We use cookies to help enhance your experience and improve the functionality of our website.
For more details and help to manage your cookie options read our Privacy & Cookies information.

During your Qualification you will gain:

  •  A solid working knowledge of the practical implications of the General Data Protection Regulation (GDPR) to help you avoid heavy fines and damage to your business’ reputation

This Certificate programme was awarded the Memcom 2018 Best Training or Accreditation Initiative and has been developed in partnership with the DMA Legal Team, DMA Responsible Marketing Committee and the GDPR External Working Party.

Course availability 

start study mode location member non-member exam fee
Online Online £1995.00 £1995.00 £0.00
more info
book until 3 Mar 2019
Online Online £1995.00 £1995.00 £0.00
more info
book until 17 Mar 2019
Online Online £1995.00 £1995.00 £0.00
more info
book until 31 Mar 2019

NB: Prices above subject to VAT.

Course information

Module 1: Introduction to GDPR 
  • Understand how the General Data Protection Regulation (GDPR) will affect processing outside of the EU
  • Recognise how the new GDPR was developed by EU lawmakers
  • How will the new law be enforced?
  • Key definitions and scope
  • The global scope of the new legislation
  • Who is affected by the Regulation and what are the responsibilities? 
Module 2: The principles of GDPR
  • The concepts behind the principle of Accountability
  • What the principle of accountability will mean to your businesses
  • The use of Data Protection Impact Assessments (DPIA) tools to measure accountability
  • The role of the Data Protection Officer (DPO) to keep checks on accountability
  • The importance of keeping records of processing activities
Module 3: The requirements for consent
  • What valid consent is under the GDPR
  • When organisations must use consent
  • When consent is not appropriate
  • Key practical changes to make to your consent statements
  • How long consent lasts for
Module 4: Legitimate interests 
  • What is it?
  • How to conduct the balancing test
  • Relevant examples of use and risk mitigations 
Module 5: Automated processing, including profiling
  • Definition and the 3 types of profiling
  • What are the specific requirements and conditions? 
Module 6: Individuals rights under GDPR and information to be given to data subjects under GDPR 
  • Right to object
  • Access to data & right to rectification
  • Right to be forgotten & right to erasure
  • Data minimisation
  • Right to data portability
  • Article 13: Information to be provided where personal data are collected from the data subject
  • Article 14: Information to be provided where personal data have not been obtained from the data subject
Module 7: Good data governance, data security and cloud computing
  • Role of a Data Protection Officer
  • Conducting a Data Protection Impact Assessment (DPIA)
  • Conducting a Data Protection Compliance Review (DPCR)
  • How to undertake risk minimisation measures
  • Data retention
  • Staff training
  • Understand data security risks
  • Ability to pursue confinement and data minimisation strategies
  • What are the changes to contracts under GDPR ISO27001 overlap
  • Cloud, computing considerations
  • Mobile technologies
  • Tokenisation
  • Data leakage monitoring  
Module 8: Action planning
  • Preparing an action plan for pre-implementation
  • Designing a ‘security aware’ culture
  • Managing data in a structured way
study mode

Enjoy the flexibility of devising your own personalised study routine with your programme deadlines via a stream of online content run over 12 months. You will receive email support and 24/7 access to course materials. For more information call 020 8614 0277. 

Corporate training
This programme can be fully customised and delivered to your staff in-house. For more information visit
course info

While we make every reasonable effort to make the course content as up-to-date and relevant as possible, it should not be used as a substitute for legal advice. If you have any questions on how the GDPR affects your business you should seek independent legal advice. All views expressed are the opinion of the tutor or speaker and may not represent the view of The IDM.

The IDM Professional Certificate in GDPR is a self-contained course that you should expect to spend 120 hours of study to complete.

It includes exercises, downloadable tools you can use in your business, real-world examples and videos from legal and marketing experts in the GDPR.

Who is the programme for?
Data Protection Officers (DPOs) for marketing companies and senior marketing managers across private, public, not-for-profit, charity and Government sectors. All employees who are directly accountable for Data Protection within their organisations. 
Benefits to the organisation
Non-compliance of the GDPR can result in fines of up to 4% of global turnover or €20m, whichever is the greater. Reputational damage could be worse as businesses lose market share and customer confidence.
Senior managers or DPO with a firm grasp of the technical and organisational implications of the GDPR and ePrivacy Regulation will help your business operate legally and confidently when the new laws come into force in May 2018.

Benefits to the individual
This Certificate programme, developed with the DMA, will give you the skills you need to deal with a wide range of Data Protection and Privacy challenges, and give you the confidence to change your organisation to make sure it is operates within the law come May 2018.

Lesley Tadgell-Foster F IDM, Managing Director, Shelfline Promotional Consultancy

Lesley works with a range of clients who need to find a bridge between the marketing department and legal. Her campaign planning experience has proved invaluable with clients who are seeking to maximise customer response and interaction.

For recent clients as diverse as ‘The Telegraph Group’ and AXA PPP Healthcare, she works with staff at all levels who need to re-think how they deliver communications programmes.

For a number of years she was an independent trainer for News International, The Daily Mail and Express Group.  She still has a soft spot for ‘ink on paper’, but is well familiar with the opportunities and constraints of maximising income and reader engagement online too.

Her speciality is helping clients deal with the challenges of creating marketing preferences that are brand relevant and develop customer trust, so that marketing messages are welcomed.  With her background in sales promotion, she also offers guidance on how best to deal with the ‘small print’ that helps the ‘Big Idea’ work in practice.

Lesley’s style is both informal and incisive, using real life 'best and worst' examples to help delegates think through the options for producing both digital and traditional media campaigns that win over customers, whilst staying on the right side of the law.

subject matter experts
Laura Irvine

Laura is a Partner in the Data Protection Team at BTO Solicitors LLP. She is an experienced Solicitor Advocate and a regulatory lawyer. She has a particular interest and expertise in data protection, privacy and information law.
Laura was co-counsel in relation to the first, and to date, only, successful appeal against an ICO fine for a breach of the Data Protection Act 1998. As a result Scottish Borders Council had their £250,000 fine returned to them.
Laura regularly provides contentious advice and assistance following data and cyber incidents to clients in the private, public and third sectors. She assists clients in handling subject access requests and how to comply with Data Protection Act 1998 and how to plan for the General Data Protection Regulation coming into force on 25 May 2018.  Laura is assisting several clients in the lead up to this significant regulatory change in the way that personal data is handled.
Laura is particularly passionate about data protection and according feedback from training sessions, makes an inherently dull subject entertaining.
Laura is a respected adviser on Cyber Resilience – the Scottish Government’s strategy in this crucial area. She is a Director of the Scottish Business Resilience Centre due to her expertise in cyber security law and is regularly asked to provide advice and training in this area.

Andrew Bridges

Joined REaD Group as Data Quality and Governance Manager in 2016 to spearhead the company's commitment to providing industry leading standards of data quality and governance. A ket part of Andrew's remit is ensuring REaD Group remains at the forefront of the EU regulatory landscape, in particular the new General Data Protection Regulation. Andrew has specialist expertise within European legislation and data regulation and information security. From 2012-2016, prior to joining REaD Group, Andrew held the roles as EMEA Data Governance Manager at AIMIA. During this time, Andrew led the formation and implementation of a universal governance framework across the company's European business divisions, as well as acting in an advisory role on key data management capabilities and design. 

Simon Hinks

Having started his data protection and direct marketing career in the travel industry, then moved to the Financial Services sector when the current 1998 Data Protection rules came into force, before deciding to set-up PMA his consultancy. A direct marketing practitioner and advocate of the power of data driven marketing, he is always keen to champion customer value management through effective segmentation and data complianec.

Initially worked with charities in 2016/2017 heping them become compliant with the current regulations and in preperation for GDPR. He has advised various businesses on their GDPR complaince, including car retailers, online/Smartphone app providers and legal firms. A member of the GDPR Institute and the Direct Marketing Association (DMA), also a judge for the annual Loyalty Awards.

Rosemary Smith

Rosemary began her career in publishing and then worked in the data business for Mardev and Axciom going on to start her first business, RSE Direct in 2003.

In 2004, with partner Jenny Moseley, she set up Opt-4 which advises organisations on UK and international data protection compliance and the maximization of marketing permissions. In 2014 she became co-founder of the Data Protection Network which offers advice and events for anyone involved in data compliance.

Rosemary has helped to shape the regulatory framework for marketing through extensive trade association involvement including chairmanship of the Direct Marketing Association's Board. She is currently Chair of the DM Trust. She has been an IDM tutor since 2004 and was made an Honorary Life Fellow of the IDM in 2009.

Tim Roe

Tim is a data marketing technologist and is responsible for privacy and compliance for RedEye, Tim is an experienced and qualified Direct Marketing professional and BCS certified data protection practitioner. Tim also holds a Masters level qualification on Data Protection law and Information Governance. 
Tim's experience covers a number of vertical markets, as well as industry wide risks, unravelling the complex issues of data protection and privacy law and finding workable solutions for the data marketing industry and its clients.

Tim is a regular industry blogger and euthor of a numerous white papers, including the DMA white paper email and cookies legislation.

Tim is an active industry contributer via the Direct Marketing Association (DMA) and contributes to the following groups;
  • Chair of the DMA GDPR task force
  • Member of the Responsible Marketing Committee
  • Chair of the email council GDPR working group
Specialities: Data Protection, Information Governance, ISO27001, Digital and Direct Marketing Strategy
Great course. Up-to-date content and a good mix of theory and practice. I’d definitely recommend.

Kam Reehal,
eCommerce & Digital Marketer, Cooksongold

Train Your Teams

Upskill your teams marketing capabilities with a tailored IDM training plan that suits your business

Enhance your career with the IDM

Your training partner in filling digital and direct marketing skills gaps, setting you apart as a doer

share on