DPO: 5 tips for obtaining certification

From now on, many companies and all public bodies must have their own Data Protection Officer (DPO).

Approved by the CNIL, AFNOR Certification issues the sesame recognizing the skills of these people who owe their status to the RGPD, the General Regulation on the Protection of Personal Data, which came into force in May 2018. The result: credibility, added value and competitive differentiation. Three DPOs certified in autumn 2019 share their secrets for passing the test.

1. Research and monitoring

Rereading the “classics”: Pierre Loir, founder of Observantiae SARL, which specializes in data protection and outsourced DPO services, first delved into the RGPD, the General Data Protection Regulation, which gives substance to this status. ” I also reread the 1978 Data Protection Act, studied several books on the subject, as well as free documents from the AFCDP, including the RGPD commenté, in which each article is compared with other articles,” he states. Another interesting source of information is the CNIL’s online documents, such as the guide to subcontractors and its many recommendations. Finally, it’s essential to keep up to date with technical and regulatory developments, in particular by following the publications of the CNIL, its digital innovation laboratory (LINC) and the AFCDP.

2. Improve your knowledge with moocs

For our three DPOs, taking moocs, preferably shortly before the exam, gives you the best chance of success. The CNIL’s ” RGPD Workshop “, accessible free of charge, issues a certificate of attendance and success, since it is sanctioned by exams at each module. And to prepare for the computer security part, try the ” SecNumAcadémie ” mooc from the French National Agency for Information Systems Security (ANSSI). On the program: best IT practices, security rules, cyberattacks, etc. Finally, CNAM has already offered two sessions of its mooc, ” Personal data protection: the new law ” in 2018 and 2019. Pending a third session in 2020?

3. Exchange with peers and specialists

To qualify for certification, you need to have been a DPO for at least two years: an experience you can draw on to prepare for the exam. Like her two peers, Kadiatou Touré, founding partner of Maatix Conseil, which specializes in personal data management, has ” immersed herself in various practical cases” . And as a member of the AFCDP, a privileged interlocutor of the CNIL, she has “access to the user discussion forum, where you can find very practical questions and answers on the implementation of the RGPD “. Another virtuous action is to exchange ideas with IT professionals to learn more about their businesses and practices. In this way, you’ll become familiar with the many acronyms they use, some of which actually mean the same thing. And why not get in touch with specialist legal experts to reinforce your knowledge?

4. Preparing for the exam

Those who have passed the exam confirm it: if you’ve been practising for two years or more, and are curious and versatile, you can be reassured about your chances of success, and about your legitimacy to take the exam. This doesn’t mean you don’t need to study the specifics of the test, in particular its format, with its 100 multiple-choice questions. As Danièle Blanc, a public health physician and former hospital DPO, advises, “. you need to familiarize yourself with the MCQ technique, which you’ll find in some of the moocs to follow. I also recommend that you take your own MCQs, to help you memorize better.t to become familiar with certain pitfalls “. Draw up summary sheets, tables and diagrams to learn by comparison, for example, the conditions for impact analysis. Another prerequisite is the revision timetable, which must be managed in parallel with your professional activity, particularly in the weeks leading up to the exam.

5. Managing time and questions

On the big day, confidence in one’s knowledge and abilities is a major advantage. But make sure you manage the two-hour test properly! There are three parts to the exam – regulations, liability and safety – but they are not all equal in terms of difficulty, and therefore in terms of the time you need to devote to them. The first questions are relatively straightforward, which should save you a few precious minutes for the next, more complicated part. Try to answer more than half the questions in an hour. And don’t go back over questions you’ve already answered; the computer system will have trouble handling this. Finally, stay focused right to the end: you need to pass the 75% mark of correct answers to be certified.