Certificate in Data Protection Practice

Start Date 26 February 2020 at 6:00 PM
Assessment 2,500-word written assignment, including case-study scenarios (70%), multiple choice questions (20%) and continuous assessment through online activities (10%). Assignment submission: 3 July 2020.
Delivery Method Blended learning: introductory lecture on-site and webcast online; thereafter, online lectures on Wednesdays, with online workshops on Saturdays. Facility to interact with lecturers online.
CPD Hours The number of hours of CPD that you may claim in relation to this course will depend on the way in which you access each of the individual sessions.  For further information and the booklet, see CPD scheme.
Course Leader Ríona Leahy, Solicitor, Course Leader: R.Leahy@LawSociety.ie.



This item is not available to book online

Short video testimonial


Application information

We are no longer accepting applications for this course.

If you are interested in applying for a future offering of the course, please register here for our Interested List. We would be happy to contact you when applications open for the next offering. We look forward to welcoming you to study with the Diploma Centre.

Solicitors and Trainees

To pay online click on the 'Book Now' button. For all other methods of payment including, draft, cheque and EFT please see our methods of payment .

Other Professionals

We welcome applications for this course from suitably qualified professionals. Your application must be approved before you can formally register on the course. To apply please email the following documents to diplomateam@lawsociety.ie :

  1. A completed application form (see below)
  2. Your Curriculum Vitae
  3. A short cover letter setting out your relevant experience

Please note, for non-members this course is subject to a supplemental fee of €100 bringing the total course fee to €1,650. No fees are required prior to approval.


Further information on this course including course structure, module scheme, faculty and workshop dates are set out below. Clicking on the links will bring you directly to that section or simply scroll through to read all the content.

Programme objectives

On completion of this training programme, participants will have:

  • A comprehensive knowledge of Regulation 2016/679 (the GDPR),
  • An understanding of the data protection framework in Ireland as governed by the Data Protection Acts 1988-2018,
  • An ability to apply that knowledge to a range of data protection issues in practice and to evaluate the role of the data protection officer,
  • The skills to advise on subject access requests, legitimate processing, data retention, consent, and international data transfers,
  • The confidence to recognise when a data breach has occurred and the notification requirements,
  • The ability to analyse sanctions for non-compliance and the powers of the Data Protection Commission,
  • The skills to conduct a data privacy impact assessment and a data protection audit and to report on an organisation’s data governance and security.

Programme structure and approach to learning

The General Data Protection Regulation (Regulation 2016/679) came into force in May 2018 and, as a result, the data protection landscape has changed significantly. This certificate will offer an in-depth analysis of the new data protection framework, the data protection legislation, and how to comply with the GDPR in practice. 

Data is now a valuable commodity. Modern technologies allow for huge volumes of data to be collected by companies on a daily basis. There are many legal responsibilities associated with collecting, retaining, and processing such data. Data protection laws act to balance an individual’s right to privacy with a company’s ability to use that data. It is essential that the use of data is regulated to prevent against abuses, while at the same time ensuring that companies can use data efficiently and effectively.

Participants will be brought through the application of the law by experienced data protection practitioners and privacy consultants from private practice, the public sector, and from large multinationals. There is a strong focus on the GDPR and how to apply it in practice. This course will ensure that participants are equipped to deal with the compliance issues that arise in practice. 

Online and interactivity

Course materials, including webcasts of lectures, will be released each week online. In addition, online participation will be required. There will be three interactive online workshops to enable participants to connect with expert contributors and to consolidate their knowledge. Participants are also afforded the opportunity to interact with the expert contributors online each week. Participants are invited to have an open-minded approach to learning and are encouraged to interact and share knowledge with colleagues, as engaging online is a central element of online courses.


The programme is based on the following module scheme and covers key themes as listed below:

Module 1: Introduction to data protection law

  • Origins of data protection law,
  • Data protection concepts and principles,
  • Overview of data protection landscape.

Module 2: Data processing and sharing

  • Legitimate processing,
  • Data retention,
  • Data access requests,
  • Government data, public sector,
  • Data protection v freedom of Information,
  • Litigation –legal professional privilege/discovery.

Module 3: Data processing and personal rights

  • Removal, amendments, rectification,
  • The right to be forgotten,
  • Direct marketing,
  • Automated decision making,
  • State surveillance.

Module 4: General Data Protection Regulation

  • Overview of key changes,
  • Impact of changes on processing, consent, outsourcing,
  • Compliance and enforcement,
  • Requirement to have a DPO,
  • Changes referenced in each Module throughout the certificate.

Module 5: Data governance

  • Role of the data protection officer,
  • Data breaches,
  • Powers of Data Protection Commission,
  • Privacy impact assessments.

Module 6: International data transfers

  • Data transfer risks,
  • Transfers outside EEA,
  • Effect of Brexit data transfers,
  • Supervision, enforcement, offences.

