Practitioner Certificate in Data Protection, DPA

The BCS Practitioner Certificatein Data Protection is designed for those who wish to acquire an in depth grounding in the key elements of the UK

law and its practical application.

Cyber Skills Training - Image of a woman

Course Style

Live Instructor Led. Face-to-Face or Attend-From-Any-Where

Skill up and get certified, guaranteed

What is included?

  • 5 days of training
  • Course material/Slides
  • Examination Fees
  • 98.1% Certification Success in First Attempt
  • Classroom training Or Attend-From-Any-Where
  • Training delivered by Professionals with enormous industry experience 
  • Total comprehensive exam preparation

What you will Learn?

Upon completion of this module, candidates will be able to demonstrate knowledge and understanding of key prerprovisions of Data Protection legislation in the following areas:

 

  • An Introduction to the History of Data Protection in the U.K.
  • Principles of data protection and applicable terminology.
  • Lawful bases for processing of Personal Data.
  • Accountability Principle.
  • Obligations of Controllers, Joint Controllers and Data Processors.
  • International Data Transfers under UK GDPR.
  • Data Subject Rights.
  • Independent Supervisory Authorities (ISAs) and the Information Commissioner’s Office (ICO).
  • Breaches, Enforcement and Liability.
  • Privacy and Electronic Communications (EC Directive). Regulations (PECR) 2003 and subsequent amendments.

Who should attend?

  1. This qualification is aimed at those candidates who have, or wish to have, some responsibility for data protection within an organisation and need to understand the changes that the GDPR and the UK Data Protection Act 2018 will bring to data protection legislation and what needs to be done to prepare their organisations for compliance. It is ideal for those candidates who already hold the Foundation Certificate in Data Protection and who want to gain a more in-depth knowledge of interpreting and applying the principles of data protection legislation and the GDPR in particular.

