0345 4506120

BCS Practitioner Certificate in Data Protection

Course Details

Name BCS Practitioner Certificate in Data Protection
DescriptionThe BCS-ISEB Certificate in Data Protection provides the ideal qualification for those having data protection responsibilities within their organisation.  The course follows the latest BCS-ISEB syllabus, and prepares delegates for the BCS Certificate in Data Protection examination. Delivery is by a highly experienced specialist - with emphasis on delegate interaction and engagement."The BCS-ISEB Certificate in Data Protection is used by the Information Commissioner's Office to train its own staff"The implications surrounding improper disclosure or leakage of information has never been greater.  Those experienced in data protection issues, as well as those new to the subject, need to be trained so their organisations are assured that compliance with the 1998 Data Protection Act is continually addressed. The aim of this qualification is to promote an in-depth understanding of how Data Protection works in practice. The program places the Act in the context of human rights and promotes good practice within organisations, rather than simply focusing on the mechanics of regulation. On completion of the course delegates should be able to explain the origins and identify the broader context of the Act. In addition delegates will have the knowledge to translate the Act's principles into practical policies and procedures for the management of Data Protection processes.The course price includes the 5 day course, an additional exam preparation day and the exam fee. The price also includes a comprehensive training and reference manual.The exam is taken separately from the course on dates each quarter determined by the BCS.Accommodation in the nearby hotel is available. Please contact us for further information.
Start Date:
Working Days:
£2195.00 +vat
Course ID:


First launched in 1999, the BCS (formerly ISEB) practitioner certificate is the leading independent professional workplace qualification for individuals with privacy or data protection responsibilities. Over the years, the BCS has shown a continued commitment to evolving the practitioner certificate. In doing so, it has become the most trusted certificated data protection training programme in the UK and is often listed by employers as a required qualification.

As we usher in a new era in privacy law, the BCS has kept pace with the advances in EU and UK legislation to ensure the Practitioner Certificate in Data Protection will continue to serve as the benchmark for many years to come. The current version of the BCS Syllabus (v8.5) has recently been updated to cover the General Data Protection Regulation (GDPR), which is set to come into force on 25 May 2018.

The BCS Practitioner Certificate in Data Protection confirms the ability of award holders to fulfil the mandatory appointed role of a Data Protection Officer (DPO) or to lead GDPR compliance within their organisation, department or group.

This BCS accredited GDPR training course requires participants develop a deep understanding of both EU and UK data protection laws and how to apply them in a workplace environment. Rather than focus on the rigid mechanics of regulation, the course places privacy in the context of human rights and promotes good practice within organisations.

The course concentrates on the incoming EU General Data Protection Regulation (GDPR) with its 10 chapters, 99 articles, and 173 recitals. It examines the complexity of the interactions between the GDPR and the UK Data Protection Bill including its derogations and exemptions. The course also looks at the new EU ePrivacy Regulation, which is set to repeal the Privacy and Electronic Communications Regulations (PECR).

Delivered over 5-days the course follows the latest BCS Syllabus (v8.5). Participants will also receive a separate 1-day online revision course to help prepare for the BCS Practitioner Certificate in Data Protection Exam. The BCS exam is a 2-hour separate event. It consists of 3-parts made up of 20 simple multiple choice questions, 20 complex multiple choice questions, and 12 short answer written questions. The pass mark is 65% with 80% for a distinction.

Who should attend

This course is intended for:

  • Data Protection Officers 
  • Information Governance (IG), Information Assurance (IA) and other compliance professionals (all grades)
  • Freedom of Information managers
  • Solicitors advising on information law
  • Head of risk, Senior Information Risk Officers (SIRO)
  • IT security managers, Chief Information Security Officers (CISO) 
  • IT/IS managers
  • Human resources managers
  • Head of marketing, Chief Marketing Officers (CMO)
  • Company directors of businesses that handle high volumes of personal information


12-month BCS Associate membership (not available to previous members). Click here for terms and conditions.

Learning Objectives

By obtaining the Practitioner Certificate, individuals will:

  • Hold a recognised practitioner level qualification in GDPR
  • Gain an in-depth understanding of the key changes that the GDPR and the UK Data Protection Bill introduce to data protection
  • Understand the individual and organisational responsibilities, particularly the need for effective record keeping
  • Be able to apply the new rights available to data subjects and understand the implications of those rights
  • Become a champion for the existence of the Data Protection Officer role
  • Be capable of performing the tasks a Data Protection Officer is expected to undertake
  • Possess the knowledge to conduct Privacy Impact Assessments
  • Know how to adopt a Data Protection by Design/Default approach when implementing new processing systems
  • Understand the legal mechanisms available that facilitate and enable the transfer of personal data outside of the EU
  • Be able to prepare an organisation to achieve and maintain compliance with the GDPR and the UK Data Protection Bill



Course Content

The topics covered in this course include:

