General Overview

Data Protection

Gain your EIPA professional certification in Data Protection

Who should apply
This certification is the professional qualification for those working in the field of Data Protection. The objective of the certification and training programme is to enable participants to obtain an expert's working knowledge of Data Protection and to qualify them as Data Protection professionals. The certification is offered in cooperation with the network of DPOs and for the EPSO Competition for Administrators in the Field of Data Protection it is considered an asset by the European Union. Moreover, holding the EIPA professional certification shows to employers and other organisations that you possess an in-depth knowledge of data protection as well as the skills to implement it in practice.

Training and Application
To prepare thoroughly for the examination, EIPA offers you once a year a full-week programme (4-day training) and once a year an advanced programme (3-day training). On the last day of those courses, the examination takes place. Both courses are fully hands-on with lots of different case studies, parallel group based workshops, individual Q&A and practical tools to retain and take away the must know knowledge for immediate use on the job. Moreover, each training day, a number of useful tips will be given to help you with the certification exam.

For those who cannot spend four or five days abroad preparing for the examination, EIPA intends to develop a blended learning solution combining face-to-face training with online learning activities. If the blended learning solution would be applicable for you please contact

On completion of the course, participants can take part in a test leading to the awarding of the EIPA Data Protection Professional Certificate.

A few details about the test:

  • The examination can be taken twice a year at EIPA headquarters in Maastricht only.
  • The examination consist of two parts: a multiple-choice test and open questions.
  • The examination lasts approximately 2 hours.
  • The passing score is 60% for the aggregated result, and at least 60% per part.

Examination process

  • Open questions review
    In order to guarantee a fair process, two randomly allocated reviewers from the examination board will evaluate the open questions separately. The Chair of the examination board will have the last word after seeing the conclusions of both reviewers.
  • Language
    The examination is offered in English only. The time limit for the examination is sufficient for the vast majority of candidates, including non-native English speakers. No points are deduced due to possible grammar or language mistakes.
  • Handling of exams
    EIPA will take all available precautions to ensure the appropriate and secure handling of completed  tests.
  • Examination resit
    In the event you did not manage to reach the set threshold and did therefore not pass the exam, you are offered the opportunity to do one examination resit for €150 within one year. For the examination resit you will always have to pass again both elements of the exam: the multiple-choice test and the open questions.

Certificate validity
Data Protection issues continue to change and it is very important to keep yourself ahead and update your knowledge regularly. Therefore, the EIPA certificate is valid for a period of two years.

In order to update your knowledge and maintain the validity of your certificate you will need to attend EIPA's advanced programme on data protection every two years. You will recieve an updated certificate after taking part in this.

The certification exam
The certification exam consists of 40 multiple-choice questions and two open questions. The multiple-choice questions will assess the general understanding of the data protection law; the open questions are intended to assess the understanding of the participants on how to interpret and apply the legal framework in practice.

Both the multiple-choice test and the open questions will be scored on a scale of 100 and wil contribute in equal parts to the final result of the examination.

For the multiple-choice test, we will award 2,5 points per question answered correctly. This means a total of 100 points can be achieved if all multiple-choice questions are answered correctly. For the open questions you can be awarded a maximum of 50 points per completely correct answer, so again you can gain a total of 100 points.

To pass, a minimal score of 60 points is needed for the individual parts of the test with a required total number of points of 120/200 for the full examination (i.e. 60%).

The multiple-choice test will cover all the main data protection topics that are part of the certification training course. These are:

  • Legislative landscape
    Directive 95/46/EC | Regulation (EC) 45/2001 | Convention 108 | Charter and ECHR | GDPR | Applicable law
  • Notions of data protection legislation
    Definitions | Scope | Grounds for processing | Notification | Prior checking | Privacy by Design & Default | Privacy Impact Assessment
  • Actors in data protection
    Controller | Processor
  • Rights of individuals
    Information | Access | Deletion / right to be forgotten
  • Processing of sensitive data
    General prohibition
  • Data security
    General obligation | Data breaches
  • International transfers
    Notion of adequacy | Adequacy instruments: SCC, BCR | Safe Harbor | Derogations
  • Supervision
    Data protection authority | Data protection officer | EDPS | WP29

The examination board

The examination board meets regularly to discuss the certification course requirements and approve the examinations. They discuss as needed to review and resolve any submitted certification appeals. The current examination board consists of the following experts:

Graham Sutton, Chair
Data Protection Expert, nominated by the Council of Europe (CoE), former Policy Adviser at the Home Office, United Kingdom
Diana Alonso Blas
Data Protection Officer and Head of Data Protection Service, Eurojust
Paul Breitbarth

Director of EU-US Data Protection Projects and Senior Solutions Advisor, Nymity

Daniel Drewer

Head of Unit, Data Protection Office, Europol
Philippe Renaudière

Data Protection Officer of the European Commission
Carmen López Ruiz

Data Protection Officer of the EU Council