This is a republication of an article initially published in 2020, but the old platform was decommissioned.
Introduction
Many times we get questions on the different learning and personal certification tracks for privacy, correction: “data protection”. And I’m sure that a lot of education providers offering these courses
While there are a bunch of certification tracks you can chase, the main question is the comparison between IAPP and PECB certification tracks for privacy and data protection professionals. Both are globally well respected and well known players on this market.
So I can imagine that a lot of training providers, delivering IAPP and PECB get the same questions…
For explanation of the acronyms, see end of article.
Scope
It would take me to far to list all other local or regional providers, but I would challenge you to collect and list them.
Feel free to send me the details on the data protection course you attended. I’ll collect and publish the references.
It would be a great resource to have a larger overview on privacy and data protection certification and education. But I can’t do that on my own.
This article focuses on education tracks for privacy and data protection professionals, or DPOs (ref. GDPR) that need a mix of expertise in legal, operational and business knowledge in their job.
IMPORTANT NOTE:
Some of the info referenced in this article is prone to changes, like marketing, exam fees, maintenance fees, certification maintenance requirements (like CPE or CPD). Therefore, I provide the source links as much as possible, allowing you to crosscheck the latest info.
Comparison chart
See the table below for a quick comparison. Keep reading if you need a more detailed explanation.
| PECB | IAPP | |
| Title | cDPO | CIPP/E + CIPM (offered in the GDPR ready package) |
| Course format | In person Online (Self Study) | In person Online (Self study) Live Online Training |
| Technology part | Separate = ISO27701 Foundation (2d) or Lead Implementer (4d) | Separate = CIPT (2d + exam) |
| Course level | intermediate, prerequisite knowledge advised | intermediate, prerequisite knowledge advised |
| Advised prerequisites | Legal (GPDR) ISO27001 Business experience | Legal (GPDR) ISO27001 Business experience |
| # Courses | 1 | 2 |
| Total Days in course | 4 + exam | 4 (2x2d) + 2x exams |
| Course material | Slide notes print Online Access via KATE | CIPPE Course participant guide CIPPE Sample Exam CIPPE textbook CIPM course participant guide CIPM sample exam CIPM textbook |
| Extra material (online) | No | Yes |
| Membership included | 1st year | 1st year |
| Course includes exam | Yes | Yes |
| Additional study time advised for exam | No (but certification requires professional experience) | Yes, 30hrs advised (ref. student guide) |
| # Exams | 1 | 2 |
| Retry incl. | Yes (Free retry) | No (Retry to pay) |
| Exam Format | Essay type | Computer exam – Multiple choice |
| # Exam questions | 10-12 | CIPP/E: 90 CIPM: 90 CIPT: 90 |
| Exam type | In class (partner vigilator), or Via web (PECB vigilator) | Exam center (3rd party vigilator) |
| Exam max. duration | 3H (180′) + extension for non-native language Foundation: +10 minutesManager: +20 minutesLead: +30 minutes | CIPP/E: 2.5 Hours CIPM: 2.5 Hours CIPT: 2.5 Hours |
| Language | English | CIPP/E + CIPM English French German. |
| Course planning | PECB agenda, or Via partner delivery | IAPP direct delivery, or IAPP partner delivery |
| Training URL | https://pecb.com/en/partnerEvent/event_schedule_list | https://iapp.org/store/trainings/ |
| Equivalent exam accepted | Yes, CIPP/E+CIPM are accepted to replace exam requirements. | No |
| Certification Experience requirements | Yes, pass exam + Provisional DPO : none CDPO: 5y professional experience with 2y in Data protection DPMS project experience: 300h required | No, pass exam only. |
| Stand alone Exam cost | depending PECB partner (€600-€800) | $550 / first exam $375 2nd exam or retake |
| Certification maintenance fee | $100/ year + CPD | $250 /year for all certifications |
Extra info
| PECB | IAPP | |
| Foundation/entry-level available | Yes, CDPO Foundation (2 days + exam) No Experience requirements | No |
| Relevant extensions or other exams to complement course | Implementer ISO27701 (PIMS) ISO27001 (Information Security) ISO27002 (Info Sec Controls) ISO27005 (Risk Management) ISO27035 (Incident Management) Lead Auditor ISO27701 ISO27001 | FIP designation (no course) |
Company approach and purpose
Before you can compare and understand the courses, it’s important to understand the organizations behind these certifications.
