Skip to content
Law Society of Scotland
Search
Find a Solicitor
Contact us
About us
Sign in
Search
Find a Solicitor
Contact us
About us
Sign in
  • For members

    • For members

    • CPD & Training

    • Membership and fees

    • Rules and guidance

    • Regulation and compliance

    • Journal

    • Business support

    • Career growth

    • Member benefits

    • Professional support

    • Lawscot Wellbeing

    • Lawscot Sustainability

    • Lawscot Tech

  • News and events

    • News and events

    • Law Society news

    • Blogs & opinions

    • CPD & Training

    • Events

  • Qualifying and education

    • Qualifying and education

    • Qualifying as a Scottish solicitor

    • Career support and advice

    • Our work with schools

    • Funding your education

    • Social mobility

  • Research and policy

    • Research and policy

    • Research

    • Influencing the law and policy

    • Equality and diversity

    • Our international work

    • Legal Services Review

    • Meet the Policy team

  • For the public

    • For the public

    • What solicitors can do for you

    • Making a complaint

    • Client protection

    • Find a Solicitor

    • Frequently asked questions

    • Your Scottish solicitor

  • About us

    • About us

    • Contact us

    • Who we are

    • Our strategy, reports and plans

    • Help and advice

    • Our standards

    • Work with us

    • Our logo and branding

    • Equality and diversity

Data Protection Certification Course

  1. Home
  2. For members
  3. CPD & Training
  4. Browse available CPD
  5. Data Protection Certification Course
Location & Date
Location: Online, Zoom
From: 14th October 2025
To: 29th October 2025
Time: 13:00 - 16:30
Training Details
Live Online
Live Online:

Join this CPD training online at the specified time

Spaces: 20
CPD Hours: 29 hours over 8 seminars
Register & Details
Book now Tell A Friend Contact Us View prices

29 hours verifiable CPD

Develop a strong understanding of data protection legislation and compliance while achieving Law Society of Scotland certification and obtaining a certificate (Data Protection (GDPR) Practitioner Certificate) awarded by Qualifi.

The course assumes little or no previous knowledge of data protection and will cover, in a practical context, the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003, as updated by the the Data (Use and Access) Act. The main points of this legislation will be explained with an emphasis on practical aspects of compliance.

It will take place over eight half-days (13.00-16.30) and will comprise of lectures, discussion and practical exercises. At the end of the course, you will be expected to complete a multiple choice test which, once passed, will allow you to receive your LSS certification and your Qualifi certificate.

The description below should be taken as indicative and the precise content of the course will reflect any ongoing developments.

What will you gain from completing this course?

Completing this course will help you to:

  • Understand the importance of data protection legislation and compliance in the UK
  • Interpret key terminology of the UK GDPR and Data Protection Act 2018 (DPA) in a practical context
  • Understand the key obligations of the UK GDPR and DPA
  • Create policies and procedures necessary for data protection compliance and accountability
  • Carry out a data protection audit and gap analysis
  • Develop an action plan to address a data protection gap analysis
  • Respond appropriately to data protection issues arising in an organisation
  • Carry out the duties of a data protection officer effectively

What is the Data Protection (GDPR) Practitioner Certificate?

Alongside use of our Law Society of Scotland marque and your certification, successful completion of this course will award you with The Data Protection (GDPR) Practitioner Certificate.

This is an internationally recognised qualification, endorsed by Qualifi, which is regulated by Ofqual. It equips current and aspiring data protection officers and data protection managers with knowledge and skills to undertake data protection compliance activities throughout an organisation. It is a valuable course for anybody with data protection compliance responsibilities.

Who is this course for?

The course is suitable for members, or non-members, working in all areas of the profession from high street to big firm, and in-house, with a responsibility for data protection. The course assumes no prior knowledge but you will come away with a expert understanding of data protection issues. 

This course is for you if: 

  • You are already acting as a data protection officer (DPO)
  • You will be acting as DPO in the future
  • You wish to gain employment as a DPO
  • You have data protection responsibilities
  • You wish to develop data protection as a practice area
  • You have an interest in data protection issues and want to demonstrate practical skills and learning in this area.

