What does DPO/DPD certification consist of?

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016 relating to the protection of natural persons in regards to processing of personal data and the free circulation of these data, better known as GDPR, establishes in its article 37, section 5, that the data protection delegate:

"will be appointed taking into account their professional qualities and, in particular, to their specialized knowledge of data protection law and practice and to their capacity to perform the functions indicated in article 39″.

In turn, Considering 97 of the same rule provides that “the person responsible or in charge of the treatment must have the help of a person with specialized knowledge of data protection law and practice“

DPD Certification Scheme for privacy security and reliability

In this context and taking into account the provisions of the Regulation itself, the Spanish Data Protection Agency, Spanish control authority, has promoted a DPD Certification Scheme which, although voluntary, pursues the objective of offering safety and reliability both to privacy professionals and to organizations that, whether legally obliged or not, are going to incorporate this figure into their organizational chart. 

The certification is carried out exclusively by entities previously accredited by ENAC in accordance with the UNE-EN-ISO/IEC 17024:2012 standard and the Certification Scheme for Data Protection Delegates. 

Evaluation process

He evaluation process It requires the candidate to demonstrate that he or she has the appropriate skills to carry out the DPD functions and is based both on the assessment of knowledge and experience and on continuous professional development. 

The evaluation of technical knowledge is carried out through a exam on a topic detailed included in the Certification Scheme itself and divided into three large areas or “domains”.

The exam includes 150 multiple choice multiple choice questions with four answer options, of which only one will be valid. To pass the exam you will need to have answered correctly, at least, to 75% of the answers, which must correspond, in turn, to at least 50% of the questions related to each of the three domains. Correct answers add 1 point and incorrect or blank answers are not scored or subtracted. 

Requirements for taking the exam

Taking the exam requires compliance with certain “pre-requisites””. Thus, the candidate must prove some of the following aspects: 

1. Justify a professional experience of at least five years in projects and/or activities and tasks related to the functions of the DPD. 
2. Justify a professional experience of at least three years in projects and/or activities and tasks related to the functions of the DPD, and a minimum recognized training of 60 hours in relation to the subjects included in the Scheme programme. 
3. Justify a professional experience of at least two years in projects and/or activities and tasks related to the functions of the DPD, and a minimum recognized training of 100 hours in relation to the subjects included in the Scheme programme. 
4. Justify a Minimum recognized training of 180 hours in relation to the subjects included in the Scheme programme.

In the absence of experience, The minimum recognized training constitutes an essential element to be able to access certification. Thus, It is essential to ensure that the training chosen is recognized by a certification body and is delivered by an equally recognized training centre. 

After passing the exam, The certification entities will assign each candidate a personal and non-transferable number associated with their certificate. In addition, the certified person will have the right to use the Scheme mark in the terms provided by the Scheme. 

If you want to be DPO, andl Master in Compliance and Data Protection Management It will provide you with the necessary training to accredit the training prerequisite if you do not have professional experience.