / Privacy & Electronic Communications Regulations cont.
13:30 Data Protection Law Enforcement Directive (DPLED)
14:15 Intelligence Services

Who should attend?

This course is intended for:

  • Data Protection Officers 
  • Information Governance (IG), Information Assurance (IA) and other compliance professionals (all grades)
  • Freedom of Information managers
  • Solicitors advising on information law
  • Head of risk, Senior Information Risk Officers (SIRO)
  • IT security managers, Chief Information Security Officers (CISO) 
  • IT/IS managers
  • Human resources managers
  • Head of marketing, Chief Marketing Officers (CMO)
  • Company directors of businesses that handle high volumes of personal information

By obtaining the Practitioner Certificate, individuals will:

  • Hold a recognised practitioner level qualification in GDPR
  • Gain an in-depth understanding of the key changes that the GDPR and the UK Data Protection Act 2018 introduce to data protection
  • Understand the individual and organisational responsibilities, particularly the need for effective record keeping
  • Be able to apply the new rights available to data subjects and understand the implications of those rights
  • Become a champion for the existence of the Data Protection Officer role
  • Be capable of performing the tasks a Data Protection Officer is expected to undertake
  • Possess the knowledge to conduct Privacy Impact Assessments
  • Know how to adopt a Data Protection by Design/Default approach when implementing new processing systems
  • Understand the legal mechanisms available that facilitate and enable the transfer of personal data outside of the EU
  • Be able to prepare an organisation to achieve and maintain compliance with the GDPR and the UK Data Protection Act 2018

The BCS Practitioner Certificate in Data Protection aligns with the vocational qualification QCF Level 4. Note, this link is advisory and for comparison purposes only. Ofqual does not regulate BCS qualifications.

BCS Syllabus

Practitioner Certificate in Data Protection (PC-DP)
Extracted from syllabus version 8.5
December 2017

This professional certification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification in Wales, CCEA or SQA.

1 Context

(5% - 2 hours of course work)

The objective is to ensure the candidate can summarise the evolution of data protection law in the UK and the relationship with the EU General Data Protection Regulation GDPR. The syllabus reflects the legal provisions of the new UK Data Protection Bill 2017 which (once debated and approved by Parliament) is due to be enacted in 2018 as well as reflecting the role of the Information Commissioner’s Office (ICO), the UK’s Supervisory Authority.

  1. 1.1 What is privacy?

    The candidate will be expected to demonstrate an understanding of an individual’s right to private and family life and will be able to explain the relevance of confidentiality and respect for home and family life and correspondence.

  2. 1.2 History of data protection legislation in the UK

    The candidate will be expected to describe the history of data protection in relation to the European Convention for the Protection of Human Rights and Fundamental Freedoms and will be able to explain the rights to freedom of expression, to include:

    1. 1.2.1

      European Convention on Human Rights and Fundamental Freedoms (ECHR), Article 8 – Respect for privacy and family life

    2. 1.2.2

      Council of Europe Convention 108, 1981, its implementation by the Data Protection Act 1984, and updating of Convention 108

    3. 1.2.3

      OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data 2013

    4. 1.2.4

      Data Protection Directive 95/46/EC

    5. 1.2.5

      Human Rights Act 1998

    6. 1.2.6

      Data Protection Act 1998

    7. 1.2.7

      Telecommunications Directive 97/66/EC, Privacy and Electronic Communications and any revisions (ePrivacy Regulation 2017/0003 (COD)

    8. 1.2.8

      Directive 20002/58/EC, and subsequent revisions of the latter

    9. 1.2.9

      The need for the General Data Protection Regulation 2016/679

    10. 1.2.10

      UK Data Protection Bill 2017 (implementing the GDPR in the UK)

    11. 1.2.11

      EU Directive 2016/680 The Law Enforcement Directive (LED)

    12. 1.2.12

      UK’s Freedom of Information Act and Freedom of Information (Scotland Act) and the ability to access any recorded personal information held by a public body)

