As a community, we have been discussing the rise in the essential requirement for individuals to be a ‘Certified DPO’ in job descriptions for Data Protection Officer and Head of Data Privacy roles.
Other than the CNIL scheme, there isn’t a certification scheme any of us can find.
Sometimes this requirement is in addition to CIPP/E and CIPM
Any thoughts on what is driving this trend and who is educating employers that this is actually a ‘thing’?
Certified DPO
Share
Barry Moult
There has been lots of discussion on this subject. All I can suggest in addressing this, I would call
the recruiter and have a conversation and ask (or inform) that there is no agreed ‘certification’ in the UK, Or even ask what ‘certification’ they would accept and issued by whom?
Figaro
Difficult one to answer to be honest.
An extension of this question has to do about how DP roles are distributed within the company when they are just being created. It’s not rare to see a General Counsel named DPO, regardless of the potential conflict of interest for example, or see the Head of DP/DPO reporting into CISO, or COO. This sort of things.
Of course it is difficult for a DP professional to advise as to their reporting structure prior to even having been hired…
rich
https://pecb.com/en/education-and-certification-for-individuals/gdpr/certified-data-protection-officer
Not saying it is right and frankly I think it was an excellent choice of wording from an SEO marketing perspective by PECB.
HellenB
I think the difficulty is that this course, like many others, is >£2k which is a huge investment if you have already taken CIPP/E + CIPM qualifications.
If this is the way the industry is going then I think there would be a real place for a chartered institute or maybe the ICO could just take a leaf out of CNIL’s book.
rich
I agree that there should either be a ‘standard’ that is understood and in place across the industry or the industry needs to understand that CIPP/E and/or CIPM is equivalent.
Often times on Info Sec roles you will see requirements have one of CISSP, CISM ….
I think a competent recruiter or hiring manager will see CIPP/E and CIPM in the same vein as CDPO rather than a hardline requirement. But that is relying on them being competent or at least knowing the industry well enough to see these equivalencies.
If I was applying for a role which required CDPO and I had CIPP/E and CIPM (only!) then I’d address that as part of the covering letter and highlighting experience etc.
Part of me thinking this is the ‘fault’ of the GDPR and/or SA and/or the industry as a whole as the GDOR required a level of expertise but didn’t specify what. I appreciate it would be impossible to write this into law giving the longevity and changing landscapes etc but I do think the SAs or EPDB put out guidance on the requirements and then worked with the industry to consolidate down onto an agreed approach and what meets those requirements (possibly encompassing CIPP/E, CIPM, CDPO).