Certified EU General Data Protection Regulation (EU GDPR) Foundation

Certified EU General Data Protection Regulation (EU GDPR) Foundation Outline

Module 1: Introduction to the GDPR  

• GDPR in a Nutshell  

• Generate Customer Confidence  

• Focus of GDPR  

• What is Personal Information? 

• Who has PII? 

• Lawful Processing of Personal Data  
   

Module 2: Binding Corporate Rules 

• Introduction 

• Scope  

• UK ICO’s View of the Scope  

• Processing GDPR Definition  

• Who Processes PII? 

• What is Special Data? 

• Legal Framework  

• Timeline and Derogations  

• Some Key Areas for Derogation  

• Data Breaches/Personal Data Breach  

• Consequences of Failure  

• Governance Framework  
   

Module 3: GDPR Terminology and Techniques 

• Key Roles  

• Data Set  

• Subject Access Request (SAR)  

• Data Protection Impact Assessments (DPIA) 

• What Triggers a Data Protection Impact Assessment? 

• DPIA is Not Required 

• Processes to be Considered for a DPIA  

• Responsibilities  

• DPIA Decision Path  

• DPIA Content  

• How Do I Conduct a DPIA? 

• Signing Off the DPIA  

• Mitigating Risks Identified by the DPIA  

• Privacy by Design and Default  

• External Transfers  

• Profiling  

• Pseudonymisation  

• Principles, User Rights, and Obligations  

• One Stop Shop  
   

Module 4: Structure of the Regulation  

• Parts of the GDPR  

• Format of the Articles  

• Articles  
   

Module 5: Principles and Rights  

• Introduction 

• Legality Principle  

• How the Permissions Work Together ? 

• Lawfulness of Processing Conditions  

• Lawfulness for Special Categories of Data 

• Criminal Offence Data  

• Consent 

• Transparency Principle  

• Fairness Principle  

• Rights of Data Subjects  

• Purpose Limitation Principle  

• Minimisation Principle  

• Accuracy Principle  

• Storage Limitation Principle  

• Integrity and Confidentiality Principle  

• Accountability Principle  
   

Module 6: Demonstrating Compliance  

• Demonstrating Compliance with the GDPR 

• Impact of Compliance Failure  

• Administrative Fines  

• What Influences the Size of an Administrative Fine? 

• Joint Controllers  

• Processor Liability Under GDPR  

• Demonstrating Compliance 

• Protecting PII is Only Half the Job 

• What must be Recorded? 

• Additional Ways of Demonstrating Compliance  

• Demonstrating a Robust Process  

• PIMS (Personal Information Management System) 

• Cyber Essentials  

• ISO 27017 Code of Practice for Information Security Controls  

• Risk Management  
   

Module 7: Incident Response and Data Breaches  

• What is a Personal Data Breach? 

• Notification Obligations  

• What Breaches Do I Need to Notify the Relevant Supervisory Authority About? 

• What Information Must Be Provided to the SA? 

• How do I Report a Breach to the SA? 

• Notifying Data Subjects  

• What Should I do to Prepare for Breach Reporting? 

• Updating Policies and Procedures  

• Breach Reporting and Responses 

• Ways to Minimise the Breach Impact  
   

Module 8: Understanding the Principle Roles 

• What does the GDPR Makes Businesses Responsible For? 

• Difference Between a Data Controller and a Data Processor 

• How the Roles Split? 

• Controllers and Processors 

• Main Obligations of Data Controllers 

• Demonstrate Compliance 

• Joint Controllers and EU Representative 

• Controller-Processor Contract 

• Maintain Records and Keeping Records for Small Businesses 

• Cooperation with Supervisory Authorities 

• Keeping PII Secure 

• Data Breach Transparency 

• Role of the Data Processor 

• Controller-Processor Contract 

• Main Obligations of the Processor 

• Perform Only the Data Processing Defined by the Data Controller 

• Update the Data Controller 

• Sub-Process or Appointment 

• Keep PII Confidential 

• Maintaining Records 

• Cooperate with Supervisory Authorities 

• Security 

• Appoint a DPO – If Necessary 

• Transferring Data Outside the EU 
   

Module 9: Role of the DPO 

• Role of a Data Protection Officer 

• Involvement of the DPO 

• Main Responsibilities of the DPO 

• Working Environment for the DPO 

• Must We Have A DPO? 

• Public Body 

• What does Large Scale mean? 

• Systematic Monitoring 

• Who Can Perform the Role of DPO? 

• Skills Required 

• Monitoring Compliance 

• Training and Awareness 

• Data Protection Impact Assessments (DPIAs) 

• Risk-Based Approach 

• Business Support for the DPO 

• DPO Independence 

• DPO – Conflict of Interest 
   

Module 10: UK Implementation 

• Key Differences Between the Data Protection Act and the GDPR 

• Highlights from the Data Protection Bill 

• Definition of Controller 

• Health, Social Work, Education, and Child Abuse 

• Age of Consent 

• Exemptions for Freedom of Expression 

• Research and Statistics 

• Archiving in the Public Interest 
   

Module 11: Key Features 

• Specific Permission 

• Privacy by Design 

• Data Portability 

• Right to be Forgotten 

• Definitive Consent 

• Information in Clear Readable Language 

• Limits on the Use of Profiling 

• Everyone Follows the Same Law 

• Adopting Techniques 
   

Module 12: Subject Access Requests and How to Deal with them? 

• Subject Access Requests (SAR) 

• Dealing with SAR 

• Recognise the Request 

• Understand the Time Limitations 

• Dealing with Fees and Excessive Requests 

• Identify, Search, and Gather the Requested Data 

• Learn about What Information to Withhold 

• Developing and Sending a Response 

What You’ll Learn in this Course

This course takes you from understanding the fundamentals of GDPR to recognising its impact on data handling and compliance. Each stage enhances your ability to apply essential privacy and protection principles within your organisation. 
 

• Learn the core objectives and principles of the EU GDPR framework 

• Learn how to identify lawful bases for data collection and processing 

• Learn the rights of data subjects and responsibilities of data controllers 

• Learn how to manage consent, data transfers, and retention requirements 

• Learn the importance of transparency, accountability, and compliance in GDPR 

• Learn to support organisational adherence to data protection regulations 

EU GDPR Foundation Exam Information 

The BCS Foundation Certificate in Agile Exam assesses candidates’ understanding of Agile concepts, principles, and frameworks. The format of the exam is as follows: 

• Question Type: Multiple Choice  

• Total Questions: 45  

• Total Marks: 45 Marks  

• Pass Mark: 65%, or 29/45 Marks  

• Duration: 60 Minutes  

• Open Book/ Closed Book: Closed Book