Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

BCS GDPR Update: Foundation Certificate in Data Protection

  1. Home
  3. BCS GDPR Update: Foundation Certificate in Data Protection
BCS GDPR Update: Foundation Certificate in Data Protection Online Tutorial

About the Exam

The BCS GDPR Update: Foundation Certificate in Data Protection exam builds on your data protection foundation learning to understand GDPR in more depth and ensure its compliance in an organisation.

By achieving the GDPR Update qualification, candidates will be able to: 

  • Hold an up-to-date recognised qualification in data protection.  
  • Gain an understanding of the key changes and associated implications that the GDPR introduces for your organisation. 
  • Prepare for the GDPR changes that occurred with the enactment of the UK Data Protection Act in 2018.

Target Audience

The qualification is for holders of the BCS Foundation Certificate in Data Protection, who needs to understand the GDPR and the UK Data Protection Act and the changes that they bring in the processing of personal data. It is important to those who need to possess an understanding of the GDPR to do their job, or those whose effectiveness in their role would be enhanced by knowledge of the law in this area.

Exam Objectives

The objectives of BCS GDPR Update: Foundation Certificate in Data Protection exam are:

  1. General Data Protection Regulation (GDPR) background (7%, K2)
  2. GDPR definitions and terminology (7%, K2)
  3. The data protection principles (7%, K2)
  4. Special categories of personal data (7%, K1)
  5. Lawfulness of processing (22%, K2)
  6. Data Subject Rights (22%, K2)
  7. Data Controller and Data Processor obligations (14%, K2)
  8. Transfers of personal data (7%, K2)
  9. Powers of the Supervisory Authorities (7%, K1)

Exam Details

  Exam Name    BCS GDPR Update: Foundation Certificate in Data Protection  
  Exam Partner    Pearson VUE  
  Exam Format    Multiple Choice  
  Mode of Exam    Closed Book Paper-based Exam  
  Exam Duration    30 minutes  
  Total Number of Questions    25  
  Passing Score    16/25 (64%)  
  Exam Fees    £72 (£60 + VAT)  

Exam Pre-requisites

This is a foundation level qualification and candidates must need to hold the BCS Foundation Certificate in Data Protection – 2011 Syllabus (with a pass prior to 31 January 2018) It is strongly recommended that candidates complete an accredited training course although this is not a mandatory requirement for enrolling.

BCS GDPR Update: Foundation Certificate in Data Protection FAQ

Get all your doubts resolved with BCS GDPR Update: Foundation Certificate in Data Protection FAQ

BCS GDPR Update: Foundation Certificate in Data Protection FAQ

Course Outline for BCS GDPR Update: Foundation Certificate in Data Protection

The BCS GDPR Update: Foundation Certificate in Data Protection covers the following topics –

General Data Protection Regulation (GDPR) background (0.5 hours, 7%, K2)

The candidate will be able to define the wider scope and jurisdiction of theGDPR, itsrelationship to the UK Data Protection Act 2018 and other overlapping new or emerginglegislation including the following:

  • Wider scope of the GDPR – EU Directive 2016/679
  • Main establishment and when EU representation is needed
  • Cooperation between supervisory authorities (concept of one stop shop)
  • UK Data Protection Act 2018 (implementing the GDPR in the UK) structure andstatus
  • EU Directive 2016/680 The Law Enforcement Directive (LED)
  • The Digital Economy Act 2017
  • The Directive on Security of Network and Information Systems (NIS Directive)((EU) 2016/1148)
  • Telecommunications Directive 97/66/EC, Privacy and ElectronicCommunications Directive 20002/58/EC, and anticipated revisions (ePrivacyRegulation 2017/0003 (COD)

NB: Candidates will be expected to summarise the above legal instruments and how they relate to or influence the requirements of the GDPR. Candidates are not expected to have a detailed knowledge of their provisions.

GDPR definitions and terminology (0.5 hours, 7%, K2)

The candidate will be able to distinguish the important definitions in the GDPR where the terminology is new, or differs from previous data protection legislation, including:

  • Special category personal data
  • Main establishment
  • Data minimization
  • Data Protection Officer
  • Data Protection Impact Assessment
  • Codes of Conduct (Codes of Practice in DPB)
  • Transparency
  • Profiling
  • Consent
  • Child’s consent in relation to information society services
  • Competent authority in relation to the LED
The data protection principles (0.5 hours, 7%, K2)

The candidate will be able to identify how the enhancements to the data protection principles established in the GDPR (Article 5) differ from the previous UK Data Protection Act 1998 principles, i.e. the 6 principles detailed with Article 5(1) and theaccountability requirement from Article 5(2).

The candidate will be able to explain the importance of data processing, specifically:

  • Transparency requirements in relation to being ‘fair and lawful’
  • Explicit and compatible in relation to ‘specified purposes’
  • Limited to what is necessary in relation to being ‘accurate and relevant’
  • Pseudonymisation in relation to ‘data retention’

The candidate will be able to explain the importance of data controllers and processorsbeing accountable for compliance with data processing principles.