2 GDPR and Data Protection Bill definitions and terminology

(1.5 hours, 3.75%)

The objective is to ensure that the candidate is able to interpret the major definitions in the GDPR and the Data Protection Bill. The candidate should also be able to explain these definitions and identify what information and processing activities are subject to the GDPR. The major definitions to be included are as follows:

  1. 2.1 Personal data

  2. 2.2 Special category personal data and criminal records

  3. 2.3 Processing

  4. 2.4 Data controller, joint data controllers

  5. 2.5 Data processor

  6. 2.6 Public authority, Scottish public authority and public body, (including Crown and Parliament)

  7. 2.7 Manual unstructured data held by a FOIA/FOISA public authority

  8. 2.8 Filing system

  9. 2.9 Recipient

  10. 2.10 Third party

  11. 2.11 Profiling

  12. 2.12 Pseudonymisation

  13. 2.15 Personal data breach

  14. 2.16 Derogations and recitals

  15. 2.17 Purely personal or household purposes

  16. 2.18 The special purposes

    The candidate will also be able to describe why the special purposes set out in the Data Protection Bill (Schedule 2, Part 5) provide for an appropriate balance between freedom of expression and privacy.

3 Structure of the UK Data Protection Bill in relation to the GDPR

(0.5 hours,1.25%, K2)

Specifically, the candidate will be expected to understand and explain the high-level structure of the Data Protection Bill (to be enacted as the revised UK Data Protection Act), to include:

  1. 3.1 The Data Protection Bill structure

  2. 3.2 Part 1 – Preliminary Overview and Terminology

  3. 3.3 Part 2 – General Processing

  4. 3.4 Part 2, Chapter 1 – Scope and Definitions

  5. 3.5 Part 2, Chapter 2 – The GDPR

  6. 3.6 Part 2, Chapter 3 – Other General Process

  7. 3.7 Part 3, Law Enforcement Processing

  8. 3.8 Part 4, Intelligence Services Processing

  9. 3.9 Part 5, The Information Commissioner

  10. 3.10 Part 6, Enforcement

  11. 3.11 Part 7, Supplementary Provisions

  12. 3.12 Schedules 1 to 18

    The candidate will be required to identify where the GDPR will be adopted within that structure and demonstrate the importance of Part 2, Chapters 1 to 3. The candidate is not required to know the detailed content of any Part, Chapter or Schedule until enacted.

4 The role of the ICO as the UK Supervisory Authority

(0.5 hours, 1.25%)

The objective is to ensure the candidate can describe the role and general powers and obligations of the UK Information Commissioner’s Office (ICO) as the UK Supervisory Authority, including co-operation between Supervisory Authorities, the role of the European Data Protection Board (EDPB). This will include:

  1. 4.1 Monitoring and enforcement

  2. 4.2 Promotion of public awareness and understanding

  3. 4.3 Promotion of awareness to controllers and processors of their obligations Promotion or production of Codes of Practice

  4. 4.4 Promotion of approved privacy seals, certification schemes and availability of commonly used standards (including BS 10012:2017)

  5. 4.5 Providing information to data subjects on the exercise of their rights and cooperate with the LED and another supervisory authority to provide such information

  6. 4.6 Co-operation with the LED and other data protection Supervisory Authorities including provision of mutual assistance

  7. 4.7 Conducting investigations on the application of the GDPR and LED on behalf of a supervisory authority from another state

  8. 4.8 Monitoring developments in relation to information and communications technologies and contribute to the activities of the EDPB

  9. 4.9 Advice and reporting to Parliament, the UK Government and other bodies Dispute resolution between Supervisory Authorities by the EDPB

5 Enforcement (including roles of the first-tier tribunal and the courts)

(0.5 hours, 1.25%)

The candidate will be expected to describe the following supervisory functions and powers:

  1. 5.1 Requests for assessments, Assessment Notices and carrying out assessments

  2. 5.2 When the ICO can issue an information notice

  3. 5.3 How the ICO uses ‘undertakings’

