As a privacy professional, you may find you get to a point in your career where you ask yourself, “Should I get a certification?” Your next question will likely be, “Which certification should I get?” Quickly followed by, “Why are there so many darn acronyms?!”
We can’t answer that last question, but we can help with the first two.
Choosing the best privacy certification for you may feel like a daunting task, as there are many options to explore. You’ll want to consider the organization offering the certification, your area of expertise, how the exam is structured and its availability, and the associated costs.
In this article, we’ve narrowed it down to seven of the best privacy certifications in the industry: the CIPP, CIPM, and CIPT offered by IAPP, and the CDPSE, OneTrust Privacy Professional Certification, S-CDPO, and PECB’s CDPO.
Let’s take a closer look at each of these options to help you decide which certification is best for you.
IAPP Certifications
The International Association of Privacy Professionals (IAPP) offers the most in-demand, highly respected global certification programs and community for privacy and data protection professionals.
While IAPP has several certifications and designations available, its bread and butter are the Certified Information Privacy Professional (CIPP), the Certified Information Privacy Manager (CIPM), and the Certified Information Privacy Technologist (CIPT) designations. Each of these certifications are accredited by the ANSI National Accreditation Board (ANAB) under the International Organization for Standardization (ISO) 17024: 2012.
IAPP Certified Information Privacy Professional (CIPP)
Through CIPP certification, you’ll demonstrate your knowledge of global concepts of privacy and data protection law and practice. If you’re responsible for legal, compliance, information management, data governance, or human resources, CIPP may be the best certification for you.
The CIPP comes in four flavors, each focusing on a specific geographic region: CIPP/US, CIPP/E, CIPP/C, and CIPP/A.
By getting a CIPP/US certification, you’ll learn about the limits on private sector collection and use of data, government and court access to private sector information, workplace privacy, and state privacy laws in the United States.
A CIPP/E certification will provide you with expertise on European regulatory institutions, its legislative framework, compliance with European data protection law and regulation, and international data transfers, among other related topics. The CIPP/E test is available to be taken in English, French, or German.
As an added bonus, if you get CIPP/E and CIPM certified, you’ll be more than ready to serve as a Data Protection Officer (DPO) under the General Data Protection Regulation (GDPR). In this case, the CIPP/E has you covered on the knowledge a DPO must have concerning the European legal framework for data protection. The CIPM, on the other hand, teaches you the practical, hands-on aspects necessary to lead data protection at an organization. We’ll dig into this certification further in the next section.
IAPP Certified Information Privacy Manager (CIPM)
If you’re currently (or aspiring to be) a leader in privacy program administration, consider CIPM certification. This IAPP certification is geared toward professionals responsible for risk management, privacy operations, accountability, audit, and privacy analytics.
Through CIPM certification, you’ll learn how to create a company vision, structure the privacy team, develop and implement a privacy program framework, communicate to stakeholders, and measure performance.
Wouldn’t that look nice on your resume?
In addition to the sweet opportunity of meeting the DPO requirements of the GDPR by pairing the CIPM with the CIPP/E, this certification test is also available in five different languages: English, Chinese, French, German, and Brazilian Portuguese.
IAPP Certified Information Privacy Technologist (CIPT)
To round out our all-star IAPP certification list, we’ll discuss the CIPT—the privacy engineering concentration. If you’re responsible for information technology, information security, software engineering, or privacy by design at a company, the CIPT may be the best certification for you.
A CIPT certification demonstrates you have dual literacy in privacy and technology, enabling you to build data protection practices into products and services. You’ll learn how to recognize the benefits (and challenges) of emerging technologies, and how to respect customer privacy while using them. Designing software and systems while ensuring privacy is also a part of the curriculum, and learning how to audit infrastructure and communicate issues across departments.
Exam Details and Cost for the CIPP, CIPM, and CIPT
We’ve grouped the details of the IAPP exams here, because the structure and costs are consistent across the certifications.
The computer-based exams consist of 90 multiple-choice questions, which you have 2.5 hours to complete. IAPP has 6,000 testing locations worldwide, but you can also opt for taking the exam virtually, using remote proctoring services.
Now, get out your calculator—here come the costs.
The exam cost is $550 (USD), for first-time test takers. If you retake the exam or already hold at least one IAPP certification, your exam cost will be $375. Like most organizations, IAPP requires you to pay a Certification Maintenance Fee (CMF) of $250 to become officially certified, which is due every two years. However, as an IAPP member, the CMF is waived.
Other Privacy Certifications to Consider
While we consider the IAPP certifications to be the cream of the crop, there are a few other privacy certifications that made our list.
ISACA Certified Data Privacy Solutions Engineer (CDPSE)
The Information Systems Audit and Control Association (ISACA) has a broader focus on information security and information technology. Often compared to the IAPP CIPT certification, the ISACA offers the CDPSE.
If you consider yourself an information technology professional first, then the CDPSE may be the best certification for you. However, if you consider yourself a privacy professional first, you’ll want to scroll back up to the CIPT, as that’s likely going to be the best option for you.
CDPSE certification is best suited for professionals experienced in the governance, architecture, and lifecycle of data privacy at a technical level. Through this certification, you’ll demonstrate your knowledge of assessing, building, and implementing comprehensive data privacy measures.
The CDPSE exam focuses on three key domain areas: privacy governance, privacy architecture, and data lifecycle.
Requirements for the CDPSE
Unlike the IAPP certifications, the CDPSE is an experience-based certification. What does this mean exactly? It means you’ll need to have three or more years of qualified experience to become fully certified.
