The General Data Protection Regulation requires all public authorities in the EU and many private organisations to appoint a data protection officer (DPO) to help with GDPR compliance.
The DPO position is a new professional role, and to meet the growing demand for DPOs IT Governance has created the Certified Data Protection Officer (C-DPO), a designation awarded to candidates who have successfully demonstrated their expertise in this field. This is done by passing the IBITGQ C-DPO examination, detailing DPO work experience and accrual of relevant CPD learning hours.
The GDPR does not specify the precise credentials a DPO is expected to have. However, in its published guidelines the European Data Protection Board (EDPB) defines certain minimum requirements regarding the DPO’s expertise and skills: Level of expertise – understanding how to build, implement and manage data protection programmes is essential. The more complex or high-risk the data processing activities are, the greater the expertise the DPO will need. Professional qualities – DPOs do not have to be lawyers, but they must have expertise in national and European data protection law. DPOs must also have a reasonable understanding of the organisation’s technical and organisational structure and be familiar with information technologies and data security
Aligned with regulatory, organisational and professional development needs, the DPO certification programme consists of 2 qualification levels: Foundation level – provides individuals with a certificate that recognises their entry into the DPO profession. Foundation level requires no previous DPO work experience, and is a knowledge-based exam following mandatory GDPR and DPO training course attendance. The certificate is valid for two years with recertification subject to a minimum of 12 months DPO work experience, or the pro-rata equivalent if working part-time, and 35 CPD learning hours. Advancement to Professional level certification is subject to a minimum of 24 months DPO work experience and 50 CPD learning hours. Professional level – recognises professionals who have two or more years of DPO or data protection work experience. It is a knowledge-based exam where GDPR and DPO attendance is not mandatory. Certification is valid for three years with recertification subject to a minimum of 12 months DPO work experience and 60 CPD learning hours.
The Foundation level certificate (CDPO-F) is targeted at individuals entering the data protection profession, or non-data protection professionals transitioning into the DPO role. There are no formal entry requirements.
Certified Data Protection Officer (C-DPO) Masterclass training course includes:
C-DPO certification is a public affirmation of your current level of professionalism, and your continued commitment to the DPO profession. If you are looking to enter the profession or working in the role of data protection, and have an advanced level of knowledge and experience, you will want to consider the many professional benefits of earning the C-DPO designation. It demonstrates: • Your knowledge of the skills necessary to be an effective DPO
• A proven level of competence in the principles and practices of data protection and security
Course pre-requisites: Delegates must hold the IBITGQ EU GDPR Foundation exam.
To attain certification attendance on one of the following DPO training pathways is mandatory: Training pathway 1 • Certified EU General Data Protection Regulation Foundation (GDPR) Training Course – 1 day • Certified Data Protection Officer (C-DPO) Masterclass Training Course – 4 days
Training pathway 2
• Certified EU General Data Protection Regulation Foundation (GDPR) Training Course – 1 day • Certified EU General Data Protection Regulation Practitioner (GDPR) Training Course – 4 days • Certified Data Protection Officer (C-DPO) Upgrade Training Course – 2 days
Registration is only required for the Professional level exam. To apply: 1. ensure you understand and meet the application criteria 2. register on-line at the certification page of the IT Governance website, including paying the application fee. 3. at registration include validation documentation i. your CV with sufficient information to show clearly a career pattern and data protection work experience ii. contact details of line manager or supervisor 4. IT Governance will review your application within 5 working days 5. once your application is approved, IT Governance will send you a voucher to sit the exam via online proctoring, and is valid for six months 6. should you not meet the eligibility requirements, you will be refunded the exam fee.
Candidates attending either the C-DPO masterclass or upgrade training courses are automatically enrolled on to the Foundation level exam. There is no extra charge for this exam.
Certification is attained if: 1. 75% of all the answers are correct, and 2. for each of the three modules, 50% of the answers are correct.
Each correct answer will count as 1 point. No points are awarded for questions incorrectly answered or left unanswered. At least 113 points must be obtained in order to pass.
With every growing dependence on information and communications, the scope of security practice has had to evolve from IT Security to Information Security and now on to Cyber Security and Cyber Resilience.
The Certified EU General Data Protection Regulation (GDPR) Certified Data Protection Officer qualification will be extremely beneficial to you because of the rapidly growing number of organisations that recommend that employees become certified.
If you are successful in passing the examination, you will be awarded the Certified EU General Data Protection Regulation (GDPR) Certified Data Protection Officer certificate.