Certification process

  1. Sign up for the certified course in Data Protection
  2. Attend eght live online training half-days facilitated by Computer Law Training (29 hours verifiable CPD)
  3. Complete the online test (1 hr verified CPD)
  4. Certification in Data Protection awarded with use of our marque alongside obtaining a certificate (Data Protection (GDPR) Practitioner Certificate) awarded by Qualifi

Course tutor

Tim Musson
Tim Musson
Managing Director
Computer Law Training Ltd

Live Seminar Dates

Date Location Webinar

Tuesday 14 October 2025 - 1pm to 4:30pm

Online

History, GDPR Overview and Personal Data

Wednesday 15 October 2025 - 1pm to 4:30pm

Online

Principles & Legal Bases, Consent and 'Sensitive' Personal Data

Thursday 16 October 2025 - 1pm to 4:30pm

Online

Transparency Requirements and Data Subject Rights

Tuesday 21 October 2025 - 1pm to 4:30pm

Online

Data Subject Rights and Data Sharing, Processors & Controllers

Wednesday 22 October 2025 - 1pm to 4:30pm

Online

Information Security Obligations and Restricted Transfers

Thursday 23 October 2025 - 1pm to 4:30pm

Online

The Accountability Principle, Data Governance Principle, Data Protection by Design & Default and Direct Marketing 

Tuesday 28 October 2025 - 1pm to 4:30pm

Online

The Data Protection Act 2018 and HR Issues 

Wednesday 29 October 2025 - 1pm to 4:30pm

Online

Other Issues and Regulator & Enforcer 

Course components

Day One: History, GDPR Overview and Personal Data

Data Protection – history and background

  • Brief history of data protection
  • Importance of data protection

UK GDPR Overview

  • Scope (material and territorial)
  • Key Definitions
  • Data Protection Principles and Legal Basis
  • Transparency
  • Data Subject Rights
  • Breach Reporting / Recording
  • Data Protection by design & default
  • Data Protection Impact Assessments
  • Data Processors
  • Restricted (International) Transfers
  • Relationship with EU GDPR

What is Personal Data?

  • ICO Guidance
  • Durant and other cases

Day Two: Principles & Legal Bases, Consent in Detail and 'Sensitive' Personal Data

Principles & Legal Bases

  • Data protection principles
  • Lawfulness Requirement and 7 Legal Bases
  • Choosing a Legal Basis

Consent in Detail

  • Definition
  • Handling consent
  • Problems with consent
  • When should you use consent?

'Sensitive' Personal Data

  • What are Special Categories?
  • Why they are important
  • Criminal conviction and offence data
  • Conditions for Processing

Day Three: Transparency Requirements and Data Subject Rights

Transparency Requirements

  • Information Required and 'Modalities'
  • Writing a privacy notice - ‘Layered’ Approach
  • Exemptions

Data Subject Rights (part 1)

  • Availability of rights
  • Management Issues

Day Four: Data Subject Rights and Data Sharing, Processors & Controllers

Data Subject Rights (part 2)

  • How to respond (focus on subject access requests)
  • Requirements and Procedures

Data Sharing, Processors and Controllers

  • Processors and Contracts
  • Joint Controllers and Agreements
  • One-off Sharing
  • Legal Basis
  • Risks and due diligence
  • Internal Sharing
  • When can you share?

Day Five: Information Security Obligations and Restricted (International) Transfers

Information Security Obligations

  • Risk analysis
  • ‘Appropriate’ Security
  • Some Common Security Risks
  • Breach Reporting and Recording obligations
    • When do you have to report?

Restricted (International) Transfers

  • What is a Restricted Transfer?
  • Adequacy and the EU
  • Transfers with Appropriate Safeguards: SCCs
    • International Data Transfer Agreement
    • Transfer Impact Assessment
  • Binding Corporate Rules
  • Derogations for Specific Situations
  • Trans-Atlantic arrangements

Day Six: The Accountability Principle, Data Protection Governance, Design & Default and Direct Marketing

The Accountability Principle

  • The “Accountability Portfolio”
  • Documentation Requirements
  • Record of Processing Activities
  • The ICO’s trackers

Data Protection Governance

  • Data Protection Officers (DPOs)
  • Responsibilities

Data Protection by Design & by Default

  • Data Protection by Design Obligations
  • Data Protection Impact Assessments (DPIAs)
    • When do you have to do it?
    • How do you do it?