About IAPP (non-profit)
Company
Source: https://iapp.org/about/mission-and-background/
“The IAPP is a not-for-profit association founded in 2000 with a mission to define, support and improve the privacy profession globally. We are committed to providing a forum for privacy professionals to share best practices, track trends, advance privacy management issues, standardize the designations for privacy professionals and provide education and guidance on opportunities in the field of information privacy.”
Relevant certifications
Important note: this is just a quick overview, we’ll discuss the content more in detail in a later part of this article.
The certifications that IAPP offers are
- Certified Information Privacy Professional (CIPP): the CIPP track is mainly about the legal content. “WHAT” is the regulation about? the CIPP track has multiple versions for different global regulations
- CIPP/E: Europe (GDPR)
- CIPP/US: Unites States private sector
- CIPP/C: Canada
- CIPP/A: Asia
- Certified Information Privacy Manager (CIPM): is about the implementation track of the regulation. It’s not bound to the type of CIPP, but general. The reasoning behind it is quite simple: it provides a general implementation approach.
- Certified Information Privacy Technologist (CIPT): this course focusses on privacy technology, concepts and techniques including privacy engineering and “privacy by design” which or
On top of these certifications, IAPP also offers the title of “Privacy Law Specialist”, but that is out of scope of this discussion as this certification is targeted at lawyers.
About PECB (Commercial)
Source: https://pecb.com/en/about
“PECB (legal name “PECB Group Inc.”) is a certification body which provides education and certification under ISO/IEC 17024 for individuals on a wide range of disciplines.
We help professionals and organizations show commitment and competence by providing them with valuable education, evaluation and certification against rigorous internationally recognized standards. Our mission is to provide our clients with comprehensive services that inspire trust, continual improvement, demonstrate recognition, and benefit the society as a whole.“
PECB is comprised of
- Person Education
- Person certification
- PECB University
- PECB Management Systems Certification
See also: https://pecb.com/en/values-of-pecb-certification
Relevant certifications to compare
To compare the relevant certifications, you should look at these PECB courses & exams
Course Comparison
IAPP Courses
Relevant
- IAPP CIPPE: 2 days + exam (later, exam center)
- IAPP CIPM: 2 days + exam (later, exam center)
Optional
- IAPP CIPT: 2 days + exam (later)
PECB Courses
Relevant
- PECB: DPO : 4 days + exam (onsite proctor or later)
Optional
- ISO27701 Foundation: 2 days + exam
- ISO27701 Lead implementer: 4 days + exam
Course Content
IAPP Course content
CIPP/E
Source: CIPP/E Body of Knowledge (https://iapp.org/media/pdf/certification/CIPP_E_BoK_1.2.1.pdf)
Topics
- Introduction to European Data Protection: Origins and Historical context, EU institutions, Legislative framework
- European Data Protection Law and Regulation: GDPR articles
- III.Compliance with European Data Protection Law and Regulation: Employment, Surveillance, Direct marketing, Internet technology & communications,
CIPM
Source: CIPM BOK (https://iapp.org/media/pdf/certification/CIPM_BOK_1.0.4_APPROVED.pdf)
Topics
- Privacy program governance: organization level, program framework development & implementation, metrics
- Privacy operational lifecycle: assessment, protect, sustain, respond,
CIPT
Source: CIPT BOK (https://iapp.org/media/pdf/certification/CIPT_BOK_v3.0.0.pdf)
Topics
- Foundation principles: risk models and frameworks, privacy by design, value sensitive design, data lifecycle
- Role of IT in privacy: fundamentals, information security, privacy responsibilities of IT professional,
- Privacy Threats and violations: data collection, use, dissemination, intrusion, software security,
- Technical measures: data oriented strategies, techniques, processes oriented strategies
- Privacy engineering
- Privacy by design,
- Technology challenges
PECB Course Content
Source:
Topics (V6)
- Day 1: Introduction to the GDPR concepts and principles
- GDPR, core considerations
- Day 2: Designation of the DPO and analysis of the GDPR Compliance Program