Module 7: Data protection compliance

  • CCTV,
  • Direct marketing,
  • Cookies, the Cloud,
  • Outsourcing,
  • Drones, biometrics, wearable technology.

Module 8: Data governance framework

  • Best practice models,
  • Information Asset Life Cycle,
  • Aligning data protection and data governance,
  • Standard frameworks and ISOs,
  • Measuring date protection compliance.

Module 9: Change management

  • Context and rationale,
  • Principles of change management,
  • Data protection training.

Module 10: Data security and technology

  • Physical security of data,
  • Virtual security of data,
  • Technical considerations.

Module 11: Ethics in data protection

  • Ethical first principles,
  • A framework for ethics in information management,
  • Practical application.

Module 12: Data protection update

  • Global view and EU v US approach,
  • Overview of recent data protection issues.


Workshops are interactive sessions that focus on group problem-solving and are designed to revise all modules covered to date and to consolidate the student’s knowledge.

1Workshop 1 Saturday 28 March 2020Online – 
Log in at an appointed time required in order to participate.
2Workshop 2Saturday 25 April 2020Online – 
Log in at an appointed time required in order to participate.
3Workshop 3Saturday 06 June 2020Online – 
Log in at an appointed time required in order to participate.


2,500 word assignment including case-study scenarios and multiple choice questions. Assignment submission: Friday 3 July 2020.

Who should attend?

This course is suitable for:

  • Solicitors, barristers, and trainees who currently advise or aspire to advise on data protection issues,
  • Data protection officers,
  • Compliance Officers,
  • IT professionals,
  • Professionals who are data controllers/processors and need to understand their legal obligations/duties,
  • All professionals advising on/working in the area of data protection who need to update their knowledge on the GDPR,
  • Suitably qualified professionals wishing to move into the area of data protection, and
  • Individuals who have an interest in protecting their personal data.

We welcome applications from others who are suitably qualified. Please explain your interest and set out any relevant experience in a cover letter and a brief CV. Such applications are subject to a supplemental fee of €100. 

Hear from our graduates

Laura Ni Dhruachain

“This course has been very helpful in furthering my understanding of data protection practice. The practical-orientated focus of the course enabled me to fully understand complex legislation in its day-to-day application. The online delivery of the course was great, as it enabled me to learn at my own pace and in my own time, without interfering with my work responsibilities. The content of the course was comprehensive, covering all remits of data protection law, such as data processing and sharing, the personal rights of data subjects, international data transfers, and the General Data Protection Regulation. The calibre of the lecturers was excellent, and the various backgrounds of the lecturers added value to the course delivery.” 

Laura Ní Dhruacháin (technology and commercial contracts solicitor, William Fry)
Certificate in Data Protection Practice, Autumn 2016


The teaching faculty for this certificate comprises a fantastic array of data protection experts.

Previous lecturers have included:

  • Chris Bollard, Matheson,
  • Fergal Crehan BL, Three,
  • Olga Gaffney, Michael J. Breen & Co. Solicitors,
  • Dr. Denis Kelleher, LinkedIn,
  • Jeanne Kelly, LK Shields,
  • Fred Logue, FP Logue Solicitors,
  • Phil Lee, Fieldfisher,
  • Ian Long, Groupon International,
  • Simon McGarr, Data Compliance Europe,
  • Patricia McGovern, DFMG Solicitors,
  • Dr. TJ McIntyre, UCD and Digital Rights Ireland,
  • Anna Morgan, Office of the Data Protection Commissioner,
  • Emerald De Leeuw, Eurocomply,
  • Linda Ní Chullaidh, CITI,
  • Daragh O’Brien, Castlebridge,
  • Dr. Katherine O’Keefe, Castlebridge,
  • Richard O’Sullivan, Global Shares Plc,
  • Ruth O’Toole, DAON,
  • Emma Redmond, Stripe,
  • Kenneth Ruane, An Garda Síochána,
  • Aoife Sexton, Truata,
  • Kate Colleary, Colleary & Co, Pembroke Privacy,
  • Julie Shackleton, HBX, Harvard Business School,
  • Oisin Tobin, Mason Hayes & Curran.


We have designed our courses to enable you to satisfy as much of your CPD requirement as possible. Time spent attending lectures and workshops in person or completing these via e-learning as part of your course can be claimed towards your annual CPD requirement. The number of hours of CPD that you may claim in relation to your diploma/certificate course will depend on the way in which you access each of the individual sessions. For further information, visit the CPD scheme  and download the CPD booklet. 

The Diploma Centre team will host our annual CPD conference in November 2019. This complimentary event is a dedicated management and professional development skills and regulatory matters session. We will post an invitation on your Diploma Hub page later in the year. 


Ríona Leahy, Solicitor, Course Leader: R.Leahy@LawSociety.ie.

*Every effort has been made to ensure the information contained in these pages is accurate and up to date. However timetables and course content are subject to change and date and time changes may occur due to factors beyond our control.


Back to top




This item is not available to book online