  4. 5.4 When the ICO can issue an Enforcement notice

  5. 5.5 When and who can prosecute offences under the DPA

  6. 5.6 When the ICO can serve a monetary penalty

  7. 5.7 The role of appeals and tribunals

6 Notification and record keeping obligations

(0.5 hours, 1.25%)

Specifically, the candidate will need to be able to explain why notification to the Commissioner will remain under the current scheme until May 2018, when it will be replaced. To include:

  1. 6.1 Notification under the Data Protection Act 1998

  2. 6.2 Exemptions from notification under the Data Protection Act 1998

  3. 6.3 The impact of the Data Protection Bill repeal of Section 108 of the Digital Economy Act 2017

  4. 6.4 The UK notification scheme replacement

  5. 6.5 Record keeping requirements of controllers and processors (Article 30)

  6. 6.6 Record keeping with respect to the Accountability Principle

7 The data protection principles

(4 hours, 10%)

The objective is to ensure the candidate understands and can demonstrate how the six GDPR principles set out in Article 5(1) regulate the processing of personal data and how they are enforced. The candidate will also be expected to understand data controller and data processor accountability established in Article 5(2). Equally, the candidate will be expected to know how each principle applies to the processing of personal data. The candidate will be required to demonstrate an understanding of the need to interpret and apply the principles in practice including:

  1. 7.1 The application of the right to be informed (transparency) and assessment of compatibility of further processing as part of Principle 1 of the GDPR

  2. 7.2 The link to GDPR Article 6 (4)(c) and in the case of special category personal data the link to Article 9 and 10

  3. 7.3 The practical requirements that are a consequence of compliance with each Principle in Article 5 (1)

  4. 7.4 The obligations to demonstrate the accountability principle established in Article 5 (2)

8 Lawfulness of processing – how to comply

(4 hours, 10%)

Specifically, the candidate will be required to select and apply the lawful conditions (grounds) that must be satisfied in order to legitimise the processing of personal data including:

  1. 8.1 Consideration of the GDPR’s Article 6 grounds for processing personal data and Article 9 grounds for processing special categories of personal data

  2. 8.3 Information to be provided where personal data is obtained from the data subject

  3. 8.4 Information to be provided where personal data has not been obtained from the data subject

  4. 8.6 Data minimisation and pseudonymisation (role in Data Protection by design)

  5. 8.7 Processing:

  6. - Relating to criminal convictions and offences

  7. - Which does not require identification

  8. - Using national identifiers

  9. - In the context of employment

  10. - Note: Reference the expectation of privacy by a data subject in relation to further processing (Recital 50)

  11. - For the purpose of archiving in the public interest, scientific or historical research or statistical purposes

9 Individual rights

(3 hours, 7.5%)

The candidate will be expected to demonstrate how rights and freedoms of data subjects conferred by the Data Protection Bill can be applied and enforced. Specifically, the candidate will need to be able to apply data subject rights in relation to:

  1. 9.1 Confirmation of processing

  2. 9.2 The right to be informed (transparency, compatibility of further processing and modalities)

  3. 9.3 Access to personal data including:

  4. - Unstructured data held by a FOI/FOISA public authority controller

  5. - The process to deal with a request

  6. - Timescales

  7. 9.4 Protecting the rights of another (third party individual)

  8. 9.5 Rectification

  9. 9.6 Erasure (and the right to be forgotten including the provisions that relate to children)

  10. 9.7 Restriction of processing

  11. 9.8 Obligation to notify the rectification, erasure or restriction to recipients and the data subject

  12. 9.9 Portability

  13. 9.10 Objection and rights in relation to direct marketing

  14. 9.11 Automated individual decision making and profiling

  15. 9.12 Lodging a complaint

  16. 9.13 Effective judicial remedy

  17. 9.14 Compensation

10 Restriction on data subject rights

(3 hours, 7.5%)