Keep in mind, you can sit for your exam without having this experience. However, within five years of passing your exam, you’ll need to apply for certification and demonstrate the experience requirements.
Exam Details and Cost for the CDPSE
The exam for CDPSE certification is computer-based, which you can take at authorized testing centers worldwide, or virtually via a remotely proctored exam. ISACA offers this certification exam in English, Chinese Simplified, Spanish, and German.
A tad longer than the IAPP certification exams, this exam consists of 120 multiple-choice questions, in which you have 3.5 hours to complete.
If you’re a member of ISACA, your exam registration fee will be $575 (USD). For nonmembers, the fee is $760. These same costs apply for any retakes, too.
After passing the CDPSE exam, you’ll need to pay a $50 processing fee to submit your application, which is where you’ll demonstrate the required years of experience.
OneTrust Privacy Professional Certification
OneTrust offers solutions to help enhance privacy programs by connecting privacy, GRC, ethics, ESG teams, data, and processes within companies and supply chains to support collaboration.
If your organization utilizes a OneTrust tool, this certification should be considered. OneTrust has developed a course and certification for the people who interact with their tools, teaching them how to incorporate and use OneTrust.
The course and certification are primarily designed for privacy professionals, consultants, and information technology professionals using OneTrust’s systems. However, anyone looking to learn more about the OneTrust platform at an organization could benefit from this training.
Exam Details for the OneTrust Privacy Professional Certification
The OneTrust course takes two days to complete, with four hours dedicated each day. Instructor-led training is available, or you could choose to take a self-paced, eLearning course with week-long access. These online courses are free and designed for all experience levels.
Once you’ve completed the course, you’ll take a 50-question, 90-minute online exam. If you pass the exam, you’ll be awarded a OneTrust certificate and Credly badge.
Bonus alert! The OneTrust course is eligible for 6.5 Continuing Professional Education credit hours for IAPP certifications. Talk about a win-win.
SECO-Institute Certified Data Protection Officer (S-CDPO)
The S-CDPO is SECO-Institute’s highest achievable qualification in their certification track. If your goal is to be able to implement and maintain a GDPR-compliant data protection program and advise your management on effective data protection practices, then the S-CDPO may be the right certification for you.
Requirements for the S-CDPO
To be eligible for the Certified Data Protection Officer title, you’ll need to demonstrate practitioner-level knowledge (S-DPP or equivalent), at least seven years of relevant work experience with five years or more in a leadership role, and you must apply to be considered.
Exam Details and Cost for the Required S-DPP
Since the SECO-Institute Data Protection Practitioner (S-DPP) certificate (or equivalent) is required to obtain the S-CDPO, we’re going to outline the details of that exam.
You can take the exam through an accredited SECO partner, directly with the SECO-Institute, or virtually. Practitioner exams consist of 10 multiple-choice questions, 5 open-ended questions, and a case study, in which you have a total of two hours to complete.
The exam costs €450 plus a €150 maintenance fee once you’ve passed your exam. This maintenance fee will need to be paid annually to maintain certification.
To note, there is an optional course available for the S-DPP, offered in-person and virtually. The 5-day practitioner course includes an exam voucher, but it comes with a hefty price tag of €3,750.
PECB Certified Data Protection Officer (CDPO)
The final certification on our list of best privacy certifications is the PECB CDPO. This certification is catered toward managers or consultants looking to support an organization in planning, implementing, and maintaining a compliance program based on the GDPR. It’s also a good fit for current and aspiring data protection officers responsible for maintaining conformity to the GDPR requirements, and members of information security, incident management, and business continuity teams.
The exam for the PECB CDPO is divided into three domains: 1) data protection concepts, GDPR, and compliance, 2) roles and responsibilities of accountable parties for the GDPR compliance, and 3) technical and organizational measures for data protection.
Language options for this exam are extensive, including English, Spanish, French, Russian, Ukrainian, and Slovenian.
Requirements for the PECB CDPO
PECB’s CDPO certification requires five years of experience including two years of data protection work experience. In addition, you’ll need to demonstrate 300 hours of project activities, and commit to adhering to the PECB code of ethics.
Exam Details and Cost for the PECB CDPO
There are two exam formats for the PECB CDPO: the multiple-choice exam, which consists of 80 questions, and the 12-question essay type exam. Both formats must be completed within three hours, and are open-book exams.
Exams can be completed in-person, either paper-based or online. Or, you could take the exam virtually, in which a PECB proctor will supervise remotely.
The Lead Exam costs $1,000 (USD) and there’s a $500 application fee for certification. In addition, there’s a $120 annual maintenance fee, which is included in the application fee for your first year of certification.
Note, if you complete PECB’s optional five-day training course, the cost associated with the course will cover your certification and exam fees.
That’s a Wrap!
While this list is just the tip of the iceberg, we think these are some of the best privacy certifications available, with IAPP’s offerings being top-notch. Of course, there’s also an extensive amount of cybersecurity certifications available, in which you’ll find some overlap with privacy and data protection.
An assessment of any overlaps as you explore combining certifications should be taken into consideration, too. The IAPP considers the combined CIPM and CIPP/E certifications as equivalent GDPR preparation to the S-CDPO and PECB CDPO certifications. IAPP also offers specific CDPO programs from Brazil and France.
We hope this overview of the best privacy certifications has provided you with the confidence to pursue a certification, and helped you pinpoint the certification that’s right for you based on your area of expertise, any certifications you may already have, and evaluation of eligibility requirements, exam details, and costs.