Special categories of personal data (0.5 hours, 7%, K1)

The candidate will be able to recognise that the GDPR introduces new specialcategories of personal data and separates the processing of personal data relating tocriminal convictions and alleged criminal offences, specifically:

  • Genetic and biometric data
  • Processing personal information relating to the crime as a ‘competent authority’
  • Processing criminal records and alleged offences information in the employment context
Lawfulness of processing (1.5 hours, 22%, K2)

The candidate will be able to identify the lawful conditions (grounds) that must be satisfied in order to legitimise the processing of personal data, including:

  • Conditions for consent (Article 7, Recitals 32, 42, 43)
  • Consent of a child in relation to information society services (Article 8)
  • Special categories of personal data (Article 9 and 10)
  • Obligations of professional secrecy
  • Processing that does not require identification (Article 11)
Data Subject Rights (1.5 hours, 22%, K2)

The candidate will be able to recall and identify data subject rights granted under the GDP, how they relate to the seven fundamental principles and how they are applied in practice:

  • Confirmation of processing (Article 12)
  • Right to be informed (transparency), including of further processing (Article 13and 14)
  • Right of access to personal data (Article 15), including timescales
  • Right to rectification (Article 16)
  • Right to erasure (to be forgotten) (Article 17)
  • Right to restriction of processing (Article 18)
  • Obligation to notify the rectification, erasure or restriction to recipients and the data subject (Article 19)
  • Right to portability (Article 20)
  • Right to object and rights in relation to direct marketing (Article 21)
  • Consent rules and the proposed alignment of Privacy In ElectronicCommunications Regulations (PECR)
  • Rights in relation to automated decision making and profiling (Article 22)
  • Right to lodge a complaint (Article 77)
  • Right to effective judicial remedy (Article 78 and 79)
  • Right to compensation including non-material damage (Article 82)
Data Controller and Data Processor obligations (1 hour, 14%, K2)

The candidate will be able to identify the obligations that are placed upon data controllersand processors under the GDPR, including:

  • General obligations of a controller and processor (Article 5(2))
  • Data controller/data processor and joint controller relationships (Article 5(2))
  • Accountability and governance (Article 5(2))
  • Controller specific obligations (Article 24)
  • Joint controller arrangements (Article 26)
  • Data Protection by Design and by Default (Article 25)
  • Processor specific obligations (Article 28)
  • Records of Processing Activities (Article 30)
  •  Information security (Article 32)
  • Data breach notification (Articles 33 and 34)
  • To the Supervisory Authority including when to notify the Data Subject
  • Overlap with the NIS Directive in relation to breach reporting
  • Data Protection Impact Assessment (Article 35)
  • Co-operation with the Supervisory Authority (Article 31) and consultation on highrisk processing (Article 36)
  • Data Protection Officer appointment (Article 37 to 39)
  • Status and use of codes of practice (Article 40)
Transfers of personal data (0.5 hours, 7%, K2)

The candidate will be able to identify the following:

  • General principles for transfers
  • Transfers on the basis of an adequacy decision by the EU, including Privacy Shield
  • Transfers subject to appropriate safeguards
  • Contract clauses
  • Binding Corporate Rules
  • Exemptions for specific situations
Powers of the Supervisory Authorities (0.5 hours, 7%, K1)

The candidate will be able to define the Supervisory Authority’s powers to:

  • Impose monetary penalties
  • Issue enforcement notices
  • Require controllers or processors to provide information

Preparatory Guide for BCS GDPR Update: Foundation Certificate in Data Protection

Accredited Training Course

BCS offers Accredited Training Providers where the candidates can visit and enrol to get the training for any certification they wish for. It is strongly recommended to take up the accredited training course before the exam as it is the right and authentic source to help you out with your learning. This course will provide candidates with the levels of difficulty/knowledge skill, enabling them to develop them to operate at the levels of responsibility.

Self-Study

Those who do not wish to take up any course to help them prepare for the exam, they can review the objectives of the exam and study all by themselves. Self-study is said to be ideal if you’re self-motivated and have a good understanding of data protection. It usually takes a minimum of 10 hours to prepare for the exam.

Recommended Reading & Resource List

BCS provides a list of recommended resources too. This section lists some of the published material available on the GDPR. Candidates are not expected to study all of it, but should use selected publications to enhance their knowledge.

Evaluate yourself with Practice Tests

Practice Tests enhance your learning. It helps make you familiar with the exam and the pattern. Also, it helps you identify the status of your preparation and learning. It is highly recommended to attempt sample papers and practise tests before you go for the exam. TestPrepTraining provides you FREE practice tests where you can analyse your learning and evaluate your preparation.

Boost your chances to get ready to qualify the BCS GDPR Update: Foundation Certificate in Data Protection exam. Try Free Test Now!

Menu