The objective is to ensure the candidate can describe and apply the exemptions from data subject rights. The candidate will not be expected to have a detailed knowledge of all the derogations set out in the GDPR but will be expected to demonstrate a broad understanding of the exemptions established under Article 23 and Schedule 2 of the DP Bill, and be able to interpret how the following can be applied in practice:

  1. 10.1 The importance of the GDPR recitals and how they will be used by the courts

  2. 10.2 Protection of the rights of others

  3. 10.3 Crime and taxation, including:

  4. - Prevention or detection of crime

  5. - Apprehension or prosecution of offenders and self-incrimination

  6. - Disclosures likely to prejudice crime, taxation and the proper discharge of a function designed to protect the public

  7. 10.4 Assessment or collection of a tax, duty, or similar imposition

  8. 10.5 Border Control

  9. 10.6 Immigration

  10. 10.7 Disclosures prohibited by law:

  11. - Human fertilisation and embryology

  12. - Adoption records

  13. 10.9 Corporate finance

  14. 10.10 Courts and judiciary

  15. 10.11 Management forecasts

  16. 10.12 Negotiations with the data subject

  17. 10.13 Confidential references

  18. 10.14 Health, social work and education (reasonableness test):

  19. - Child abuse data

  20. - Education data, examination scripts and mark

  21. 10.15 Scientific or historical research and statistics

  22. 10.16 Freedom of expression

  23. 10.17 Archiving in the public interest

11 Offences

(0.5 hours, 1.25%)

The objective is for the candidate to be able to describe the range of offences under UK data protection legislation which are dealt with by the courts. The candidate will need to explain:

  1. 11.1 How specific offences currently apply in practice

  2. 11.2 The difference between offences and administrative fines

  3. 11.3 "The interpretation of ‘effective, proportionate and dissuasive’ and where the UK intends to legislate for new infringements

The candidate will be expected to demonstrate what constitutes an offence including:

  1. 11.4 Failure to comply with an information notice

  2. 11.5 Falsely or recklessly responding to an information notice

  3. 11.6 Unlawfully obtaining personal data, knowingly or recklessly to:

  4. 11.7 Alteration, defacing, blocking, concealing, erasure or destruction of personal data to prevent disclosure under a subject access request

  5. 11.9 Enforced Subject Access offences (i.e. Prohibition of requirement to produce relevant records in connection with employment and provision of services etc.)

12 Privacy and Electronic Communications (EC Directive) Regulations (PECR) 2003

(1 hour, 2.50%)

The candidate will be expected to describe the relationship between the current PECR and the broad scope of the GDPR and interpret the main provisions in relation to unsolicited marketing and consent. Apart from understanding the objective and the broad scope of PECR, the candidate will be expected to apply the provisions relating to:

  1. 12.1 Unsolicited marketing calls by telephone and role of TPS

  2. 12.3 Unsolicited marketing emails (including SMS and the soft opt-in)

13 Other associated legislation

(1 hour, 2.50%)

The objective is for the candidate to be able to identify UK legislation relevant to the implementation of the GDPR. The candidate will not be expected to have an in-depth knowledge but will be required to explain how UK data protection relates to the following legislation:

  1. 13.1 Computer Misuse Act 1990 (as amended by the Serious Crime Act 2015) Offences:

  2. - Unauthorised access to computer material

  3. - Unauthorised access with intent to commit or facilitate commission of further offences (e.g. theft of data)

  4. - Unauthorised modification to contents of a computer

  5. - Unauthorised acts with intent to impair operation of a computer

  6. - Causing or creating risk of serious damage

  7. 13.2 Freedom of Information Act 2000 (FOIA) and Freedom of Information (Scotland) Act 2002 (FOISA):

  8. - Information exempt from subject access rights and disclosures involving personal data

The candidate will be expected to explain the interaction between UK data protection legislation and the FOIA/FOISA as well as the Environmental Information Regulations where the fulfilment of a disclosure request may be exempt due to the impact of data protection legislation.

14 Application of data protection legislation

(18 hours, 45%, K3)

The candidate will be expected to recognise the application of compliance in a range of circumstances. The candidate will be expected to apply their knowledge of data protection legislation across a range of detailed scenarios.

