For decades certifications have been means to prove something to someone. They are used to distinguish the best from the rest, be it individuals, organizations, or products/ processes/ systems.

Therefore, it is intuitively understandable that it is better to have a certification than not have one. Indeed, personal certifications have become increasingly popular over the years.

But to what extent does the above hold true in the area of data privacy?

We will cover the most important certifications and exams among privacy professionals including CIPP, CIPM, CIPT, and CDPSE.

Note: This blog post only deals with personal certifications; we will leave the discussion about other types of certifications (organizational, product, etc.) for some other occasion.

Drivers for privacy certification

What is it that can make someone embark on a quest of often not so easy process of first learning, and then taking the exam?

And even then it is not over as there are rules about how to maintain the certification status; more about this a bit later.

A variety of reasons exist for someone to pursue a certification, and here are some of the most common:

Benefits of data privacy certification for privacy professional and organization1. Stand out from the crowd

As mentioned before, if you want to be differentiated from the average, what would suit you better than to have a reputable assurance body testify about the skills in your area of expertise?

2. Beef-up your CV and get noticed in the hiring process

This one is a no-brainer. Let’s say there are two twins applying for a position, but only one of them has a certification in the area of competencies required for the job.

Who would have greater odds of landing the dream job? Also, hiring agents use certifications (along with other keywords) to filter candidates’ CVs.

While not necessarily the best practice, this could be viewed from another perspective: not having certifications but having vast domain knowledge is like knowing how to drive a car without having a driving license.

You need to spend a lot of time showing people that you can drive while possessing a driving license proves that you know at least very basic driving.

3. Internal promotion

Similar to the previous point, during an internal promotion or slight career change, certifications can be of help.

This is because certification shows that you have knowledge or skill in the field and that you are willing to put the time and effort in the mentioned field. And these are the traits of above-average employees that every good company will be willing to reward.

4. Always prepared

Better prepare for important duties, e.g. be able to carry out tasks as a newly appointed data protection officer or a compliance officer responsible for privacy program.

5. Proof of your expertise

Provide an assurance that the personnel of a company knows a topic in-depth, or at least have been exposed to all the important issues involved. This is especially important when a company submits an application to a tender.

In such cases, the requester will typically list some certifications being at least desirable, and more often than not even required. Not having adequate employees on your team might lead to a lower number of points in the bidding process.

6. Assurance for clients

Privacy certificates help in demonstrating knowledge about the subject matter and assures customers when using company’s services.

It can be noted in the above list that the first three points are more self-driven, while the last three can be seen more as benefits for the organization.

Which data privacy certification is a perfect match for you?

At this moment, several certifications in the data privacy domain exist. Some are issued and maintained by well-known not-for-profit organizations whose main activities cover advancing data privacy issues.

And then there are others, including those issued by commercial enterprises, who provide all sorts of data privacy related services besides certifications.

What follows is a non-exhaustive list of the most notable certifications for privacy professionals.

Privacy certification programs

Different types of data privacy and data protecton exam and certifications1. CIPP

CIPP stands for Certified Information Privacy Professional and covers specifics about data privacy laws and regulations and how to apply them.

Upon fulfilling all requirements, the designee can demonstrate their mastery of jurisdictional laws, regulations and enforcement models, along with legal requirements for handling and transferring data.

The certification comes in four distinct flavors, or concentrations, each covering a specific region. Thus we have CIPP/E for Europe, CIPP/A for Asia, CIPP/C for Canada, and CIPP/US for the US private sector.

It is worth noting that CIPP/E is the go-to certificate for anyone wishing to demonstrate their proficiency in GDPR and related legislation aimed at the protection of EEA citizens, and according to the IAPP their most popular certification.

The Book of Knowledge for the CIPP designation is developed and the certification issued by The International Association of Privacy Professionals or IAPP in short.

For most of their certifications, IAPP recommends at least 30 hours of studying and preparation, although this will depend on whether you have previously been familiar with the subject or this is a new field for you.