  • Preliminary
    • Course Aims
    • Exam Technique and format
    • Course syllabus and reading the Act
    • The Commissioners around the British Isles
  • Introduction
  • Looking at Privacy in the UK
  • The history of Data Protection from the Declaration of Human Rights to now
  • Further legislation
    • Human Rights Act 1998
    • Freedom of Information Act 2000
    • Criminal Justice and Immigration Act 2008
    • Coroners and Justice Act 2009
    • The General Data Protection Regulations (GDPR)
  • Long and short title of the ’89 Act
  • Definitions
    • Types of processing data under the Act
    • Personal and Sensitive personal data
    • Relevant filing and processing
    • Data Matching
    • Data Protection Act’98 characters
      • Data Subject
      • Data Controller
      • Data Processor
      • Recipient
      • 3rd Parties
  • Data Protection Principles
    1. Processing Fairly and Lawfully
      • Schedules 2 and 3
    2. Specified and lawful processing
    3. Adequate, relevant and not excessive
    4. Accurate and where necessary up-to-date
    5. Retention – not held for longer than necessary
    6. The rights of the Data Subject
      • Including further qualified rights
    7. Security
    8. Overseas transfers
      • Including Schedule 4
  • Notification
  • Introduction
    • Who would need to notify
    • Offences and Fees
  • Requirements of Notification
    • Registrable particulars
    • Security statement
  • Exemptions for notification
  • Exemptions
    • Exemption Provisions
      • Subject Assess provision
      • Subject Information Provision
      • Non-disclosure Provision
    • Exemptions within the syllabus
      • Domestic Purposes
      • Crime and taxation
      • Disclosures required by law to be made public
      • Disclosures required by law and in connection with legal proceedings
      • Special purposes – Journalism, Literature and Artistic
      • Research, History, and Statistics
      • Miscellaneous exemptions
  • Role of the Information Commissioner
    • The office of the ICO
      • Functions of the Commissioner
      • Role of the ICO
    • The Codes of Practice
    • Enforcement
      • Undertakings
      • Notices
      • Entry and inspection
  • The General Regulatory Chamber
    • About Information Rights Tribunal
    • The appeal process
  • Offences
    • Liability
    • Penalties
    • The offences
    • The defences in law
    • The Privacy and Electronic Communication Regulations 2003 (PECR)
  • Further regulations and codes of practice affecting marketing 2009
  • Traffic and location data
  • Calling or called line identification (CLI)
  • Direct Marketing by Electronic Means
    • Solicited and unsolicited marketing
    • Individual subscribers
    • Corporate subscribers
    • Market research and sugging
    • Lead generation
  • Consent
    • Implied
    • Indirect
    • Proof of consent
  • Direct marketing by telephone
  • Direct marketing faxes
    • Preference Services
  • Direct marketing by electronic mail
    • Soft-opt-in

Bedford - Stephenson Court


We are also:

Please contact us first and we can arrange a preferential rate.


13a Stephenson Court
Priory Business Park
Fraser Road
MK44 3WH



  • Expect modern, comfortable, and newly finished facilities
  • Benefit from state-of-the-art technology including white boards and overhead projectors
  • Enjoy hot and cold refreshments in each room
  • Expect fully-serviced facilities: our reception is manned throughout working hours and we can even arrange the delivery of lunch to your room


+40 hours of revision and exam preparation.

Duration and Format of the BCS Examination

The BCS Practitioner Certificate in Data Protection Exam is a two-hour closed-book examination comprising three sections. The format is as follows with a balance of questions across the syllabus.

Section A:

20 simple multiple choice questions (1 mark each). Participants should attempt all questions.

Section B:

20 complex multiple choice questions (2 marks each). Participants should attempt all questions.

Section C:

12 short answer questions (5 marks each). Participants should attempt all questions.

The examination is held independently of the accredited course.

Pass Mark

The pass mark is 78/120. This equates to 65%


Distinctions will be awarded to candidates who achieve 96 or more.

Format of the Examination

  • 17% Simple multiple choice questions
  • 33% Complex multiple choice questions
  • 50% Short answer questions
Duration2 Hours. An additional 30 minutes will be allowed for candidates sitting the examination in a language that is not their native language
Open BookNo
Pass Mark65/100 (50%)
Distinction Mark80/100 (80%)
CalculatorsCalculators cannot be used during this examination
DeliveryPaper based examination only

Additional time for candidates requiring Reasonable Adjustments

Candidates may request additional time if they require reasonable adjustments. Please refer to the reasonable adjustments policy for detailed information on how and when to apply.

Additional time for candidates whose language is not the language of the exam

An additional 25% (30 minutes) will be allowed for candidates sitting the examination in a language that is not their mother tongue. If the examination is taken in a language that is not the candidate’s native/official language, then they are entitled to use their own paper language dictionary (whose purpose is translation between the examination language and another national language) during the examination. Electronic versions of dictionaries will not be allowed into the examination room.

The full BCS PC-DP Syllabus can be viewed here syllabus on the BCS website.

Exam Preparation Day

This 1-Day online GDPR training course is intended to help participants revise for and assist in their preparations for the BCS Practitioner Certificate in Data Protection Examination. 

The topics covered in this online session include:

Part 1. Online discussion and presentation

  • Exam technique
  • Timing
  • Completing the exam paperwork
  • How to break down BCS exam questions
    • Reading questions properly
    • Answering questions correctly
  • Exercises
  • Group discussion, 3 example questions

Part 2. Mock exam

  • 1-hour mock exam (50% of the exam paper)

Part 3. Discussion, Q&A, review of the mock exam

  • Group discussion, mock exam answers

Following the examination prep day, the instructor will evaluate each student’s mock paper and provide individual feedback. This will include direct comments on the answers, exam technique and offer guidance for further study areas.

Our Customers Include