Certificate in Data Protection, DPA
The BCS Foundation Certificate in Data Protection is designed for those who wish to acquire an in depth grounding in the key elements of the UK
law and its practical application.
Live Instructor Led. Face-to-Face or Attend-From-Any-Where
Skill up and get certified, guaranteed
What is included?
- 5 days of training
- Course material/Slides
- Examination Fees
- 98.1% Certification Success in First Attempt
- Classroom training Or Attend-From-Any-Where
- Training delivered by Professionals with enormous industry experience
- Total comprehensive exam preparation
What you will Learn?
Upon completion of this module, candidates will be able to demonstrate knowledge and understanding of key prerprovisions of Data Protection legislation in the following areas:
- An Introduction to the History of Data Protection in the U.K.
- Principles of data protection and applicable terminology.
- Lawful bases for processing of Personal Data.
- Accountability Principle.
- Obligations of Controllers, Joint Controllers and Data Processors.
- International Data Transfers under UK GDPR.
- Data Subject Rights.
- Independent Supervisory Authorities (ISAs) and the Information Commissioner’s Office (ICO).
- Breaches, Enforcement and Liability.
- Privacy and Electronic Communications (EC Directive). Regulations (PECR) 2003 and subsequent amendments.
Who should attend?
- This qualification is aimed at those candidates who have, or wish to have, some responsibility for data protection within an organisation and need to understand the changes that the GDPR and the UK Data Protection Act 2018 will bring to data protection legislation and what needs to be done to prepare their organisations for compliance. It is ideal for those candidates who already hold the Foundation Certificate in Data Protection and who want to gain a more in-depth knowledge of interpreting and applying the principles of data protection legislation and the GDPR in particular.
COURSE DATES6 -8 Nov, 2023 08 – 10 Jan, 2024
BCS FOUNDATION CERTIFICATE IN DATA PROTECTION Version 3.7
- AN INTRODUCTION TO THE HISTORY OF DATA PROTECTION IN THE U.K. (6%) (K1, K16, S7, S9)
- Demonstrate an awareness around personal data rights in the EU and the UK.
- Describe the territorial scope and jurisdiction of the UK GDPR (Article 3).
- PRINCIPLES OF DATA PROTECTION AND APPLICABLE TERMINOLOGY. (15%) (K1, K3, S2, S8, S9)
2.1 Define the following key items of terminology:
2.2 Describe the following data protection principles.
- LAWFUL BASES FOR PROCESSING OF PERSONAL DATA. (10%) (K1, K14, S2, S7, S13)
3.1 Explain the lawful basis to process Personal Data listed under (Article 6) of the UK GDPR
3.2 Describe the conditions permitted for processing special category data listed under Article 9 of UK GDPR/ Schedule 1 of the DPA.
- ACCOUNTABILITY PRINCIPLE. (21.5%) (K1, K2, K3, K4, K6, K8, K14, K15, K16, S1, S2, S9, S10, S11, S12, S13, B3, B4)
4.1 Identify the accountability obligations (Article 5 (2) and Article 24) UK GDPR.
4.2 Describe the purpose of a Data Protection Impact Assessment (DPIA) UK GDPR.
4.3 Explain the process of conducting a DPIA (Article 35) UK GDPR and identify when risks arising from a DPIA may need prior consultation with the ICO (Article 36) UK GDPR.
4.4 Identify the importance of keeping a record of processing activity (RoPA) (Article 30) UK GDPR.
4.5 Outline the interplay with privacy notices (Article 13 & 14) UK GDPR.
4.6 Demonstrate how to adopt a ‘data protection by design and by default’ approach (Article 25) UK GDPR.
4.7 Identify suitable information security measures (Article 32) UK GDPR.
4.8 Explain the designation, position and tasks of the Data Protection Officer (DPO) (Article 37 to 39) UK GDPR.
- .9 Explain the role of the DPO and compliance monitoring.
- OBLIGATIONS OF CONTROLLERS, JOINT CONTROLLERS AND DATA PROCESSORS. SYLLA
- .1 Identify the controller and processor obligations.