# of questions: CIPP for U.S., Europe, and Asia has 90 questions in total, while CIPP/C has 5 questions less.
Certification time: You will have 2,5 hours to finish your exam
Price: $550 (around 470) , and $375 (around 320) for a retake
Get certified: Here you can find free resources and purchase an exam for CIPP/US, CIPP/ECIPP/ACIPP/C

2. CIPM

Another data privacy certification from The International Association of Privacy Professionals, Certified Information Privacy Manager shows that the person has the necessary expertise to establish, maintain, and manage a privacy program across all stages of its life cycle.

According to IAPP, CIPM is “the first and only privacy certification for professionals who manage day-to-day operations”  

This means that you can make data privacy regulations work effectively and efficiently in your organization by knowing how to structure a data protection team, develop and implement system frameworks, communicate relevant matters to stakeholders, measure privacy program performance, and much more.

According to the IT security training, a prior background of project management and privacy law (particularly EU GDRP and US laws) can help you master the exam more quickly. It also helps if you have some understanding of other management systems, like the ISO 27001 Information Security Management System.

# of questions:  90 questions in total
Certification time: You will have 2,5 hours to finish your exam
Price: $550 (around 470) , and $375 (around 320) for a retake
Get certified: Here you can find free resources and purchase an exam

3. CIPT

Yet another certification from IAPP’s kitchen is Certified Information Privacy Technologist or CIPT. The primary target audience is professionals in the technology, information security and engineering fields.

With the CIPT designation, they will be in a position to demonstrate that they have the practical knowledge to apply privacy and data protection practices in the development, engineering, deployment, and auditing of products and services.

# of questions:  90 questions in total
Certification time: You will have 2,5 hours to finish your exam
Price: $550 (around 470) , and $375 (around 320) for a retake
Get certified: Here you can find free resources and purchase an exam

4. CDPSE

Certified Data Privacy Solutions Engineer (CDPSE) is technical certification assessing a technology professional’s ability to implement privacy by design to enable organizations to enhance privacy technology platforms and products that provide benefits to consumers, build trust and advance data privacy.

In addition, its holder has the validated experience to ensure that privacy solutions match the organization’s risk appetite and mitigate risks of noncompliance.

The CDPSE certification is being developed by the Information Systems Audit and Control Association, which is better known by its acronym ISACA, who maintain their own certifications in the areas of information systems management and auditing, risk management, IT governance, and cybersecurity. It will become available in 2021.

Currently, there is an early adoption program and you can check if you qualify for the CDPSE exam, however, be prepared to wait 3-4 weeks for them to process your submission.

Price: member price is $695; nonmember price is $880

Other privacy certificates

There are some other data privacy certifications, from organizations like EU GDPR Institute, IT Governance, The International Board for IT Governance Qualification (IBITGQ), or Identity Management Institute. Their certificates mainly fall into two categories:

• general privacy knowledge certificates (e.g. GDPR, CCPA)
• specific role certificates (e.g. DPO)

It is our opinion that you cannot make a mistake if you stick to the above “big ones”. Especially because the IAPP’s CIPP/E, CIPP/US, CIPM, and CIPT credentials are accredited by the American National Standards Institute (ANSI) under the International Organization for Standardization (ISO) standard 17024:2012.

ANSI is an internationally respected accrediting body that accredits certification programs that meet rigorous standards and ensures your certificates are reliable and comparable worldwide.

Maintenance of certifications

We already mentioned that by obtaining certification the game is not over. There are strict rules for the maintenance of professional certificates, which come in a form of educational points.

These points are collected throughout the year and they serve to testify that the holder indeed commits to continuous learning and thus maintains their designation in good standing.

Different organizations have different names for these points, and one of the most common is Continuing Professional Education (CPE). A certain number of these points must be collected within twelve months following the issuance of the certificate, and then annually thereafter.

The points are awarded for various activities like attending seminars and conferences where privacy matters are discussed, listening to webinars and podcasts, reading specialized literature. Although this might seem somewhat daunting, in reality, it isn’t.

For example, IAPP’s criteria for their certifications are 20 CPEs per annum, which is only half the amount required for the maintenance of certificates in some other occupational areas.