EXIN Privacy & Data Protection Practitioner is a certification that validates a professional’s knowledge and understanding of the European privacy and data protection legislation and its international relevance, as well as the professional’s ability to apply this knowledge and understanding to everyday professional practice.
With the ever increasing explosion of information flooding the internet, every company needs to plan how to manage and protect privacy of persons and their data. Not without a reason, many new laws within the EU, as well as in the USA and many other regions, are formed in order to regulate both privacy and data protection.
The European Commission has published the EU General Data Protection Regulation (GDPR), meaning that from the 25th of May 2018 on, all organizations concerned must comply with specific rules. This Practitioner certification builds on the subjects covered by the Foundation exam by focusing on the development and implementation of policies and procedures in order to comply with existing and new legislation, application of privacy and data protection guidelines and best practices, and by establishing a data protection management system (DPMS).
The new standard in the ISO/IEC 27000 series: ISO/IEC 27701:2019 Security Techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management – Requirements and Guidelines is useful for organizations that want to show compliance with the GDPR. The content of the new ISO standard helps fulfill the GDPR obligations to organizations regarding the processing of personal data.
Neither the GDPR nor the ISO standard are exam literature. However, the literature matrix in Chapter 4 is designed to show the link between the exam requirements, the literature, the GDPR and the ISO/IEC 27701:2019 standard to give the certification a broader context