CDPO training and certification. Certified Data Protection Officer

Offer description

IAPP’s CDPO training and certification offerings include the following:
. 35-hour live training, online with a trainer
. Quiz to prepare the CDPO certification by the IAPP (recognized by the CNIL)
. “Voucher” you can use to take the CDPO certification in a Pearson VUE center
. Participant guide


The training takes place entirely at a distance, as well as in Strasbourg (France).


Contact us for a quote.


Distance learning takes place through the Webex video conferencing tool.


CDPO certification requires the completion of
35 hours of training and the demonstration of at least 2 years of professional experience.
Demonstrate a professional experience of at least 2 years in the field of data privacy (e.g.: DPO,CISO, …).

To have a professional experience and be familiar with governance aspects and human resources in a business environment.

To have an interest and a good working knowledge of digital technologies. To understand and to know how to use Office Software Application Tools (MS Office kit, internet browsers)


1. Initiate, take part or manage the GDPR programme of your business
2. Create the register for data processing
3. Build a PIA (impact analysis on Privacy and Data Protection)
4. Build a good working knowledge on Data Protection by Design and by Default
5. Build Policies regarding cybersecurity, computer Hygiene, and digital skills.
6. Build working knowledge of Principles of Data Protection by and in itself
7. To get to know about essential contract clauses
8. To know how to communicate with all the players involved
9. Manage Data Breaches
10. Learning how to answer any GDPR request
11. Audits
12. Understanding the Ecosystem

Training content

Day 1:
• Data Privacy at the heart of businesses’ strategy
• GDPR: common law, guidelines, news (profiling and transfer outside the EU)
• Implementation of a programme on data privacy/GDPR in companies
• Create the register for data processing
• Accountability – which approach?
• Homemade tools vs market tools
• Data Transfer outside the EU: adequate countries, SCC and BCR

Day 2:
• Do you need to realise a PIA/DPIA (impact analysis) ?
• The CNIL’s software.
• Example and Simulation of PIAs in the following sectors: social areas, IOT, profiling, Specific HR procedures
• CNIL software
• Video surveillance good practices

Day 3:
• Cybersecurity risks and types of cyber-attacks
• Organisational and technical security measures
• Encryption, anonymisation, authentication and access controls, tracking and system files
• Technical and organisational security measures
• Data Protection by Design and by Default
• Life cycle “from the cradle to the grave”
• New technologies: Big Data, AI, Blockchain
• Software as a Service (Saas) cloud solutions and web host analysis

Day 4:
• Contract review with outsourced staff (Data controllers)
• Communication plan (annual reports, etc…)
• Data breaches management
• Data requests management
• Data Ecosystem
• Stakeholders outside the companies: regulatory authorities (CNIL, ICO), professional associations (IAPP, AFCDP), CEPD, ANSSI
• CNIL sanctions: state of things.
• What is going on outside France (other EU countries) ?
• Big Tech Companies

Jour 5: Preparation to the CDPO certification

Exam and certification

To be certified CDPO, it is mandatory to have completed at least 35 hours of training or to have at least 2 years of professional experience in data protection.

Once Data Privacy Professionals has given you the “voucher”, the steps to obtain the certification are the responsibility of the IAPP:
1. Registering for the exam directly by phone or on the IAPP website
2. Book an appointment to take the exam at a Pearson VUE test center
3. Take the Exam

At the beginning of the training course, the participant will register for the exam with Pearson VUE. This exam is not mandatory but allows you to obtain the CDPO certification; The CDPO exam is made of 100 questions and to get the certification, candidats must answers correctly to 75% of all the questions and 50% of the questions in the three domains. Results are generally known at the end of the exam.


Want to learn more?

To take part in the training course, contact us for a quote.


Intended audience

· Data Protection Officer (DPO),
· Assistant DPO,
· Project manager in charge of GDPR compliance,
· Jurist, marketing manager, IT manager, data scientist, HR, anyone wishing to learn more about the job of DPO,
· Anyone who wants to become a GDPR expert.