- Designation of DPO, analysis of GDPR compliance program, relation with top management, data protection policy, register, risk management
- Day 3: DPO operations
- DPIA, documentation management, evaluation of DP controls, technology, awareness & training
- Day 4: Monitoring and continual improvement of the GDPR compliance
- Incident management, monitoring, internal audit, treatment of non-conformities, continual improvement
Exam Comparison
IAPP Exams
Number of exams
- CIPPE/E: 1
- CIPM: 1
Also
- CIPT: 1
Type of exam
- Exam center, computer exam
Retry included
- no
PECB
Number of exams
- CDPO: 1
Also
- ISO27701 Lead implementer: 1
Type of exam
- On-site after course (vendor vigilator)
- Online (PECB online vigilator)
Retry included
- Yes
Experience requirements
IAPP experience requirements
No Experience requirements
PECB Experience requirements
“The requirements for PECB Data Protection Certifications are:
| Credential | Exam | Professional experience | DPMS project experience | Other requirements |
| PECB Certified Provisional Data Protection Officer | PECB Certified Data Protection Officer Exam | None | None | Signing the PECB Code of Ethics |
| PECB Certified Data Protection Officer | PECB Certified Data Protection Officer Exam or equivalent | Five years: Two years of work experience in Data Protection | Data Protection activities: a total of 300 hours | Signing the PECB Code of Ethics |
To be considered valid, these implementation activities should follow best implementation practices and include the following activities:
- Drafting a Data Protection plan
- Initiating a Data Protection implementation
- Implementing a Data Protection Policy
- Monitoring and managing a Data Protection implementation
- Performing continual improvement measures”
During the experience validation PECB requires to submit 2 references they will contact by mail/phone.
More info: https://pecb.com/en/pecb-certification-process
Certification Maintenance requirements
IAPP CPE
Source: https://iapp.org/certify/cpe/
Quote: “One CPE for all: you will simply be required to submit 20 CPEs per term, per credential.”
More information: Check out the official IAPP CPE policy for all the details.
IAPP defines 1 CPE as “A continuing privacy education (CPE) credit is defined as a (usually) one-hour unit earned from participating in or attending any program, event, or forum, reading or writing any published written material, creating and administering a presentation, course of instruction, or other activity that relates to privacy and/or security“
PECB CPD
Source https://pecb.com/en/certification-maintenance
“ PECB Certificates are valid for three years. In order to maintain a certificate, PECB Professionals are required to demonstrate that they are performing certification related activities on an annual basis. In addition to that, PECB Professionals are required to pay an Annual Maintenance Fee (AMF). “
| CERTIFICATION | Annual Requirements | Total (hours) | |
| Experience/Education | Experience/Education | ||
| CDPO | 30 | Hours of work experience related to the certification field, training, private study, coaching, attendance at seminars and conferences or other relevant activities. | 90 hours |
Maintenance fee
IAPP Fees
Source: https://iapp.org/certify/fees/: (quote) “
| Fees | Nonmember | Member |
| Certification Maintenance Fee | $250 USD | Included |
*A certification maintenance fee of $250 USD is due when you register for your first IAPP certification exam and then at the beginning of every certification term renewal to maintain your IAPP certification. One fee covers all IAPP certifications. For members, the certification maintenance fee is covered by the membership benefits.”
PECB Fees
Source:
- https://pecb.com/help/index.php/knowledgebase/annual-maintenance-fees-amf/
- https://pecb.com/en/certification-maintenance
AMF
- First year included in course
- Capped to first 5
- CDPO = $100.
| Certification | AMF (rate per year) |
| Foundation, Provisional, and Transition | None |
| All other certifications | $100 |
| Master | $200 |
Commercial channel
IAPP channel
IAPP uses a mixed channel to deliver their courses. You can book courses and exams (+ extra) via the IAPP website and member portal.
Alternatively you can book courses and exams via their partner channel.
