In case of “open book” exams you can take the learning material print (course content, TOC, index, excercises & quizes) with you , but also
the relevant standard print (like the ISO27001 / ISO27002 standard for the ISO27001 exams)
the relevant legislation print (NIS2, DORA, GDPR …)
your notes
You’re not allowed to use a second pc, laptop, tablet or smart phone during the exam.
HINT: if not yet printed, print the course on paper… in advance.
Closed book
No additional help allowed, at all.
Prepare the content (open book exam)
In case of an open book exam
you can use the KATE app during the exam to lookup content
use the print (see previous section)
BUT, in many case people get distracted flipping screens between exam and KATE. BETTER: print the course material (yes, less ecofriendly, but way easier and more comfortable to pass the exam).
Practical hints to prepare your open book exam
do not memorize, but study and set up your course material for easy search
organise your course with post-its to mark
sections
important topics (eg. certain articles from legislation…)
Exam app
Install the PECB exam app a few days in advance and check if it works (not a few minutes before the exam). Please be aware that some enterprise laptops might block the installation of the app. In rare cases, your firewall might not be happy…
If so:
ask help from your IT department
use a personal laptop/pc
Before entering the exam
you can only use 1 screen and laptop/pc
Make sure you’re in an isolated environment, without any interference from people or your phone
This is a republication of an article initially published in 2020, but the old platform was decommissioned.
Introduction
Many times we get questions on the different learning and personal certification tracks for privacy, correction: “data protection”. And I’m sure that a lot of education providers offering these courses
While there are a bunch of certification tracks you can chase, the main question is the comparison between IAPP and PECB certification tracks for privacy and data protection professionals. Both are globally well respected and well known players on this market.
So I can imagine that a lot of training providers, delivering IAPP and PECB get the same questions…
For explanation of the acronyms, see end of article.
Scope
It would take me to far to list all other local or regional providers, but I would challenge you to collect and list them.
Feel free to send me the details on the data protection course you attended. I’ll collect and publish the references.
It would be a great resource to have a larger overview on privacy and data protection certification and education. But I can’t do that on my own.
This article focuses on education tracks for privacy and data protection professionals, or DPOs (ref. GDPR) that need a mix of expertise in legal, operational and business knowledge in their job.
IMPORTANT NOTE:
Some of the info referenced in this article is prone to changes, like marketing, exam fees, maintenance fees, certification maintenance requirements (like CPE or CPD). Therefore, I provide the source links as much as possible, allowing you to crosscheck the latest info.
Comparison chart
See the table below for a quick comparison. Keep reading if you need a more detailed explanation.
PECB
IAPP
Title
cDPO
CIPP/E + CIPM (offered in the GDPR ready package)
Course format
In person Online (Self Study)
In person Online (Self study) Live Online Training
Technology part
Separate = ISO27701 Foundation (2d) or Lead Implementer (4d)
“The IAPP is a not-for-profit association founded in 2000 with a mission to define, support and improve the privacy profession globally. We are committed to providing a forum for privacy professionals to share best practices, track trends, advance privacy management issues, standardize the designations for privacy professionals and provide education and guidance on opportunities in the field of information privacy.”
Relevant certifications
Important note: this is just a quick overview, we’ll discuss the content more in detail in a later part of this article.
The certifications that IAPP offers are
Certified Information Privacy Professional (CIPP): the CIPP track is mainly about the legal content. “WHAT” is the regulation about? the CIPP track has multiple versions for different global regulations
CIPP/E: Europe (GDPR)
CIPP/US: Unites States private sector
CIPP/C: Canada
CIPP/A: Asia
Certified Information Privacy Manager (CIPM): is about the implementation track of the regulation. It’s not bound to the type of CIPP, but general. The reasoning behind it is quite simple: it provides a general implementation approach.
On top of these certifications, IAPP also offers the title of “Privacy Law Specialist”, but that is out of scope of this discussion as this certification is targeted at lawyers.
“PECB (legal name “PECB Group Inc.”) is a certification body which provides education and certification under ISO/IEC 17024 for individuals on a wide range of disciplines.
We help professionals and organizations show commitment and competence by providing them with valuable education, evaluation and certification against rigorous internationally recognized standards. Our mission is to provide our clients with comprehensive services that inspire trust, continual improvement, demonstrate recognition, and benefit the society as a whole.“
IAPP defines 1 CPE as “A continuing privacy education (CPE) credit is defined as a (usually) one-hour unit earned from participating in or attending any program, event, or forum, reading or writing any published written material, creating and administering a presentation, course of instruction, or other activity that relates to privacy and/or security“
“ PECB Certificates are valid for three years. In order to maintain a certificate, PECB Professionals are required to demonstrate that they are performing certification related activities on an annual basis. In addition to that, PECB Professionals are required to pay an Annual Maintenance Fee (AMF). “
CERTIFICATION
Annual Requirements
Total (hours)
Experience/Education
Experience/Education
CDPO
30
Hours of work experience related to the certification field, training, private study, coaching, attendance at seminars and conferences or other relevant activities.
*A certification maintenance fee of $250 USD is due when you register for your first IAPP certification exam and then at the beginning of every certification term renewal to maintain your IAPP certification. One fee covers all IAPP certifications. For members, the certification maintenance fee is covered by the membership benefits.”
There is no data protection without information security.
Both the IAPP CIPM and the PECB CDPO course refer to the principles of the ISO27001 standard. The ISO27001 and ISO27002 standards are professional added value for privacy and data protection professionals.
IAPP does privacy, only privacy, already for a long time. Due to that focus, IAPP does it very well. It nurses a very competent privacy professional community and stays on the edge to stay relevant. With the strict focus on privacy.
PECB does ISO, not only privacy, not only data protection or information security certification. It also does ISO9001 quality management and many more.
PECB s working very hard to build community, but it’s an ISO mindset, more legacy business approach. So there is a long way to go for PECB, compared to IAPP. Their community covers a large scale of enterprise topics, way beyond data protection. A different world.
Certification
On the other hand, except for the 3 exams and the FIP designation, IAPP does not offer other certification tracks.
And IAPP does not validate experience when you apply for certification, so also a junior professional can obtain certification.
To obtain certification at PECB validates your professional experience (except for Foundation level). You need to submit a proven track record for experience.
Compatibility
The CIPP/E+CIPM, CDPO, ISO27701 and ISO27001 are highly compatible and provide added value, these are an easy entry to do more and grow.
But exactly that difference makes them both compatible and complementary.
The IAPP certifications are top notch and very much respected. They offer a perfect starting point to become professional and even expert in privacy and data protection.
Once you grow beyond that point, with a larger focus like information security, enterprise security, disaster recovery, incident management, cybersecurity, the PECB courses and exams offer the next step.
They are perfectly complementary, and it only depends on your starting point of your journey.
Your roadmap
You just need GDPR basics
IAPP CIPP/E (2 days)
PECB DPO foundation (2 days)
DPO track
IAPP CIPP/E (2 days) + CIPM (2 days)
2 exams (but no experience requirement)
PECB CDPO (4 days)
1 exam + experience
Straight forward Certification as Data Protection Professional
This article tries to gather reference material about the implementation of the European #NIS2 directive in the various countries. The content is updated as information comes in.