IDM Professional Certificate in GDPR AUS | IDM
  • You will learn to
  • Details
  • Course availability

During your Qualification you will gain:

  • A solid working knowledge of the practical implications of the General Data Protection Regulation (GDPR) to help you avoid heavy fines and damage to your business' reputation

This Certificate programme has been developed in partnership with the DMA Legal Team, DMA Responsible Marketing Committee and the GDPR External Working Party.

See below for further course details and full programme information.

Ready to upskill your team with the IDM? Explore our Corporate Training option, here


Online (35 CPD hours)

Get in touch...

To discuss your options, please get in touch with one of our learning and development team:

Course availability

Please get in touch for more information. Call us on 020 8614 0255 or email on

Qualification Information

This qualification is made up of eight modules. You will also be required to complete two x one hour online examinations.
  • Paper 1: to test your factual knowledge
  • Paper 2: to apply your knowledge to real-life or realistic scenarios

Module 1: Introduction to GDPR

  • Understand how the General Data Protection Regulation (GDPR) affects processing outside of the EU
  • Recognise how the GDPR was developed by EU lawmakers
  • How is the law enforced?
  • Key definitions and scope
  • The global scope of the legislation
  • Who is affected by the Regulation and what are the responsibilities?

Module 2: The principles of GDPR

  • What are the ‘new’ principles and what practical impacts do these have?
  • How do they compare with the principles under Data Protection Act 1998?

Module 3: The requirements for consent

  • Consent - under GDPR & ICO guidance, covering both 1st and 3rd party consent, with relevant examples
  • Includes comparison between GDPR and current law (DPA & PECR)

Module 4: Legitimate interests

  • What is it?
  • How to conduct the balancing test
  • Relevant examples of use and risk mitigations

Module 5: Automated processing, including profiling

  • Definition and the 3 types of profiling
  • What are the specific requirements and conditions?

Module 6: Individuals rights under GDPR and information to be given to data subjects under GDPR

  • Right to object
  • Access to data & right to rectification
  • Right to be forgotten & right to erasure
  • Data minimisation
  • Right to data portability
  • Article 13: Information to be provided where personal data are collected from the data subject
  • Article 14: Information to be provided where personal data have not been obtained from the data subject

Module 7: Good data governance, data security and cloud computing

  • Role of a Data Protection Officer
  • Conducting a Data Protection Impact Assessment (DPIA)
  • Conducting a Data Protection Compliance Review (DPCR)
  • How to undertake risk minimisation measures
  • Data retention
  • Staff training
  • Understand data security risks
  • Ability to pursue confinement and data minimisation strategies
  • What are the changes to contracts under GDPR ISO27001 overlap
  • Cloud, computing considerations
  • Mobile technologies
  • Tokenisation
  • Data leakage monitoring

Module 8: Action planning

  • Preparing an action plan
  • Designing a ‘security aware’ culture
  • Managing data in a structured way


Enjoy the flexibility of devising your own personalised study routine with your programme deadlines via a stream of online content run over 12 months. You will receive email support and 24/7 access to course materials. For more information call 020 8614 0277.

While we make every reasonable effort to make the course content as up-to-date and relevant as possible, it should not be used as a substitute for legal advice. If you have any questions on how the GDPR affects your business you should seek independent legal advice. All views expressed are the opinion of the tutor or speaker and may not represent the view of The IDM.
The IDM Professional Certificate in GDPR is a self-contained course that you should expect to spend 120 hours of study to complete.
It includes exercises, downloadable tools you can use in your business, real-world examples and videos from legal and marketing experts in the GDPR.

Who is the programme for?

Data Protection Officers (DPOs) for marketing companies and senior marketing managers across private, public, not-for-profit, charity and Government sectors. All employees who are directly accountable for Data Protection within their organisations.

Benefits to the organisation

Non-compliance of the GDPR can result in fines of up to 4% of global turnover or €20m, whichever is the greater. Reputational damage could be worse as businesses lose market share and customer confidence.

Senior managers or DPO with a firm grasp of the technical and organisational implications of the GDPR and ePrivacy Regulation will help your business operate legally and confidently when the new laws come into force in May 2018.

Benefits to the individual

This Certificate programme, developed with the DMA, will give you the skills you need to deal with a wide range of Data Protection and Privacy challenges, and give you the confidence to change your organisation to make sure it is operates within the law come May 2018.

Subject matter experts

Laura Irvine

Laura is a Partner in the Data Protection Team at BTO Solicitors LLP. She is an experienced Solicitor Advocate and a regulatory lawyer. She has a particular interest and expertise in data protection, privacy and information law.

Laura was co-counsel in relation to the first, and to date, only, successful appeal against an ICO fine for a breach of the Data Protection Act 1998. As a result Scottish Borders Council had their £250,000 fine returned to them.

Laura regularly provides contentious advice and assistance following data and cyber incidents to clients in the private, public and third sectors. She assists clients in handling subject access requests and how to comply with Data Protection Act 1998 and how to plan for the General Data Protection Regulation coming into force on 25 May 2018. Laura is assisting several clients in the lead up to this significant regulatory change in the way that personal data is handled.

Laura is particularly passionate about data protection and according feedback from training sessions, makes an inherently dull subject entertaining.

Laura is a respected adviser on Cyber Resilience – the Scottish Government’s strategy in this crucial area. She is a Director of the Scottish Business Resilience Centre due to her expertise in cyber security law and is regularly asked to provide advice and training in this area.

Andrew Bridges

Joined REaD Group as Data Quality and Governance Manager in 2016 to spearhead the company's commitment to providing industry leading standards of data quality and governance. A ket part of Andrew's remit is ensuring REaD Group remains at the forefront of the EU regulatory landscape, in particular the new General Data Protection Regulation. Andrew has specialist expertise within European legislation and data regulation and information security. From 2012-2016, prior to joining REaD Group, Andrew held the roles as EMEA Data Governance Manager at AIMIA. During this time, Andrew led the formation and implementation of a universal governance framework across the company's European business divisions, as well as acting in an advisory role on key data management capabilities and design.

Simon Hinks

Having started his data protection and direct marketing career in the travel industry, then moved to the Financial Services sector when the current 1998 Data Protection rules came into force, before deciding to set-up PMA his consultancy. A direct marketing practitioner and advocate of the power of data driven marketing, he is always keen to champion customer value management through effective segmentation and data complianec.
Initially worked with charities in 2016/2017 heping them become compliant with the current regulations and in preperation for GDPR. He has advised various businesses on their GDPR complaince, including car retailers, online/Smartphone app providers and legal firms. A member of the GDPR Institute and the Direct Marketing Association (DMA), also a judge for the annual Loyalty Awards.

Tim Roe

Tim is a data marketing technologist and is responsible for privacy and compliance for RedEye, Tim is an experienced and qualified Direct Marketing professional and BCS certified data protection practitioner. Tim also holds a Masters level qualification on Data Protection law and Information Governance.

Tim's experience covers a number of vertical markets, as well as industry wide risks, unravelling the complex issues of data protection and privacy law and finding workable solutions for the data marketing industry and its clients.
Tim is a regular industry blogger and euthor of a numerous white papers, including the DMA white paper email and cookies legislation.
Tim is an active industry contributer via the Direct Marketing Association (DMA) and contributes to the following groups;
  • Chair of the DMA GDPR task force
  • Member of the Responsible Marketing Committee
  • Chair of the email council GDPR working group
Specialities: Data Protection, Information Governance, ISO27001, Digital and Direct Marketing Strategy

London (W1W 8SS)

Get in touch...

To discuss your options, please get in touch with one of our learning and development team:

Get in Touch