COURSE DATES

Nov 2024, 25th – 29th    

Jan 2025, 20th – 24th   

Mar 2025, 03rd – 07th

Jun 2025, 09th – 13th

Sep 2025, 01st – 05th

Nov 2025, 24th – 28th

4

Course Outline

BCS PRACTITIONER CERTIFICATE IN DATA PROTECTION. Version 9.7

  • CONTEXT OF DATA PROTECTION LEGISLATION. (7.5%)
  1. Explain the concepts of data protection and privacy.
  2. Describe the history of data protection in the UK.
  3. Describe the territorial scope and jurisdiction of GDPR.
  4. When a representative of the controller is needed.
  • PRINCIPLES OF DATA PROTECTION AND APPLICABLE TERMINOLOGY. (5%)
  1. Define the following key items of terminology
  2. Demonstrate how the following UK GDPR principles regulate the processing of personal data.
  3. LAWFUL BASES FOR PROCESSING PERSONAL DATA. (5%)
  4. Illustrate the lawful bases to process personal data listed under (Article 6) of the UK GDPR and as displayed below.
  5. Describe the conditions permitted for processing special category data listed under Article 9 of UK GDPR.
  6. Explain the rules for processing criminal offence data.
  7. ACCOUNTABILITY PRINCIPLE. (15%)
  8. Identify the accountability and data governance obligation (Article 5 (2) Article 24).
  9. Describe the purpose of a Data Protection Impact Assessment (DPIA) and when risks arising from one may need prior consultation with the supervisory authority/ICO (Article 36)
  10. Demonstrate the process of conducting a DPIA (Article 35)
  11. Explain what a record of processing activity (RoPA) is, the information it should contain and why this is important (Article 30)
  12. 4.5 Outline the interplay with privacy notices (Article 13 & 14).
  13. Demonstrate how to adopt a ‘data protection by design and by default’ approach (Article 25).
  14. Identify suitable information security measures (Article 32)
  15. Explain the designation, position and tasks of the Data Protection Officer (DPO) (Article 37 to 39)
  16. Explain the scope of the DPO role in monitoring compliance and managing risks through a Privacy Management programme (Article 39 1.b)
  17. OBLIGATIONS OF CONTROLLERS, JOINT CONTROLLERS AND DATA PROCESSORS. (10%)
  18. Explain controller and processor obligations (Article 24 & 28)
  19. Describe the concept of joint controllers (Article 26)
  20. Describe the act of processing under the authority of a controller or processor (Article 29).
  21. Explain what a Data Processing Agreement is and when it would be necessary in a controller-processor arrangement.
  22. INTERNATIONAL DATA TRANSFERS UNDER EU AND UK GDPR. (2.5%)
  23. Recognise the general principles for transferring personal data to third countries from both the UK and the EU and illustrate what issues might arise from each of the following mechanisms.
  24. DATA SUBJECT RIGHTS. (5%)
  25. Demonstrate a detailed knowledge of the key rights granted to individuals (Articles 12 to 17 and 21 to 22).
  26. Express awareness of the following rights in addition to the above.
  27. Describe the restrictions and exemptions that may affect data subject rights.
  28. Explain the fundamental rights of information requests.
  29. THE ROLE OF INDEPENDENT SUPERVISORY AUTHORITIES (ISAS) AND THE ICO. (7.5%)
  30. 8.1 Explain the role and importance of supervisory authorities.
  31. 8.2 Explain the role of the Information Commissioner’s Office (ICO).
  32. BREACHES, ENFORCEMENT AND LIABILITY (12.5%)
  33. Explain what constitutes a personal data breach and the information required for reporting.
  34. Explain when the obligations arise to report breaches of personal data (Articles 33 and 34 UK GDPR)
  35. 9.3 Explain how a data protection complaint should be handled (Article 57 (1)(f)).
  36. Describe the sanctions that could be imposed as a result of a personal data breach or data protection complaint
  37. Describe the following liabilities:
  38. Identify the role of tribunal and judicial courts.
  39. PROCESSING OF PERSONAL DATA IN RELATION TO CHILDREN. (2.5%)
  40. Explain how data protection legislation applies to children
  41. SPECIFIC PROVISIONS IN DATA PROTECTION LEGISLATION OF PARTICULAR RELEVANCE TO PUBLIC AUTHORITIES. (7.5%)
  42. Define the meanings of public authority and public body and how it relates to both Data Protection Act 2018 and the UK GDPR (Section 7 of Data Protection Act 2018)
  43. Explain the provisions relating to Data Protection Officers (DPOs) for public authorities.
  44. Explain awareness of the existence of the exemptions for health, social work and education (Schedule 3, DPA 18)
  45. PRIVACY AND ELECTRONIC COMMUNICATIONS (EC DIRECTIVE) REGULATIONS (PECR) 2003 AND SUBSEQUENT AMENDMENTS TO 2021. (5%)
  46. Explain the relationship between PECR and the GDPR, including PECR’s:
  47. APPLICATION OF DATA PROTECTION LEGISLATION IN KEY AREAS OF INDUSTRY. (10%)
  48. Recognise the data protection implications of the Employment Practices Code.
  49. Describe how the use of video surveillance and CCTV (Data Protection Code of Practice for surveillance cameras and personal information) is governed by data protection law.
  50. Identify how the use of cookies and digital technologies is governed by data protection law
  51. Explain how data sharing practices are governed by data protection law (ICO Data Sharing Code of Practice)
  52. AI AND THE PROCESSING OF PERSONAL DATA. (5%)
  53. Analyse the benefits versus the risks of AI for individuals and organisations
  54. Analyse the impact of AI on the principles and concepts of data protection.
  55. Explain the process of completing a Data Protection Impact Assessment (DPIA) where AI is used.
  56.  

BCS PRACTITIONER CERTIFICATE IN DATA PROTECTION. Version 9.7

  • concepts and framework of information risk management

1.1 Explain the concepts of data protection and privacy.

1.2Describe the history of data protection in the UK.

  1. Describe the territorial scope and jurisdiction of GDPR.
  2. When a representative of the controller is needed.

1.2 Explain the context of risk in organisations.

  • Information risk management fundamentals

2.1 Explain the fundamentals of information security

2.2 Explain information risk management standards and good practice guides.

2.3 Explain the process of information risk management

2.4 Explain information risk terms and definitions.

  • Establishing an information risk management programme

3.1 Understand the requirements of an information risk management programme.

3.2 Explain the development of a strategic approach to information risk management.

3.3 Explain the principles of information classification.

  • Risk identification

4.1 Describe the process to identify information assets.

4.2 Conduct a business impact analysis.

4.3 Conduct a threat and vulnerability assessment.

  • Risk assessment

5.1 Undertake a risk analysis

5.2 Conduct risk evaluation.

  • Risk treatment

6.1 Explain risk treatment options, controls and processes.

6.2 Explain the use of a risk treatment plan.

  • Monitor and review

7.1 Explain information risk monitoring.

7.2 Undertake an information risk review.

  1. Presenting risks and business case

8.1 Report and present the progress of a risk management programme.

Prerequisites

None

Career, certification and Salary

Career as a Certified in Data Protection Officer – CDP.

Today, everyone responsible for collecting, processing, and using personal data must follow strict rules under data protection principles. Organisations must ensure that information is used legally and transparently. Besides, they should specify the purpose of collecting information from individuals. Overall, companies should handle data in a way that ensures adequate security, including protection against unauthorised or unlawful access, loss, processing, or destruction.

