The participants bring the following educational and/or professional background:

• State recognized college degree
  
  and
   
• A minimum of 1 year relevant work experience
  
  and
   
• Successful completion of 5-day Data Protection Officer (DPO) (TÜV)
  
  and/or
   
• equivalent such as IAPP CIPP/CIPT + CIPM + Data Privacy Act Awareness course
  
  and
   
• Participation in the training course “Data Privacy Protection Auditor” approved by PersCert TÜV. The course duration is 3 days with a total of 24 hours. Admission to the exam is subject to a minimum attendance of 90% of the total training hours.

• Written Exam

In the examination participants prove their knowledge in the following areas:

• Requirements for an efficient data protection management system from the planning stage through implementation to maintenance and updating
• Implementation, launch and introduction of a data protection concept
• Documentation of the data protection management system
• Establishing audit program and audit program objectives
• Management of audit program for 1st and/or 2nd party audits
• Planning and preparation of a data protection audit
• Conducting audits
• Preparation and distribution of the audit report/results of audit
• Audit follow-up

Successful candidates have the competence in order to:

• Apply technical knowledge pertaining data privacy protection concept, related management system standards and applicable laws and regulations
• Conduct systematic audit using ISO standard guidelines
• Display personal behaviour

In a recertification process participants have to prove their expertise is up to date:

1. Successful participation in a relevant further training comprising a minimum of 8 teaching units during the validity period of the certificate (Documentation e.g. copy of the confirmation of participation)
   
   and/or
    
2. Proof of continued professional experience with tasks relevant to data privacy protection, cyber security, and/or information security
   
   and/or
    
3. Proof of a minimum of once a year application (e.g. Audits or list of written expertise carried out or produced during the period of initial certification. PersCert TÜV chooses three (3) written expertise(s) that are to be presented for purposes of evaluation in anonymous format).