  1. 14.1 Data controller and data processor obligations

    Specifically, the candidate will be required to apply the requirements relating to Article 5(2) of the GDPR and will be expected to be able to demonstrate practical applications of the following:

    1. 14.1.1

      General obligations of a controller and processor

    2. 14.1.2

      Data controller/data processor and joint controller relationships

    3. 14.1.3

      Accountability and governance

    4. 14.1.4

      Administration and maintaining records of processing activities

    5. 14.1.5

      Notification and consultation with supervisory authorities

    6. 14.1.6

      Published codes of practice (and where applicable codes of conduct) to include:

    7. -

      Employment practices code

    8. -

      Data sharing code of practice

    9. -

      CCTV code of practice

    10. -

      Privacy information notices, transparency and control

    11. -

      Privacy impact assessment code of practice

    12. -

      ICO consent guidelines

    13. -

      The role of the WP29/European Data Protection Board in relation to publication of Codes of Conduct"

  2. 14.2 Security of processing

    The candidate will be expected to explain the obligations for securing personal data including:

    1. 14.2.1

      Organisational and technical security measures

    2. 14.2.2

      Notification of a personal data breach to the supervisory authority

    3. 14.2.3

      Overlap with the NIS Directive in relation to breach reporting

    4. 14.2.4

      Communication of a personal data breach to the data subject

    5. 14.2.5

      Using data protection impact assessments and prior consultation with the supervisory authority

    6. 14.2.6

      Data processor supervision and security in third party contracts

    7. 14.2.7

      Adopting a ‘data protection by design/data protection by default’ approach when setting security requirements for new processing systems

    8. 14.2.8

      Requirement for education and training

  3. 14.3 Data protection officer

    It is expected that the candidate will be able to describe the role of the data protection officer as defined in the GDPR and the Data Protection Bill covering the following:

    1. 14.3.1

      Data protection officer designation, position, and role/tasks

    2. 14.3.2

      WP29 Guidance on Data Protection Officers (16/EN/WP243:2017e)

  4. 14.4 Addressing scenarios in specific sectors

    The candidate will be expected to interpret how the following sectors may influence the practical implementation of the GDPR:

    1. 14.4.1


    2. 14.4.2

      Financial services

    3. 14.4.3

      Services provided by public bodies (e.g./ Local and Central Government)

    4. 14.4.4

      Human resource management

    5. 14.4.5

      Health sector

  5. 14.5 Data processing topics

    The candidate will be expected to explain how data protection concepts apply to the following business processes:

    1. 14.5.1

      Monitoring and profiling of data subjects – internet, email, telephone calls and CCTV

    2. 14.5.2

      Use of the internet (including electronic commerce)

    3. 14.5.3

      Data matching, data analytics and data warehousing (big data and profiling)

    4. 14.5.4

      Disclosure and data sharing

      The focus here is on the candidate recognising the practical issues of complying with legislation in the real world. The candidate is encouraged to understand how they would approach different scenarios to become familiar with the practicalities of compliance. Compliance advice on particular topics and for specific sectors is published by the Information Commissioner. It is strongly recommended that human resource management related issues are addressed.

View the full BCS Practitioner Certificate in Data Protection Syllabus on the BCS Website.

Exam Preparation

Exam Preparation Day

The topics covered in this session include:

Part 1. Online discussion and presentation

  • Exam technique
  • Timing
  • Completing the exam paperwork
  • How to break down BCS exam questions
    • Reading questions properly
    • Answering questions correctly
  • Exercises
  • Group discussion, 3 example questions

Part 2. Mock exam

  • 1 1/2 hour mock exam (50% of the exam paper)

Part 3. Discussion, Q&A, review of the mock exam

  • Group discussion, mock exam answers

Following the examination prep day, the instructor will evaluate each student’s mock paper and provide individual feedback. This will include direct comments on the answers, exam technique and offer guidance for further study areas.


