Data Protection Certification Policy

Who should apply

This certification is the professional qualification for those working in the field of Data Protection. The objective of the certification and training programme is to enable participants to obtain an expert’s working knowledge of Data Protection and to qualify them as Data Protection professionals. The certification is offered in cooperation with the network of Data Protection Officers; and for the EPSO Competition for Administrators in the Field of Data Protection it is considered an asset by the European Union. Moreover, holding the EIPA professional certification shows to employers and other organisations that you possess an in-depth knowledge of data protection as well as the skills to implement it in practice.

Training and application
To prepare thoroughly for the examination, EIPA offers you twice a year a full-week programme (4-day training). On the last day of those courses, the examination takes place. Both courses are fully hands-on with lots of different case studies, parallel group-based workshops, individual Q&A and practical tools to retain and take away the must know knowledge for immediate use on the job. Moreover, each training day, a number of useful tips will be given to help you with the certification exam.

Examination
On completion of the course, participants can take part in an exam leading to the awarding of the EIPA Data Protection Professional Certificate.

A few details about the examination:

• Examinees are requested to use their own device. Ideally, either a laptop or a tablet is needed.
• Examinees must ensure to be able to submit their examination response in our learning platform accessed via an internet browser.
• The examination can be taken twice a year at EIPA headquarters in Maastricht or online, depending on the how the course is organised.
• The examination consists of two case-study questions, of which only one must be answered and which is intended to assess the understanding of the participants on how to interpret and apply the legal framework in practice.
• The examination lasts 2 hours.
• The maximum score obtainable is 100 points and in order to pass the examination, examinees need at least 60 points.
• While answering the case-study questions, examinees can access the legal texts that were provided as Course Materials in the learning platform of EIPA (Moodle). The texts will be selected by the Examination.

Examination process

Review
The examination board is composed of three members: one academic expert and two expert practitioners, one active under EUDPR and one under GDPR. The academic expert is the designated reviewer of the exam submissions, while the two expert practitioners lead the creation of the examination content. This general split between responsibilities is intended to strengthen the fairness in the review process. The academic expert will consult with the relevant practitioners’ colleagues in cases of uncertainties or appeals.

Language
The examination is offered in English only. The time limit for the examination is sufficient for the vast majority of candidates, including non-native English speakers. No points are deducted due to possible grammar or language mistakes.

Handling of exams
EIPA will take all available precautions to ensure the appropriate and secure handling of completed submissions.

Examination re-sit
In the event you did not manage to reach the set threshold and did therefore not pass the exam, you are offered the opportunity to do one examination re-sit for €150 within one year.

The Examination Board
The exam is under the supervision of an examination board. The examination board meets regularly to discuss the certification course requirements and approve the examinations. They discuss as needed to review and resolve any submitted certification appeals. The examination board consists of experts who have proven knowledge of and practical expertise in the field of data protection, one of whom will serve as chair.

Certificate validity
Data Protection issues continue to change and it is very important to keep yourself ahead and update your knowledge regularly. Therefore, the EIPA certificate is valid for a period of two years. In order to update your knowledge and maintain the validity of your certificate you will need to attend EIPA’s refresher course on data protection every two years. You will receive an updated certificate after taking part in this.

AI Policy
EIPA is aware that Artificial Intelligence (AI) is considered a technological tool with great potential. However, when using AI as data protection expert, the answers provided by AI need to be checked carefully to ensure that they fully reflect data protection law, such as legislation, guidance by Data Protection Authorities, case law, etc.

The Data Protection Certification course aims, inter alia, at providing you with the skills needed to do this. The examination tests whether you have acquired these skills. Consequently, EIPA considers that the use of AI in responding to the test questions of the Data Protection Certification exam is not in line with the objective of the Data Protection Certification course and the purpose of this examination. An infringement of the EIPA AI Policy will invalidate the data protection certification.

Examinees will be asked, at the beginning of the examination, to digitally sign a declaration that confirms their adherence to the EIPA AI Policy.