Data Protection Certification Course

Completing this course will help you to:

• Understand the importance of data protection legislation and compliance in the UK
• Interpret key terminology of the UK GDPR and Data Protection Act 2018 (DPA) in a practical context
• Understand the key obligations of the UK GDPR and DPA
• Create policies and procedures necessary for data protection compliance and accountability
• Carry out a data protection audit and gap analysis
• Develop an action plan to address a data protection gap analysis
• Respond appropriately to data protection issues arising in an organisation
• Carry out the duties of a data protection officer effectively

Alongside use of our Law Society of Scotland marque and your certification, successful completion of this course will award you with The Data Protection (GDPR) Practitioner Certificate.

This is an internationally recognised qualification, endorsed by Qualifi, which is regulated by Ofqual. It equips current and aspiring data protection officers and data protection managers with knowledge and skills to undertake data protection compliance activities throughout an organisation. It is a valuable course for anybody with data protection compliance responsibilities.

The course is suitable for members, or non-members, working in all areas of the profession from high street to big firm, and in-house, with a responsibility for data protection. The course assumes no prior knowledge but you will come away with a expert understanding of data protection issues. 

This course is for you if: 

• You are already acting as a data protection officer (DPO)
• You will be acting as DPO in the future
• You wish to gain employment as a DPO
• You have data protection responsibilities
• You wish to develop data protection as a practice area
• You have an interest in data protection issues and want to demonstrate practical skills and learning in this area.

1. Sign up for the certified course in Data Protection
2. Attend eght live online training half-days facilitated by Computer Law Training (29 hours verifiable CPD)
3. Complete the online test (1 hr verified CPD)
4. Certification in Data Protection awarded with use of our marque alongside obtaining a certificate (Data Protection (GDPR) Practitioner Certificate) awarded by Qualifi

Data Protection – history and background

• Brief history of data protection
• Importance of data protection

UK GDPR Overview

• Scope (material and territorial)
• Key Definitions
• Data Protection Principles and Legal Basis
• Transparency
• Data Subject Rights
• Breach Reporting / Recording
• Data Protection by design & default
• Data Protection Impact Assessments
• Data Processors
• Restricted (International) Transfers
• Relationship with EU GDPR

What is Personal Data?

• ICO Guidance
• Durant and other cases

Principles & Legal Bases

• Data protection principles
• Lawfulness Requirement and 7 Legal Bases
• Choosing a Legal Basis

Consent in Detail

• Definition
• Handling consent
• Problems with consent
• When should you use consent?

'Sensitive' Personal Data

• What are Special Categories?
• Why they are important
• Criminal conviction and offence data

• Conditions for Processing

Transparency Requirements

• Information Required and 'Modalities'
• Writing a privacy notice - ‘Layered’ Approach
• Exemptions

Data Subject Rights (part 1)

• Availability of rights
• Management Issues

Data Subject Rights (part 2)

• How to respond (focus on subject access requests)
• Requirements and Procedures

Data Sharing, Processors and Controllers

• Processors and Contracts
• Joint Controllers and Agreements
• One-off Sharing
• Legal Basis
• Risks and due diligence
• Internal Sharing
• When can you share?

Information Security Obligations

• Risk analysis
• ‘Appropriate’ Security
• Some Common Security Risks
• Breach Reporting and Recording obligations
• When do you have to report?

Restricted (International) Transfers

• What is a Restricted Transfer?
• Adequacy and the EU
• Transfers with Appropriate Safeguards: SCCs
• International Data Transfer Agreement
• Transfer Impact Assessment
• Binding Corporate Rules
• Derogations for Specific Situations
• Trans-Atlantic arrangements

The Accountability Principle

• The “Accountability Portfolio”
• Documentation Requirements
• Record of Processing Activities
• The ICO’s trackers

Data Protection Governance

• Data Protection Officers (DPOs)
• Responsibilities

Data Protection by Design & by Default

• Data Protection by Design Obligations
• Data Protection Impact Assessments (DPIAs)
• When do you have to do it?
• How do you do it?

Data Protection and Direct Marketing

• PECR.
• UK GDPR
• ICO Guidance

The Data Protection Act 2018

• Relationship with the UK GDPR
• Main Points
• Children’s Data
• Offences
• Exemptions

HR Issues

• Retention of Applicant and Employee Data
• Health and other sensitive data
• Staff Monitoring
• Confidentiality of Employee Data

Other Issues

• Some Issues Around Artificial Intelligence
• Codes of Conduct and Certification
• Staff Training
• Data Protection Audit and Gap Analysis

Regulator and Enforcement

• The ICO and its Role
• Registration requirements
• Enforcement
• The European Data Protection Board (EDPB)

Held after the course, candidates will be given a multiple-choice test and will have 1 hour to answer 40 questions.