PECB channel
PECB works with a partner channel exclusively. All courses and exams must be booked via an accredited partner.
Community
IAPP
Source: https://iapp.org/connect/
Public
- Local chapters: https://iapp.org/connect/communities/chapters/
- LinkedIN:
- Career central: https://iapp.org/connect/career-central/
- …
For Members only
- IAPP Cybersecurity Professionals in Privacy: https://www.linkedin.com/groups/7070537/
- Privacy list: https://iapp.org/connect/privacy-list/
- …
PECB
Hints & tips
ISO27001
There is no data protection without information security.
Both the IAPP CIPM and the PECB CDPO course refer to the principles of the ISO27001 standard. The ISO27001 and ISO27002 standards are professional added value for privacy and data protection professionals.
Conclusion
In short
(IAPP CIPP/E + IAPP CIPM) + experience = PECB CDPO
Focus & communtity
IAPP does privacy, only privacy, already for a long time. Due to that focus, IAPP does it very well.
It nurses a very competent privacy professional community and stays on the edge to stay relevant. With the strict focus on privacy.
PECB does ISO, not only privacy, not only data protection or information security certification. It also does ISO9001 quality management and many more.
PECB s working very hard to build community, but it’s an ISO mindset, more legacy business approach. So there is a long way to go for PECB, compared to IAPP. Their community covers a large scale of enterprise topics, way beyond data protection. A different world.
Certification
On the other hand, except for the 3 exams and the FIP designation, IAPP does not offer other certification tracks.
And IAPP does not validate experience when you apply for certification, so also a junior professional can obtain certification.
To obtain certification at PECB validates your professional experience (except for Foundation level). You need to submit a proven track record for experience.
Compatibility
The CIPP/E+CIPM, CDPO, ISO27701 and ISO27001 are highly compatible and provide added value, these are an easy entry to do more and grow.
But exactly that difference makes them both compatible and complementary.
The IAPP certifications are top notch and very much respected. They offer a perfect starting point to become professional and even expert in privacy and data protection.
Once you grow beyond that point, with a larger focus like information security, enterprise security, disaster recovery, incident management, cybersecurity, the PECB courses and exams offer the next step.
They are perfectly complementary, and it only depends on your starting point of your journey.
Your roadmap
You just need GDPR basics
- IAPP CIPP/E (2 days)
- PECB DPO foundation (2 days)
DPO track
- IAPP CIPP/E (2 days) + CIPM (2 days)
- 2 exams (but no experience requirement)
- PECB CDPO (4 days)
- 1 exam + experience
Straight forward Certification as Data Protection Professional
- GDPR legislations: CIPP/E (2 days)
- GDPR implementation: CIPM (2 days)
- Privacy technology CIPT (2 days)
The fast track to Certified DPO
- PECB CDPO course (4 days, 1 exam) + experience check
The economical CDPO track with limited experience
- First CIPP/E + CIPM
- Then request certification as PECB provisional DPO
- No need for the CDPO exam, but request certification based on the CIPP/E and CIPM exam.
- Extend your certification to PECB CDPO when you have built the required experience
The economical CDPO track with full experience
- First CIPP/E + CIPM
- Then request certification as PECB DPO
References
ISO
- Free ISO standards (Download from: https://ffwd2.me/FreeISO)
- ISO29100: Privacy Framework
- ISO27701: Privacy Information Management System
- ISO27001: Information security Management System
- ISO27002: Information Security Guidance
- ISO27005: Risk management
- ISO27035: Incident Management
Acronyms & Abbreviations
| Acronym or Abbreviation | Description |
| ISO | International standards organisation |
| PECB | Professional Evaluation and Certification Board |
| IAPP | International Association of Privacy Professionals |
| DPO | Data Protection Officer (GDPR) |
| CDPO | PECB Certified Data Protection Officer |
| CIPM | IAPP Certified Information Pro |
| CPE | Continued Professional Education |
| CPD | Continued Professional Development ( |
| CMF | IAPP Certification Maintenance fee |
| AMF | PECB Annual Maintenance Fee |
Download
You can download this article in PDF format from here: