Certified Data Protection Practitioner in Education / Foundation (CDPPE/F)

The only certified training for data protection practitioners in education

The best and only certified specialist data protection available for data protection practitioners in education

In the rapidly evolving landscape of data protection and technology, it can be difficult to keep up.

Your professionals and organisation need and deserve the best training available.

This 2-day Certified foundation data protection course combines our deep understanding of how data protection law applies in the education sector with the power of certification, allowing us train your professionals to the rigour required and accurately measure what they have learned. The result ? Your professionals become more capable and confident with their new – found skills whilst your organisation is equipped to achieve and maintain compliance.

You can choose to take the course with or without sitting the exam. If you sit and pass the exam, you will achieve certified status.*

With certified status you will be able to demonstrate you have what it takes.

* Certification follows passing the exam which is optional.

Course delegates can choose to develop their knowledge and skill – set further by taking the “Certified Data Protection Practitioner in Education / Advanced

Why Choose Use?

1. A unique and rigorous, sector-specific approach which sets it apart from other training courses

There are many data protection training courses available but most are general and not geared to those working in educational establishments. The key to data protection expertise is not just understanding the law but the nuanced approach of how it applies to a school, a college and to children/students. This is because the law varies between different types of educational establishment and whether you are a public authority or not. Also, unlike most other data protection trainers, we are familiar with the overall education law landscape that interfaces with data protection law. These other laws also come into play when applying GDPR in your sector.

2. Unique Certified Status

The 2-day “Certified Data Protection Practitioner in Education / Foundation” is the only specialist certified course currently available for data protection practitioners working in educational establishments. Measurable output means you can see evidence from your investment into training and compliance, whilst your staff are rewarded for their hard work with increased satisfaction and a qualification. Certification is evidence that helps your organisation comply with the GDPR Accountability Principle and is a return on your investment.

3. Lawyer-led trainer with over 20 years’ experience working in education sector

The trainer is one of the UK’s leading Privacy and Data Protection lawyers with over 20 years advising schools, colleges and universities on data protection compliance. Director of Content at Tenjin, Partner at Excello Law, and Former Head of Information Law at Stone King Solicitors. See their full biography here.

4. Course affiliated with Amberhawk Training

The course is affiliated and approved by Amberhawk Training Limited, one of the UK’s leading data protection training companies in the UK, with over 60 years’ combined experience. You can therefore be confident that the course and exam have been vetted by leading data protection experts.

Course details & FAQ's


2 days (Plus optional exam clinic (free of charge) and examination)


Live online virtual classroom via MS Teams.

Who should attend?:

Data Protection Officers, Data Protection Leads and anyone who has to deal with data protection compliance in an education setting.

What level?:

This is a Foundation course. No previous data protection knowledge is required. (The Advanced Course and Certificate is available separately.)

What will I learn?:

What you need to perform your job well. Read the full syllabus here:

  • The school/college’s main obligations under the General Data Protection Regulation (UK GDPR), Data Protection Act 2018 and Privacy and Electronic Communication Regulations 2003 (PECR) plus horizon scanning and the Data Protection and Digital Information Bill.
  • The role of a DPO/Data Protection Lead. How to garner support, achieve (and maintain) compliance.
  • Creating and maintaining a successful culture of data protection compliance in your school or college;
  • Recognising and dealing with Individual Rights including tactical and lawful management of Subject Access Requests;
  • Recognising, managing and avoiding personal data breaches;
  • Complying with the 7 Data Protection Principles with education-specific examples of compliance;
  • What are the minimum technical and organisational security measures is a school/college expected to take to keep personal data secure ? (Encryption, pseudonymisation, mandatory staff data protection training; data backup protocols);
  • The importance of knowing your lawful basis for using personal data;
  • Which Article 6 lawful basis pairs with which Article 9 condition ?
  • I understand the Article 6 lawful bases but how do I navigate the Data Protection Act conditions for using special category personal data?
  • What is an Appropriate Policy Document and when does the law say we have to have one in place?
  • When can/should we use “consent” to process personal data? How do I create proper Consent mechanisms/forms ? When should consent be avoided?
  • What are the current rules if we or a service provider transfers personal data outside the UK (e.g. Mailchimp) ?
  • What is the essential data protection documentation a school needs and what does it need to cover off? Privacy Notices, Data Protection Policies, Legitimate Interest Assessments, Record of Processing Activities (ROPA);
  • High level review of key data protection hot spots in school/college;
  • Overcoming the tripwires when sharing data with a Processor (e.g. outsourcing of processing to Edtech software providers) or Independent Controller (e.g. Police requests for personal data) or Joint Controller (e.g. another entity on your school Foundation, Alumni body or other school).
  • Using student images/video lawfully; a practical route map.
  • An overview of lawful direct marketing and fundraising;
  • The role of the ICO; what are the potential penalties for breaching data protection law?

Is there an exam?:

Yes. The 1-hour computer-based exam (closed book) is optional but must be passed in order to achieve certified status. 45 multi-choice questions. 65 % pass rate.


£1200 to include:

Next dates:

3rd & 4th October 2023

14th & 15th November 2023

How do I book?:

Complete the online booking form by clicking below.

Further questions?:

What next?

The follow-on course from this Foundation course is the ‘Certified Data Protection Practitioner in Education / Advanced’. COMING SOON

Now booking for: October and November

This site uses cookies to enhance your user experience