Duration and Format of the BCS Examination

The BCS Practitioner Certificate in Data Protection Exam is a two-hour closed-book examination comprising three sections. The format is as follows with a balance of questions across the syllabus.

Section A:

20 simple multiple choice questions (1 mark each). Participants should attempt all questions.

Section B:

20 complex multiple choice questions (2 marks each). Participants should attempt all questions.

Section C:

12 short answer questions (5 marks each). Participants should attempt all questions.

The examination is held independently of the accredited course.

Pass Mark

The pass mark is 78/120. This equates to 65%


Distinctions will be awarded to candidates who achieve 96 or more.

Format of the Examination

Type 17% Simple multiple choice questions 33% Complex multiple choice questions 50% Short answer questions
Duration 2 Hours. An additional 30 minutes will be allowed for candidates sitting the examination in a language that is not their native language
Invigilated Yes
Open Book No
Pass Mark 78/120 (65%)
Distinction Mark 96/120 (80%)
Calculators Calculators cannot be used during this examination
Delivery Paper based examination only

Additional time for candidates requiring Reasonable Adjustments

Candidates may request additional time if they require reasonable adjustments. Please refer to the reasonable adjustments policy for detailed information on how and when to apply.

Additional time for candidates whose language is not the language of the exam

An additional 25% (30 minutes) will be allowed for candidates sitting the examination in a language that is not their mother tongue. If the examination is taken in a language that is not the candidate’s native/official language, then they are entitled to use their own paper language dictionary (whose purpose is translation between the examination language and another national language) during the examination. Electronic versions of dictionaries will not be allowed into the examination room.

The full BCS PC-DP Syllabus can be viewed here syllabus on the BCS website.

Course Cost

Get this BCS Practitioner Certificate in Data Protection for:

  • Receive a 15% online discount for multiple bookings onto public courses
  • If you have a team of 4 or more, we can deliver the training at your location - ask about an onsite course
Package includes:
  • 5-day BCS Accredited GDPR Training Course
  • 1-Day Exam Preparation Online Training Course
  • Entrance to the separate 2-hour, 3-part BCS Examination
Courseware: the only GDPR manual you will ever need
  • Comprehensive 191-page training manual comes in an A4 bound folder + an editable electronic version
  • Includes free lifetime updates (electronic version), which means it will never go out of date
  • Copy of the General Data Protection Regulation & Data Protection Act 2018
  • Electronic copy of the full course PowerPoint
  • Exercises & Revision materials
  • Prep day course materials with sample exam questions

You will also receive access to our free professional advisory service, potentially reducing the need for legal advice or consultation fees by supplying the right advice when you need it most.


View our privacy information

Course dates

Code Course Start Duration Location Booking
PC-DP BCS Practitioner Certificate in Data Protection 23 Mar 20 5 days Bedford Book now
8 Jun 20 5 days Bedford Book now

BCS Practitioner Certificate in Data Protection (PC-DP)

Starts: 23 Mar 20

Duration: 5 days

Location: Bedford

Book now

BCS Practitioner Certificate in Data Protection (PC-DP)

Starts: 8 Jun 20

Duration: 5 days

Location: Bedford

Book now

Examination Events

When booking onto one of the above course dates, you will be asked to select two dates for your examination events. We advise you choose a date for your exam preparation day 4-8 weeks after the 5-day training course. Then book your BCS exam 4 - 6 weeks after the exam preparation day.

Exam preparation day
Duration: 1dayFormat: online
  • 16 Dec 19
  • 14 Feb 20
  • 24 Apr 20
  • 3 Jul 20
BCS Exam
Duration: 1/2dayLocation: Bedford
  • 31 Oct 19
  • 23 Jan 20
  • 12 Mar 20
  • 28 May 20
  • 30 Jul 20

Freevacy work hard to secure our IT systems and your data against cyber attack. We have been awarded Cyber Essentials certification by The National Cyber Security Centre, part of GCHQ and have signed up to the ICO's "Your Data Matters" campaign.