- INTERNATIONAL DATA TRANSFERS UNDER UK GDPR.
6.1 Explain the principles of data transfers under UK GDPR and the impact of data transfers to and from the European Union (EU).
- DATA SUBJECT RIGHTS
7.1 Explain the key rights granted to individuals (Articles 12 to 17 and 21 to 22) UK GDPR. Specifically, the candidate will be required to explain data subject rights in relation to:
7.2 Explain the fundamental rights of other information requests.
7.3 Explain the impact of AI on data rights.
- INDEPENDENT SUPERVISORY AUTHORITIES (ISAS) AND THE INFORMATION COMMISSIONER’S OFFICE (ICO). (7.5%) (K12, K14)
8.1 Express awareness of the role of ISAs under EU GDPR. (Article 57 & 58 EU GDPR).
8.2 Explain the role of the ICO.
- BREACHES, ENFORCEMENT AND LIABILITY. (7.5%) (K1, K12, S1, S9)
9.1 Explain the obligation and requirements surrounding the reporting of personal data
breaches (UK GDPR Articles 33 and 34).
9.2 Identify the powers of the ICO that can be imposed as a result of a data protection breach or data protection complaint (Article 58 UK GDPR)
9.3 Describe liabilities
- PRIVACY AND ELECTRONIC COMMUNICATIONS (EC DIRECTIVE) REGULATIONS (PECR) 2003 AND SUBSEQUENT AMENDMENTS. (5%) (K1, K12, S7, S8, S9)
10.1 Identify the relationship between the UK GDPR, Data Protection Act 2018 and PECR in respect of marketing. (Email phone, SMS, in-app messaging, push notifications).
Syllabus Area Syllabus
- Context of data protection legislation.
- Principles of data protection and applicable terminology
- Lawful basis for processing of personal data
- Governance and accountability of data protection within organisations
- Interaction between controller and processor, and role of third parties
- Transfers of personal data to third countries or international organisations
- Data subject rights
- The role of the Information Commissioner’s Office (ICO) and Independent Supervisory Authorities (ISAs)
- Breaches, enforcement, and liability
- Processing of personal data in relation to children
- Privacy and Electronic Communications (EC Directive) Regulations (PECR) 2003
BCS PRACTITIONER CERTIFICATE IN DATA PROTECTION. Version 9.7
- CONTEXT OF DATA PROTECTION LEGISLATION. (7.5%)
- Explain the concepts of data protection and privacy.
- Describe the history of data protection in the UK.
- Describe the territorial scope and jurisdiction of GDPR.
- When a representative of the controller is needed.
- PRINCIPLES OF DATA PROTECTION AND APPLICABLE TERMINOLOGY. (5%)
- Define the following key items of terminology
- Demonstrate how the following UK GDPR principles regulate the processing of personal data.
- LAWFUL BASES FOR PROCESSING PERSONAL DATA. (5%)
- Illustrate the lawful bases to process personal data listed under (Article 6) of the UK GDPR and as displayed below.
- Describe the conditions permitted for processing special category data listed under Article 9 of UK GDPR.
- Explain the rules for processing criminal offence data.
- ACCOUNTABILITY PRINCIPLE. (15%)
- Identify the accountability and data governance obligation (Article 5 (2) Article 24).
- Describe the purpose of a Data Protection Impact Assessment (DPIA) and when risks arising from one may need prior consultation with the supervisory authority/ICO (Article 36)
- Demonstrate the process of conducting a DPIA (Article 35)
- Explain what a record of processing activity (RoPA) is, the information it should contain and why this is important (Article 30)
- 4.5 Outline the interplay with privacy notices (Article 13 & 14).
- Demonstrate how to adopt a ‘data protection by design and by default’ approach (Article 25).
- Identify suitable information security measures (Article 32)
- Explain the designation, position and tasks of the Data Protection Officer (DPO) (Article 37 to 39)
- Explain the scope of the DPO role in monitoring compliance and managing risks through a Privacy Management programme (Article 39 1.b)
- OBLIGATIONS OF CONTROLLERS, JOINT CONTROLLERS AND DATA PROCESSORS. (10%)
- Explain controller and processor obligations (Article 24 & 28)
- Describe the concept of joint controllers (Article 26)
- Describe the act of processing under the authority of a controller or processor (Article 29).
- Explain what a Data Processing Agreement is and when it would be necessary in a controller-processor arrangement.
- INTERNATIONAL DATA TRANSFERS UNDER EU AND UK GDPR. (2.5%)
- Recognise the general principles for transferring personal data to third countries from both the UK and the EU and illustrate what issues might arise from each of the following mechanisms.
- DATA SUBJECT RIGHTS. (5%)
- Demonstrate a detailed knowledge of the key rights granted to individuals (Articles 12 to 17 and 21 to 22).
- Express awareness of the following rights in addition to the above.
- Describe the restrictions and exemptions that may affect data subject rights.
- Explain the fundamental rights of information requests.
- THE ROLE OF INDEPENDENT SUPERVISORY AUTHORITIES (ISAS) AND THE ICO. (7.5%)
8.1 Explain the role and importance of supervisory authorities.
8.2 Explain the role of the Information Commissioner’s Office (ICO).
- BREACHES, ENFORCEMENT AND LIABILITY (12.5%)
- Explain what constitutes a personal data breach and the information required for reporting.
- Explain when the obligations arise to report breaches of personal data (Articles 33 and 34 UK GDPR)
- 9.3 Explain how a data protection complaint should be handled (Article 57 (1)(f)).
- Describe the sanctions that could be imposed as a result of a personal data breach or data protection complaint
- Describe the following liabilities:
- Identify the role of tribunal and judicial courts.
- PROCESSING OF PERSONAL DATA IN RELATION TO CHILDREN. (2.5%)
- Explain how data protection legislation applies to children
- SPECIFIC PROVISIONS IN DATA PROTECTION LEGISLATION OF PARTICULAR RELEVANCE TO PUBLIC AUTHORITIES. (7.5%)
- Define the meanings of public authority and public body and how it relates to both Data Protection Act 2018 and the UK GDPR (Section 7 of Data Protection Act 2018)
- Explain the provisions relating to Data Protection Officers (DPOs) for public authorities.
- Explain awareness of the existence of the exemptions for health, social work and education (Schedule 3, DPA 18)
- PRIVACY AND ELECTRONIC COMMUNICATIONS (EC DIRECTIVE) REGULATIONS (PECR) 2003 AND SUBSEQUENT AMENDMENTS TO 2021. (5%)
- Explain the relationship between PECR and the GDPR, including PECR’s:
- APPLICATION OF DATA PROTECTION LEGISLATION IN KEY AREAS OF INDUSTRY. (10%)
- Recognise the data protection implications of the Employment Practices Code.
- Describe how the use of video surveillance and CCTV (Data Protection Code of Practice for surveillance cameras and personal information) is governed by data protection law.
- Explain how data sharing practices are governed by data protection law (ICO Data Sharing Code of Practice)
- AI AND THE PROCESSING OF PERSONAL DATA. (5%)
- Analyse the benefits versus the risks of AI for individuals and organisations
- Analyse the impact of AI on the principles and concepts of data protection.
- Explain the process of completing a Data Protection Impact Assessment (DPIA) where AI is used.
Career, certification and Salary
Career as a Certified in Data Protection Officer – CDP.
Today, everyone responsible for collecting, processing, and using personal data must follow strict rules under data protection principles. Organisations must ensure that information is used legally and transparently. Besides, they should specify the purpose of collecting information from individuals. Overall, companies should handle data in a way that ensures adequate security, including protection against unauthorised or unlawful access, loss, processing, or destruction.
The UK has enacted strict regulations for the protection of sensitive information. Companies hire data protection officers to protect personal data such as race, ethnic background, political opinions, religious beliefs, trade union membership, biometrics, health, and genetics.
Importance of Career in Data Protection Act
Almost every organisation collects and processes personal data during operations using IT systems. Data protection ensures people can trust you to collect and use their data legally and responsibly. If an organisation collects information about individuals or other subjects for any reason, they should comply with the UK Data Protection Act.
