Privacy & Data Protection Essentials Courseware - English. Ruben Zeegers
Contact hours
The recommended number of contact hours for this training course is 7. This includes group assignments, exam preparation and short breaks. This number of hours does not include homework, the exam session and lunch breaks.
Indication study effort
20 hours, depending on existing knowledge.
Training organization
You can find a list of our accredited training organizations at www.exin.com.
2. Exam requirements
The exam requirements are specified in the exam specifications. The following table lists the topics of the module (exam requirements) and the subtopics (exam specifications).
| Exam requirement | Exam specification | Weight |
| 1. Privacy and data protection fundamentals & regulation | 50% | |
| 1.1 Definitions | 10% | |
| 1.2 Personal data | 15% | |
| 1.3 Legitimate grounds and purpose limitation | 10% | |
| 1.4 Further requirements for legitimate processing of personal data | 5% | |
| 1.5 Rights of data subjects | 5% | |
| 1.6 Data breach and related procedures | 5% | |
| 2. Organizing data protection | 25% | |
| 2.1 Importance of data protection for the organization | 10% | |
| 2.2 Supervisory authority1 | 5% | |
| 2.3 Personal data transfer to third countries2 | -- | |
| 2.4 Binding Corporate rules and data protection in contracts | 10% | |
| 3. Practice of data protection | 25% | |
| 3.1 Data protection by design and by default related to information security | 5% | |
| 3.2 Data protection impact assessment (DPIA) | 5% | |
| 3.3 Practice related applications of the use of data, marketing and social media | 15% | |
| Total | 100% |
Exam specifications
1. Privacy and Data Protection Fundamentals & Regulation
1.1 Definitions
The candidate can …
1.1.1 give valid definitions of privacy.
1.1.2 relate privacy, in specific personal data, to the concept of data protection.
1.2 Personal Data
The candidate can …
1.2.1 give a definition of personal data according to the GDPR.
1.2.3 describe the data subject’s rights regarding personal data.
1.2.5 list the roles, responsibilities and stakeholders.
1.3 Legitimate Grounds and Purpose Limitation
The candidate can …
1.3.1 list the six legitimate grounds for processing.
1.3.2 describe the concept of purpose limitation.
1.3.3 describe proportionality and subsidiarity.
1.4 Further Requirements for Legitimate Processing of Personal Data
The candidate can …
1.4.1 describe the requirements for data processing.
1.4.2 describe the purpose of personal data processing.
1.5 Rights of Data Subjects
The candidate can …
1.5.2 is aware of the right to be forgotten.
1.6 Data Breach and Related Procedures
The candidate can …
1.6.1 describe the concept of data breach.
2 Organizing data protection
2.1 Importance of Data Protection for the Organization
The candidate can …
2.1.2 indicate what activities are required to comply with the GDPR.
2.1.3 give a definition of data protection by design and by default.
2.1.5 describe the data breach notification obligation as laid down in the GDPR.
2.2 Supervisory Authority
The candidate can …
2.2.1 describe the general responsibilities of a supervisory authority.
2.4 Binding corporate Rules and Data Protection in Contracts
The candidate can …
2.4.1 describe the concept of binding corporate rules (BCR).
2.4.2 describe how data protection is formalized in written contracts between the controller and the processor.
3 Practice of Data Protection
3.1 Data Protection by Design and Data Protection by Default
The candidate can …
3.1.1 describe the benefits of the application of the principles of Data protection by design and by default.
3.2 Data Protection Impact Assessment (DPIA)
The candidate can …
3.2.1 outline what a DPIA comprises and when to apply a DPIA.
3.3 Practice Related Applications of the Use of Data, Marketing and Social Media
The candidate can …
3.3.1 describe the purpose of Data Life Cycle (DLC) management.
3.3.3 describe what a cookie is and what its purpose is.
3.3.4 describe, from a data protection perspective, how the wide spread use of internet has affected the field of marketing.
3. List of Basic Concepts
This chapter contains the terms and abbreviations with which candidates should be familiar.
Please note that knowledge of these terms alone does not suffice for the exam; the candidate must understand the concepts and be able to provide examples.
4. Literature
Exam literature
The knowledge required for the EXIN Privacy & Data Protection Essentials exam is covered in the following literature:
| A. | A. CalderEU GDPR, A pocket guideIT Governance PublishingISBN 978-1-84928-855-2(or ISBN 978-1-84928-857-6 for e-book) |
| B. | L. BesemerWhite Paper – EXIN Privacy and Data Protection FoundationFree download on www.exin.com |
| C. | European CommisionGeneral Data Protection Regulation (GDPR) Regulation (EU) |