Data Protection and Direct Marketing

  • PECR.
  • UK GDPR
  • ICO Guidance

Day Seven: The Data Protection Act 2018 and HR Issues

The Data Protection Act 2018

  • Relationship with the UK GDPR
  • Main Points
  • Children’s Data
  • Offences
  • Exemptions

HR Issues

  • Retention of Applicant and Employee Data
  • Health and other sensitive data
  • Staff Monitoring
  • Confidentiality of Employee Data

Day Eight: Other Issues and Regulator & Enforcement

Other Issues

  • Some Issues Around Artificial Intelligence
  • Codes of Conduct and Certification
  • Staff Training
  • Data Protection Audit and Gap Analysis

Regulator and Enforcement

  • The ICO and its Role
  • Registration requirements
  • Enforcement
  • The European Data Protection Board (EDPB)

Course Test

Held after the course, candidates will be given a multiple-choice test and will have 1 hour to answer 40 questions.

What have our past delegates said about the course?

I attended the course as a non-lawyer but someone with responsibility for data protection. The course was well structured, very thorough and clearly presented. I left the course with a far greater understanding of the Data Protection legislation and its implications in practice.
Chris Nicol, Capital City Partnership
I have learned a lot during this course. I particularly appreciated how Tim took the time beginning with the basic elements before delving into the complexities of Data Protection law. I particularly appreciated that he welcomed participation from those taking the course, and would stop to explain anything that was not clear after the first explanation. I would recommend this to any NQ solicitors with an interest in Data Protection law, hoping to solidify their knowledge.
The Data Protection Certified Course was well structured and helpful to my role. I would highly recommend the course to others looking to develop an understanding of data protection law or build on existing knowledge.
The Data Protection course was very engaging and thorough - I learned a lot and enjoyed each session.
Great course, well organised, with a hugely knowledgeable trainer, supported by engaging materials
Very knowledgeable and insightful trainer and well structured training. Would recommend to anyone looking to gain knowledge in this area or as a refresher course.
The course was excellent. The content was thorough and brought to life the practicalities in dealing with Data Protection matters. It made me realise that I actually know a lot more than I originally thought and so the course has helped to increase my confidence in dealing with Data Protection matters, which will assist greatly with my role.
Prices (prices exclude VAT)
Member:
£1520.00
Non member:
£1750.00

Please note there are just 20 spaces on each course.

If you’re not a member, please contact our CPD team to book: CPD@lawscot.org.uk

Contact Us

Add To Favorites

Additional

  • CPD & Training
  • Annual Conference 2025
  • Flagship Conferences
  • Certification Courses
  • CPD for in-house lawyers
  • Essential Career Skills
  • Lawscot Trainee CPD
  • On-demand Online CPD
  • Regulatory Courses
  • Risk Management CPD
  • Free CPD & Training
  • About Lawscot CPD

Sign up for the CPD Newsletter

Receive our fortnightly round up

Sign up about Sign up for the CPD Newsletter

On-demand Online CPD

CPD where and when you want it. Choose from a host of online CPD based on a wide variety of areas of law and other relevant topics.

Online CPD about On-demand Online CPD

Lawscot Trainee CPD

Find out more about Lawscot Trainee CPD

Get in touch

If you are trying to book an event but don't have login details or are trying to book on behalf of someone, please contact us stating the full name, organisation and email address of the attendee
Contact us about Get in touch
Law Society of Scotland
Atria One, 144 Morrison Street
Edinburgh
EH3 8EX
If you’re looking for a solicitor, visit FindaSolicitor.scot
T: +44(0) 131 226 7411
E: lawscot@lawscot.org.uk
About us
  • Contact us
  • Who we are
  • Strategy reports plans
  • Help and advice
  • Our standards
  • Work with us
Useful links
  • Find a Solicitor
  • Sign in
  • CPD & Training
  • Rules and guidance
  • Website terms and conditions
Law Society of Scotland | © 2025
Made by Gecko Agency Limited