HomeKnowledge Hub › Certifications

Knowledge Hub

Privacy & data protection certifications

The individual credentials privacy and data protection professionals hold — from BCS, IAPP, ISACA, PECB, EXIN and others — grouped by awarding body, each described in plain English with a link to the official page. Where a credential is vendor-specific or tied to one jurisdiction, we flag it so you can weigh it in context.

Compiled & maintained by VulaPri Limited, a UK privacy consultancy · Last verified 5 July 2026

BCS, The Chartered Institute for IT (UK)

  • BCS Foundation Certificate in Data Protection

    BCS · entry level · UK

    What it covers: An entry-level UK certificate covering UK GDPR, the Data Protection Act 2018 and EU GDPR — a common starting credential for UK data protection practitioners.

    Note: The legacy ISEB Certificate in Data Protection was the historical name for the BCS data protection certificates; holders' credentials remain valid.

    View on the BCS site →

  • BCS Practitioner Certificate in Data Protection

    BCS · practitioner level · UK

    What it covers: A practitioner-level UK certificate for those applying data protection law in practice, descended from the ISEB Practitioner Certificate first offered in 1999.

    View on the BCS site →

IAPP (International Association of Privacy Professionals)

  • AIGP — AI Governance Professional

    IAPP · global

    What it covers: AI systems and their impacts, responsible-AI principles and the law applicable to AI governance — the IAPP's dedicated AI-governance credential.

    View on the IAPP site →

  • CIPM — Certified Information Privacy Manager

    IAPP · global · ANAB-accredited

    What it covers: Privacy programme management and operations — building and running a privacy programme rather than the law itself.

    View on the IAPP site →

  • CIPP — Certified Information Privacy Professional

    IAPP · global · five concentrations

    What it covers: The IAPP's law-and-regulation credential, offered in five regional concentrations. CIPP/E (Europe) is the primary route for UK and EU practitioners; the others are CIPP/US, CIPP/C, CIPP/A and CIPP/CN.

    View on the IAPP site →

  • CIPT — Certified Information Privacy Technologist

    IAPP · global · ANAB-accredited

    What it covers: Privacy engineering and privacy-by-design — how to build privacy into systems and products. The technologist counterpart to the CIPP and CIPM.

    View on the IAPP site →

  • FIP — Fellow of Information Privacy

    IAPP · global · designation

    What it covers: A senior designation, not a separate exam, awarded to holders of a CIPP plus either the CIPM or the CIPT — recognising breadth across law, management and technology.

    View on the IAPP site →

  • US-only jurisdiction

    Privacy Law Specialist (PLS)

    IAPP · United States · ABA-accredited specialty

    What it covers: A US legal-specialty credential for practising lawyers, accredited through the American Bar Association route.

    Flag: Jurisdiction-specific — it is a US legal specialty and is not a general or UK/EU credential. Relevant mainly to US-qualified lawyers.

    View on the IAPP site →

ISACA

  • CDPSE — Certified Data Privacy Solutions Engineer

    ISACA · global

    What it covers: Technical privacy-by-design across governance, architecture and the data life cycle — aimed at those implementing privacy in systems. Certification requires relevant work experience.

    View on the ISACA site →

PECB

  • PECB Certified Data Protection Officer (GDPR)

    PECB · global

    What it covers: The role and responsibilities of a GDPR data protection officer, offered at provisional and full tiers (the full tier requiring relevant experience). PECB also offers a GDPR Foundation credential.

    View on the PECB site →

  • PECB Certified ISO/IEC 27701 Lead Implementer

    PECB · global

    What it covers: Implementing a privacy information management system (PIMS) under ISO/IEC 27701.

    View on the PECB site →

  • PECB Certified ISO/IEC 27701 Lead Auditor

    PECB · global

    What it covers: Auditing a privacy information management system (PIMS) against ISO/IEC 27701.

    View on the PECB site →

EXIN

  • EXIN Privacy & Data Protection Foundation

    EXIN · global

    What it covers: GDPR fundamentals at foundation level.

    View on the EXIN site →

  • EXIN Privacy & Data Protection Practitioner

    EXIN · global

    What it covers: Applied GDPR at practitioner level, building on the Foundation credential.

    View on the EXIN site →

  • EXIN Data Protection Officer (DPO)

    EXIN · global · career-path title

    What it covers: A career-path designation awarded on completing a defined set of EXIN credentials, rather than a single exam.

    View on the EXIN site →

APMG International

  • Certified Data Protection Foundation & Practitioner (GDPR)

    APMG International · UK-based · delivered via accredited partners

    What it covers: A combined GDPR foundation-and-practitioner credential delivered through APMG's network of accredited training partners.

    Note: The direct link points to APMG's GDPR category page; confirm the current product on that page, as APMG delivers through partners.

    View on the APMG site →

University & national DPO schemes

  • ECPC-B EU DPO Certification

    Maastricht University (ECPC) · Netherlands / EU

    What it covers: A university professional certificate for EU DPOs (not an academic degree), valid for two years with a continuing-professional-development requirement to renew.

    View on the Maastricht University site →

  • France-specific

    CNIL DPO Certification (France)

    Delivered by CNIL-approved certification bodies · France

    What it covers: A France-specific recognition of DPO competence. The CNIL (the French supervisory authority) does not certify individuals itself; instead it approves independent certification bodies that assess candidates against CNIL-set criteria and issue the "certified DPO" credential.

    Flag: Jurisdiction-specific to France, and often expected for French public-sector DPO roles. The list of CNIL-approved bodies changes over time, so we link to the CNIL's official register of approved bodies rather than name a list that may go out of date.

    See the CNIL's official list of approved bodies →

  • Europrivacy Implementer / Auditor

    European Centre for Certification and Privacy (ECCP) · Luxembourg / EU

    What it covers: Individual qualifications tied to the Europrivacy scheme — an Implementer credential (preparing processing for certification) and an Auditor credential (conformity assessment, which requires the introductory and implementer stages first).

    Note: These are the individual credentials; the Europrivacy scheme itself (the EDPB-adopted European Data Protection Seal) is covered in our Codes & certification schemes directory.

    View on the Europrivacy site →

Vendor certification

  • Vendor / product-specific

    OneTrust Certified Privacy Professional

    OneTrust · global · product certification

    What it covers: Competence in using OneTrust's privacy technology.

    Flag: A vendor product certification, not a vendor-neutral credential — it demonstrates skill with OneTrust's platform rather than data protection knowledge in general. Some courses carry IAPP continuing-education credit. Useful if you work with the tooling; not a substitute for a neutral credential.

    View on the OneTrust site →

This directory is curated for authority over volume and expanding. Think a credential is missing, or spot a detail to fix? Flag it for the curation team — curated lists take tip-offs, not self-listings. Listing is not an endorsement, and general reference only — always confirm current details on the official page.