Meanwhile, the UK government maintains laws, such as the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), as a flexible, risk-based approach that put the onus on organisations to think about and justify how and why they use personal information.
Data protection is essential to digital advancement and innovation. Practising adequate data protection ensures public trust and support for innovative uses of data in organisations.
CDP – Enhancing Data Protection Capabilities
You can improve your data protection knowledge by acquiring a Certificate in Data Protection.
CDP equips data protection professionals with a broader and more in-depth understanding of current laws, including the UK Data Protection Act 2018 and the EU GDPR and how businesses should apply them.
Successful completion of the CDP programme demonstrates to employers and industry that you attained the standard of Data Protection Officer (DPO) and that you possess a solid knowledge of data protection laws and understand the practical implications of the privacy rules on organisations.
Who Should Get Certified?
Are you responsible for data protection within your organisation? Then, this British Computer Society qualification is the ideal certification to broaden your understating in data protection and gain full knowledge of data protection laws’ practical applications.
Indeed, CDP is developed based on the UK Data Protection Act. However, other jurisdictions have enacted similar data protection laws, making the certification favourable to international candidates.
CDP qualification is of particular benefit to professionals working in areas like:
- Information governance, risk, and compliance
- Data protection and privacy
- Data management
- Project management
- Marketing and sales
- IT and information security – IT managers, security analysts, chief information security officers (CISOs)
- Human resources
- Management roles with data protection responsibilities
CDP’s Entry Requirements
We recommend that you attend a British Computer Society’s accredited Foundation Certificate in Data Protection Course before registering for CDP.
CDP is ideal for candidates who hold the BCS Foundation Certificate in Data protection, though this requirement is not mandatory.
What CDP Offers
Acquiring CDP provides an understanding of the fundamental changes and implications of the country’s top regulations, the UK Data Protection Act 2018 and the GDPR.
Other than that, the CDP program equips candidates with the understanding of individual and organisations responsibilities under UK’s data protection laws.
Acquiring CDP enables you to apply new rights available to data subjects and understand the implications of those rights.
CDP holders can effectively prepare organisations to handle personal and confidential information in compliance with data protection laws. All organisations that process personal data in the UK must comply with the UK GDPR and the Data Protection Act 2018 or risk fines of up to 17.5 million or 4 per cent of annual global turnover, whichever is greater. How your organisation comply with data protection legislation depends on how you handle personal data, and the best approach would be to appoint a CDP certified data protection officer. Certainly, CDP equips data protection and information security professionals specialist knowledge and skills needed to deliver DPA and GDPR compliance, helping your firm avoid hefty non-compliance penalties.
Acquiring CDP enables data protection officers to master their role and become competent to inform, advice, and monitor compliance with data protection laws while cooperating with industry experts and supervisory authority.
Getting the CDP Certification
You can take the CDP course with Cyber Skills Training – a top accredited training provider. The classroom course usually lasts five days with the training provider.
The CDP exam is a 90-minute closed book digital 40 question multi-choice exam, with a 65 per cent pass mark.
Cyber Skills Training delivers the CDP course in flexible options, including live instructor-led, face-to-face, or attend-from-any-where.
Cyber Skills Training CDP course is a 5-day live instructor course that will empower candidates to demonstrate knowledge and understanding of Data Protection legislation’s critical provisions. The program covers various areas, including:
- Context of data protection and applicable terminology
- Principles of data protection and applicable terminology
- Lawful basis for processing personal data
- Governance and accountability of data protection within organisations
- Interactions between controller and process, and the role of third-parties
- Transfer of personal data to third countries or international organisations
- Data subject rights
Apart from the detailed course coverage, Cyber Skills Training offers an exam pass guarantee. If a candidate does not pass the CDP exam on the first attempt, Cyber Skills Training allows them to re-sit the course at no cost. Secondly, the organisation provides 100 per cent satisfaction guarantee. In this case, if you are not satisfied with the CDP training at the end of the first day, you may withdraw and enrol in a different classroom course.
Are you ready to get started? You can book the CDP course in a few steps here.