Courses in

Computer Science and Applied Physics

Data Protection SPA

Certificate in Data Protection

A blended year long 30 credit Special Purpose Award, Level 8

Discipline: Computer Science and Applied Physics

Programme Code: 


Location: Mayo

NFQ Level: 8

Programme Duration: One year

Mode of Study: Full time

Application Route: Apply direct to GMIT

Entry Requirements: Applicants are required to have a level 7 or equivalent professional qualification/work experience.

Credits: 30

Places: 24


To be advised

Why Study?

Modern technologies allow for vast amounts of electronic data to be collected and retained by businesses, and at the same time, many organisations retain huge volumes of paper files. There are now significant legal responsibilities associated with collecting, retaining, and processing such data, because of the General Data Protection Regulation (GDPR).

This programme is aimed at developing knowledge, skills and competencies of those with decision making capabilities in the workplace so that they can become compliant for the requirements of the General Data Protection Regulation (GDPR). It will focus on practical knowledge and understanding of current data protection requirements and developing and implementing effective data protection policies and procedures for their organisations. This programme aims to equip students with an understanding of why these legal duties have arisen and how to comply with the obligations, which are now imposed.

Programme Modules

Modules include

Data Protection - Practice and Compliance (15 credits)

Database Management Systems (5 credits)

Data Protection Technologies (5 credits)

and The Next Step - Transitioning to Work (5 credits).

Learning Outcomes: 

  1. The learner will have an in-depth knowledge and understanding of the theories, concepts and methods pertaining to Data Protection and Data Protection Technologies. In particular, learners will have a comprehension of the concept of a legal right to personal privacy coupled with a knowledge of the theories and applications of Data Protection Technologies.
  2. The learner will be able to demonstrate an understanding of the methods and applications to manage data and information securely and appropriately. This will be framed by a detailed knowledge and understanding of the EU General Data Protection Regulation and the relevant enforcement mechanisms.
  3. The learner will be able to demonstrate their ability to implement and manage data protection systems which are legally compliant for their sector. They will also be able to apply the skills and tools necessary to carry out advanced research in Data Protection Technologies.
  4. Learners will have acquired the skills to implement and manage data protection systems and be able to make judgements on the nature of data, the most appropriate protections and the correct approach following a data breach for their sector. Similarly, learners will be able to exercise judgement in the planning, designing, technical and/or management functions relating to data protection technologies.
  5. Learners will have the ability to design and develop data protection solutions. They will acquire the competence to carry out secure data management, data backups, data retention and data processing and the use of secure network communication tools.
  6. Learners will have the capacity to critically reflect on their own data protection practice but also to ensure that their colleagues appreciate the breath and depth of responsibility that they collectively hold for data protection.
  7. Learners will have an awareness of the need for the methods and applications to manage data and information securely and appropriately. Their acquired knowledge of the principles of data protection will enable them to apply a clear framework in an unfamiliar context.
  8. Learners will gain an insight into the fundamental protection of personal privacy and will acquire the technical skills to protect this legal right in robust manner. They will have the capacity to appreciate how these rights have emerged from the EU legal framework.



Sources of Law; International Law; European Union Law; Constitutional Law; Legislation.

Historical Development of Concepts of Privacy
Rationale for privacy and data protection; Development of common law rules on privacy; Constitutional protection of privacy; Privacy and the European Convention on Human Rights; The EU Charter of Fundamental Rights.

Data Protection and the EU
The historical context to the GDPR; The GDPR, its aims objectives and scope; Article 29 Working Party.

Data Protection Legislation in Ireland
The Significance of EU Regulations; The role of the State in achieving compliance with EU law, Data Protection Legislation.

The Fundamental Principles of Data Protection;
Principles of Retention of Data. Personal Data Rights in relation to personal data: Duties of Data Processors and Data Controllers; the
obligations of Data Protection Officers; The right to: access information; to know what information is held; removal of information; prevent the
use of information; be forgotten; rights relating to direct marketing and Automated Decision Making.

Data & Public Sector
Current Obligations, Future Obligations; Data Sharing, Garda Vetting; Freedom of Information Legislation.

Data Protection Commissioner & Enforcement and Penalties
Data Protection Commissioner (DPC); statutory powers, duties and functions of the DPC are as established under the Data Protection Acts
1988 and 2003 and legislation currently before the Oireachtas; ‘Supervisory Authority’ under GDPR; Special Investigations Unit, Data
Protection Audits; Binding Corporate Rules; Case studies; Prosecutions.

Actions for breach of Privacy & Defamation
The distinction between civil and criminal proceedings; Possible compensation for breach of privacy; Defamation.

Data Protection Terminology
Data Controller, Data Processor, Data Subject, Confidentiality, Privacy, Authentication, Multi-factor Authentication, Authorization, Integrity, Security vs. Safety.

Data Protection Concepts
Personal Data, Categories of Data, Consent, Data Processing, Data Security, Data Threats.

Network / Web / E-Privacy
Secure Web Use, E-mail, Data Security, VPN's.

Personal Data - Data Processing
Processing of Data - obtaining, organising, retrieving, disclosing and erasing data, Data Portability.

Data Protection Management
Risk assessment, Securing data by design and/or by default.

Secure Data Management
Securing/Backing Up Data, Data Retention Policy, Cloud Security, Data Security in the Cloud.

Essential Information: 

Start Date

January 2022


How to Apply

***Applications can be made online at, using application type L8***

This user guide contains step by step instructions on how to create and submit an online application.

If you have any queries, please email 





Contact Us

Mark Frain