The UK has enacted strict regulations for the protection of sensitive information. Companies hire data protection officers to protect personal data such as race, ethnic background, political opinions, religious beliefs, trade union membership, biometrics, health, and genetics.

Importance of Career in Data Protection Act

Almost every organisation collects and processes personal data during operations using IT systems. Data protection ensures people can trust you to collect and use their data legally and responsibly. If an organisation collects information about individuals or other subjects for any reason, they should comply with the UK Data Protection Act.

Meanwhile, the UK government maintains laws, such as the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), as a flexible, risk-based approach that put the onus on organisations to think about and justify how and why they use personal information.

Data protection is essential to digital advancement and innovation. Practising adequate data protection ensures public trust and support for innovative uses of data in organisations.                                                                                    

CDP – Enhancing Data Protection Capabilities

You can improve your data protection knowledge by acquiring a Certificate in Data Protection.

CDP equips data protection professionals with a broader and more in-depth understanding of current laws, including the UK Data Protection Act 2018 and the EU GDPR and how businesses should apply them.

Successful completion of the CDP programme demonstrates to employers and industry that you attained the standard of Data Protection Officer (DPO) and that you possess a solid knowledge of data protection laws and understand the practical implications of the privacy rules on organisations.

Who Should Get Certified?

Are you responsible for data protection within your organisation? Then, this British Computer Society qualification is the ideal certification to broaden your understating in data protection and gain full knowledge of data protection laws’ practical applications.

Indeed, CDP is developed based on the UK Data Protection Act. However, other jurisdictions have enacted similar data protection laws, making the certification favourable to international candidates.

CDP qualification is of particular benefit to professionals working in areas like:

  • Information governance, risk, and compliance
  • Data protection and privacy
  • Data management
  • Project management
  • Marketing and sales
  • IT and information security – IT managers, security analysts, chief information security officers (CISOs)
  • Human resources
  • Legal
  • Procurement
  • Management roles with data protection responsibilities

CDP’s Entry Requirements

We recommend that you attend a British Computer Society’s accredited Foundation Certificate in Data Protection Course before registering for CDP.

CDP is ideal for candidates who hold the BCS Foundation Certificate in Data protection, though this requirement is not mandatory. 

What CDP Offers

Acquiring CDP provides an understanding of the fundamental changes and implications of the country’s top regulations, the UK Data Protection Act 2018 and the GDPR.

Other than that, the CDP program equips candidates with the understanding of individual and organisations responsibilities under UK’s data protection laws.

Acquiring CDP enables you to apply new rights available to data subjects and understand the implications of those rights.

CDP holders can effectively prepare organisations to handle personal and confidential information in compliance with data protection laws. All organisations that process personal data in the UK must comply with the UK GDPR and the Data Protection Act 2018 or risk fines of up to 17.5 million or 4 per cent of annual global turnover, whichever is greater. How your organisation comply with data protection legislation depends on how you handle personal data, and the best approach would be to appoint a CDP certified data protection officer. Certainly, CDP equips data protection and information security professionals specialist knowledge and skills needed to deliver DPA and GDPR compliance, helping your firm avoid hefty non-compliance penalties. 

Acquiring CDP enables data protection officers to master their role and become competent to inform, advice, and monitor compliance with data protection laws while cooperating with industry experts and supervisory authority.

Getting the CDP Certification

You can take the CDP course with Cyber Skills Training – a top accredited training provider. The classroom course usually lasts five days with the training provider.

The CDP exam is a 90-minute closed book digital 40 question multi-choice exam, with a 65 per cent pass mark.

Cyber Skills Training CDP Program

Cyber Skills Training delivers the CDP course in flexible options, including live instructor-led, face-to-face, or attend-from-any-where.

Cyber Skills Training CDP course is a 5-day live instructor course that will empower candidates to demonstrate knowledge and understanding of Data Protection legislation’s critical provisions. The program covers various areas, including:

  • Context of data protection and applicable terminology
  • Principles of data protection and applicable terminology
  • Lawful basis for processing personal data
  • Governance and accountability of data protection within organisations
  • Interactions between controller and process, and the role of third-parties
  • Transfer of personal data to third countries or international organisations
  • Data subject rights

Apart from the detailed course coverage, Cyber Skills Training offers an exam pass guarantee. If a candidate does not pass the CDP exam on the first attempt, Cyber Skills Training allows them to re-sit the course at no cost. Secondly, the organisation provides 100 per cent satisfaction guarantee. In this case, if you are not satisfied with the CDP training at the end of the first day, you may withdraw and enrol in a different classroom course.

Are you ready to get started? You can book the CDP course in a few steps here.

Are you ready to get started?