Who should apply
This certification is the professional qualification for those working in the field of Data Protection. The objective of the certification and training programme is to enable participants to obtain an expert’s working knowledge of Data Protection and to qualify them as Data Protection professionals. The certification is offered in cooperation with the network of DPOs and for the EPSO Competition for Administrators in the Field of Data Protection it is considered an asset by the European Union. Moreover, holding the EIPA professional certification shows to employers and other organisations that you possess an in-depth knowledge of data protection as well as the skills to implement it in practice.
Training and application
To prepare thoroughly for the examination, EIPA offers you once a year a full-week programme (4-day training) and once a year an advanced programme (3-day training). On the last day of those courses, the examination takes place. Both courses are fully hands-on with lots of different case studies, parallel group based workshops, individual Q&A and practical tools to retain and take away the must know knowledge for immediate use on the job. Moreover, each training day, a number of useful tips will be given to help you with the certification exam.
On completion of the course, participants can take part in a test leading to the awarding of the EIPA Data Protection Professional Certificate.
A few details about the test:
- The examination can be taken twice a year at EIPA headquarters in Maastricht only.
- The examination consist of two parts: a multiple-choice test and an open question.
- The examination lasts approximately 2 hours.
- The passing score is 60% for the aggregated result, and at least 60% per part.
- Open question review
In order to guarantee a fair process, two randomly allocated reviewers from the examination board will evaluate the open question separately. The Chair of the examination board will have the last word after seeing the conclusions of both reviewers.
The examination is offered in English only. The time limit for the examination is sufficient for the vast majority of candidates, including non-native English speakers. No points are deduced due to possible grammar or language mistakes.
- Handling of exams
EIPA will take all available precautions to ensure the appropriate and secure handling of completed tests.
- Examination resit
In the event you did not manage to reach the set threshold and did therefore not pass the exam, you are offered the opportunity to do one examination resit for €150 within one year. For the examination resit you will always have to pass again both elements of the exam: the multiple-choice test and the open questions.
Data Protection issues continue to change and it is very important to keep yourself ahead and update your knowledge regularly. Therefore, the EIPA certificate is valid for a period of two years.
In order to update your knowledge and maintain the validity of your certificate you will need to attend EIPA’s advanced programme on data protection every two years. You will recieve an updated certificate after taking part in this.
The certification exam
The certification exam consists of two parts:
- 33 multiple-choice questions. We will award 3 points per question answered correctly. In addition, you will have the opportunity to gain additional points by answering two bonus questions correctly. The multiple-choice questions will assess the general understanding of the data protection law. This part of the exam will last 45 minutes.
- One open question. We offer you two optional questions. You can choose one of them to answer. You can obtain a maximum of 100 points by answering the question correctly. The open question is intended to assess the understanding of the participants on how to interpret and apply the legal framework in practice. This part of the exam will last 75 minutes.
Both the multiple-choice test and the open question will contribute in equal parts to the final result of the examination. To pass, a minimal score of 60 points is needed for the individual parts of the test, with a required total number of points of 120 for the full examination (i.e. 60%).
The multiple-choice test will cover all the main data protection topics that are part of the certification training course. These are:
- Legislative landscape
Directive 95/46/EC | Regulation (EC) 45/2001 | Convention 108 | Charter and ECHR | GDPR | Applicable law
- Notions of data protection legislation
Definitions | Scope | Grounds for processing | Notification | Prior checking | Privacy by Design & Default | Privacy Impact Assessment
- Actors in data protection
Controller | Processor
- Rights of individuals
Information | Access | Deletion / right to be forgotten
- Processing of sensitive data
- Data security
General obligation | Data breaches
- International transfers
Notion of adequacy | Adequacy instruments: SCC, BCR | Safe Harbor | Derogations
Data protection authority | Data protection officer | EDPS | WP29
The examination board
The examination board meets regularly to discuss the certification course requirements and approve the examinations. They discuss as needed to review and resolve any submitted certification appeals. The current examination board consists of the following experts:
Graham Sutton, Chair
Data Protection Expert, nominated by the Council of Europe (CoE), former Policy Adviser at the Home Office, United Kingdom
Diana Alonso Blas
Data Protection Officer and Head of Data Protection Service, Eurojust
Director of EU-US Data Protection Projects and Senior Solutions Advisor, Nymity
Head of Unit, Data Protection Office, Europol
Data Protection Officer of the European Commission
Carmen López Ruiz
Data Protection Officer of the EU Council