Within the European Union regulations and standards regarding the protection of data are stringent. The General Data Protection Regulation (GDPR) went into force on 14 April 2016 and organizations had until 25 May 2018 to change their policies and processes to ensure they fully comply. Companies outside Europe will also need to comply when doing business in Europe. One of the solutions to comply in time is to qualify staff. Having certified professionals with the right level of knowledge can help prepare your organization to face these opportunities.
The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. The regulation will fundamentally reshape the way in which data is handled across every sector, from healthcare to banking and beyond. The consequence of non-compliance with GDPR is that organizations found culpable will be heavily fined (€ 20.000.000 or 4% of the annual global turnover, whichever is higher). GDPR only affects the data belonging to EU citizens, however, organizations world over have to comply with it, since they cannot foretell when they will interact with data from EU citizens.
As I started taking the shift towards information security and data protection in my day to day job, I decided to study and sit for the EXIN Privacy and Data Protection Foundation exam. The EXIN Privacy and Data Protection foundation program covers the required knowledge of legislation and regulations relating to data protection and how this knowledge should be used to be compliant.
I am so happy and grateful now that I passed the EXIN Privacy and Data Protection foundation exam. I figured that I would share my experience in this article to help you prepare and tackle this exam successfully.
In this exam, I got 40 questions, and the total time for this exam is only 60 minutes. You have around 1.5 minutes per question to answer, otherwise, you will run out of time so be careful. The exam is tough!
To pass this exam, you need to answer 26 questions correctly which reflect 65% mark. The questions do pretty much match the list of skills measured below.
Exam Target Audience
EXIN Privacy and Data Protection Foundation is a certification that validates a professional’s knowledge about organizing the protection of personal data, the EU rules and regulations regarding data protection. This regulation affects every organization that processes EU personal data including Switzerland.
The examination for EXIN Privacy and Data Protection Foundation is intended for all employees who need to have an understanding of data protection and European legal requirements as defined in the GDPR. More specific the following roles could be interested: Data Protection Officer, Privacy Officer, Legal Officer / Compliance Officer, Security Officer, Business Continuity Manager.
Skills measured on this exam
This exam measures your ability to accomplish the topics listed below based on the latest update from EXIN:
Privacy and Data Protection Fundamentals & Regulation (44.5%)
- Personal Data
- Legitimate Grounds and Purpose Limitation
- Further Requirements for Legitimate Processing of Personal Data
- Rights of Data Subjects
- Data Breach and Related Procedures
Organization Data Protection (35.5%)
- Importance of Data Protection for the Organization
- Supervisory Authority
- Personal Data Transfer to Third Countries
- Binding Corporate Rules and Data Protection in Contracts
Practice of Data Protection (20%)
- Data Protection by Design and by Default Related to Information Security
- Data Protection Impact Assessment (DPIA)
- Practice Related Applications of the Use of Data, Marketing and Social Media
Lessons Learned and Exam Preparation
The key success to pass this exam is to work with data privacy and data protection based on the EU General Data Protection Regulation (GDPR). Do not take this exam lightly at all, you need to study really well. There are a lot of legal content to memorize. You might decide to come a lawyer after taking this exam :)
To prepare for this exam, I strongly recommend Instructor-led classroom-based training. You can find a list of accredited training providers here. You can also order and go through the following literature to help you pass the exam:
- The EU GDPR, A pocket guide.
- White Paper – EXIN Privacy and Data Protection Foundation.
- Video Training: General Data Protection Regulation Foundation (GDPR F).
- Video Training: General Data Protection Regulation Practitioner (GDPR P).
- Video Training: EU GDPR Foundation Course.
- European Commission – General Data Protection Regulation (GDPR) Regulation (EU) 2016/679) Regulation of the European Parliament and the Council of the European Union.
If you are planning to take this exam… I wish you all the best and Happy Studying!!!
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.