Courses in


Data Protection

Certificate in Business in Data Protection (Special Purpose Award)

GMIT Mayo campus, Castlebar is offering a 30-credit Certificate in Business in Data Protection (Special Purpose Award) starting in September 2020, 1-year duration

Why Study?: 

Modern technologies allow for vast amounts of electronic data to be collected and retained by businesses, and at the same time many organisations still retain huge volumes of paper files.

There are now significant legal responsibilities associated with collecting, retaining, and processing such data, as a consequence of the General Data Protection Regulation (GDPR) and The Data Protection Act, 2018.

This course aims to develop knowledge, skills and competencies of those with decision making responsibilities in the workplace (or in respect of a voluntary organisation) so that they can become compliant for the requirements of the General Data Protection Regulation (GDPR). This course will focus on practical knowledge and understanding of current data protection requirements and the development and implementation of effective data protection policies and procedures for organisations.

This is a part time award delivered in a blended approach to serve the needs of those in employment and those who are balancing work, home and educational commitments. Appendix 1 sets out the time table for the face to face lectures on the Mayo Campus.

This course is suitable for public, private and voluntary sector, or any person who needs an understanding of data protection requirements and what policies and procedure need to be achieved for compliance. It will have relevance for those managing personal private data such as professional practice managers; Human Resource staff; Database Administrators; IT support staff; Payroll employees; Health Sector Employees, Voluntary Organisations / Charities.

Programme Modules: 

The award comprises of three modules:

  1. Data Protection – Law and Compliance  (15 Credits)
  2. Data Protection – Techniques & Technologies (10 Credits)
  3. The Next Step -Transitioning to Work (5 credits)

Learning Outcomes: 

  1. The learner will have an in-depth knowledge and understanding of the theories, concepts and methods pertaining to Data Protection and Data Protection Technologies. In particular, learners will have a comprehension of the concept of a legal right to personal privacy coupled with a knowledge of the theories and applications of Data Protection Technologies.
  2. The learner will be able to demonstrate an understanding of the methods and applications to manage data and information securely and appropriately. This will be framed by a detailed knowledge and understanding of the EU General Data Protection Regulation and the relevant enforcement mechanisms.
  3. The learner will be able to demonstrate their ability to implement and manage data protection systems which are legally compliant for their sector. They will also be able to apply the skills and tools necessary to carry out advanced research in Data Protection Technologies.
  4. Learners will have acquired the skills to implement and manage data protection systems and be able to make judgements on the nature of data, the most appropriate protections and the correct approach following a data breach for their sector. Similarly, learners will be able to exercise judgement in the planning, designing, technical and/or management functions relating to data protection technologies.
  5. Learners will have the ability to design and develop data protection solutions. They will acquire the competence to carry out secure data management, data backups, data retention and data processing and the use of secure network communication tools.
  6. Learners will have the capacity to critically reflect on their own data protection practice but also to ensure that their colleagues appreciate the breath and depth of responsibility that they collectively hold for data protection.
  7. Learners will have an awareness of the need for the methods and applications to manage data and information securely and appropriately. Their acquired knowledge of the principles of data protection will enable them to apply a clear framework in an unfamiliar context.
  8. Learners will gain an insight into the fundamental protection of personal privacy and will acquire the technical skills to protect this legal right in robust manner. They will have the capacity to appreciate how these rights have emerged from the EU legal framework.



Sources of Law; International Law; European Union Law; Constitutional Law; Legislation.

Historical Development of Concepts of Privacy
Rationale for privacy and data protection; Development of common law rules on privacy; Constitutional protection of privacy; Privacy and the European Convention on Human Rights; The EU Charter of Fundamental Rights.

Data Protection and the EU
The historical context to the GDPR; The GDPR, its aims objectives and scope; Article 29 Working Party.

Data Protection Legislation in Ireland
The Significance of EU Regulations; The role of the State in achieving compliance with EU law, Data Protection Legislation.

The Fundamental Principles of Data Protection;
Principles of Retention of Data. Personal Data Rights in relation to personal data: Duties of Data Processors and Data Controllers; the
obligations of Data Protection Officers; The right to: access information; to know what information is held; removal of information; prevent the
use of information; be forgotten; rights relating to direct marketing and Automated Decision Making.

Data & Public Sector
Current Obligations, Future Obligations; Data Sharing, Garda Vetting; Freedom of Information Legislation.

Data Protection Commissioner & Enforcement and Penalties
Data Protection Commissioner (DPC); statutory powers, duties and functions of the DPC are as established under the Data Protection Acts
1988 and 2003 and legislation currently before the Oireachtas; ‘Supervisory Authority’ under GDPR; Special Investigations Unit, Data
Protection Audits; Binding Corporate Rules; Case studies; Prosecutions.

Actions for breach of Privacy & Defamation
The distinction between civil and criminal proceedings; Possible compensation for breach of privacy; Defamation.

Data Protection Terminology
Data Controller, Data Processor, Data Subject, Confidentiality, Privacy, Authentication, Multi-factor Authentication, Authorization, Integrity, Security vs. Safety.

Data Protection Concepts
Personal Data, Categories of Data, Consent, Data Processing, Data Security, Data Threats.

Network / Web / E-Privacy
Secure Web Use, E-mail, Data Security, VPN's.

Personal Data - Data Processing
Processing of Data - obtaining, organising, retrieving, disclosing and erasing data, Data Portability.

Data Protection Management
Risk assessment, Securing data by design and/or by default.

Secure Data Management
Securing/Backing Up Data, Data Retention Policy, Cloud Security, Data Security in the Cloud.

Entry Requirements: 

The minimum entry requirements are those stated by the Institution in its Access, Transfer and Progression Policy at any given time. At present they are a
Grade O6/H7 or better in six Leaving Certificate subjects including English or Irish and Mathematics. Two of the six Leaving Certificate subjects must be
passed in higher level papers at Grade H5 or higher.


Equivalent qualifications and scores from other countries which will be assessed and scored by the Institute.


A Pass in any QQI FET Major Award at level 5 or 6 with distinction grade in at least three components.


A Pass in in a QQI FET Foundation Certificate, the NUIG/GMIT Foundation Certificate or any Foundation Certificate delivered by the regional cluster
(GMIT, NUIG, IT Sligo or IT Letterkenny).


Applicants who have a background in using data management systems will be considered for entry following an interview, subject to GMIT regulations. Noncognate area degree is acceptable for entry to this SPA provided the candidate can demonstrate an understanding of module topics and suitability for the programme to their continued academic development.

Other Essential Information: 

Applications are made via Online Admissions, please select application type M7***.

This user guide contains step by step instructions on how to create and submit an online application.

If you have any queries on this please email


Full fee is €3,000. 

Discipline: Business

Programme Code: 


Location: Mayo

NFQ Level: 8

Category: Springboard/ICT Skills


Lifelong Learning Office at GMIT Mayo Campus -

Places: 24

Programme Duration: One year