Privacy & data protection certifications
The individual credentials privacy and data protection professionals hold — from BCS, IAPP, ISACA, PECB, EXIN and others — grouped by awarding body, each described in plain English with a link to the official page. Where a credential is vendor-specific or tied to one jurisdiction, we flag it so you can weigh it in context.
BCS, The Chartered Institute for IT (UK)
-
BCS Foundation Certificate in Data Protection
BCS · entry level · UKWhat it covers: An entry-level UK certificate covering UK GDPR, the Data Protection Act 2018 and EU GDPR — a common starting credential for UK data protection practitioners.
Note: The legacy ISEB Certificate in Data Protection was the historical name for the BCS data protection certificates; holders' credentials remain valid.
-
BCS Practitioner Certificate in Data Protection
BCS · practitioner level · UKWhat it covers: A practitioner-level UK certificate for those applying data protection law in practice, descended from the ISEB Practitioner Certificate first offered in 1999.
IAPP (International Association of Privacy Professionals)
-
AIGP — AI Governance Professional
IAPP · globalWhat it covers: AI systems and their impacts, responsible-AI principles and the law applicable to AI governance — the IAPP's dedicated AI-governance credential.
-
CIPM — Certified Information Privacy Manager
IAPP · global · ANAB-accreditedWhat it covers: Privacy programme management and operations — building and running a privacy programme rather than the law itself.
-
CIPP — Certified Information Privacy Professional
IAPP · global · five concentrationsWhat it covers: The IAPP's law-and-regulation credential, offered in five regional concentrations. CIPP/E (Europe) is the primary route for UK and EU practitioners; the others are CIPP/US, CIPP/C, CIPP/A and CIPP/CN.
-
CIPT — Certified Information Privacy Technologist
IAPP · global · ANAB-accreditedWhat it covers: Privacy engineering and privacy-by-design — how to build privacy into systems and products. The technologist counterpart to the CIPP and CIPM.
-
FIP — Fellow of Information Privacy
IAPP · global · designationWhat it covers: A senior designation, not a separate exam, awarded to holders of a CIPP plus either the CIPM or the CIPT — recognising breadth across law, management and technology.
-
US-only jurisdiction
Privacy Law Specialist (PLS)
IAPP · United States · ABA-accredited specialtyWhat it covers: A US legal-specialty credential for practising lawyers, accredited through the American Bar Association route.
Flag: Jurisdiction-specific — it is a US legal specialty and is not a general or UK/EU credential. Relevant mainly to US-qualified lawyers.
ISACA
-
CDPSE — Certified Data Privacy Solutions Engineer
ISACA · globalWhat it covers: Technical privacy-by-design across governance, architecture and the data life cycle — aimed at those implementing privacy in systems. Certification requires relevant work experience.
PECB
-
PECB Certified Data Protection Officer (GDPR)
PECB · globalWhat it covers: The role and responsibilities of a GDPR data protection officer, offered at provisional and full tiers (the full tier requiring relevant experience). PECB also offers a GDPR Foundation credential.
-
PECB Certified ISO/IEC 27701 Lead Implementer
PECB · globalWhat it covers: Implementing a privacy information management system (PIMS) under ISO/IEC 27701.
-
PECB Certified ISO/IEC 27701 Lead Auditor
PECB · globalWhat it covers: Auditing a privacy information management system (PIMS) against ISO/IEC 27701.
EXIN
-
EXIN Privacy & Data Protection Foundation
EXIN · globalWhat it covers: GDPR fundamentals at foundation level.
-
EXIN Privacy & Data Protection Practitioner
EXIN · globalWhat it covers: Applied GDPR at practitioner level, building on the Foundation credential.
-
EXIN Data Protection Officer (DPO)
EXIN · global · career-path titleWhat it covers: A career-path designation awarded on completing a defined set of EXIN credentials, rather than a single exam.
APMG International
-
Certified Data Protection Foundation & Practitioner (GDPR)
APMG International · UK-based · delivered via accredited partnersWhat it covers: A combined GDPR foundation-and-practitioner credential delivered through APMG's network of accredited training partners.
Note: The direct link points to APMG's GDPR category page; confirm the current product on that page, as APMG delivers through partners.
University & national DPO schemes
-
ECPC-B EU DPO Certification
Maastricht University (ECPC) · Netherlands / EUWhat it covers: A university professional certificate for EU DPOs (not an academic degree), valid for two years with a continuing-professional-development requirement to renew.
-
France-specific
CNIL DPO Certification (France)
Delivered by CNIL-approved certification bodies · FranceWhat it covers: A France-specific recognition of DPO competence. The CNIL (the French supervisory authority) does not certify individuals itself; instead it approves independent certification bodies that assess candidates against CNIL-set criteria and issue the "certified DPO" credential.
Flag: Jurisdiction-specific to France, and often expected for French public-sector DPO roles. The list of CNIL-approved bodies changes over time, so we link to the CNIL's official register of approved bodies rather than name a list that may go out of date.
-
Europrivacy Implementer / Auditor
European Centre for Certification and Privacy (ECCP) · Luxembourg / EUWhat it covers: Individual qualifications tied to the Europrivacy scheme — an Implementer credential (preparing processing for certification) and an Auditor credential (conformity assessment, which requires the introductory and implementer stages first).
Note: These are the individual credentials; the Europrivacy scheme itself (the EDPB-adopted European Data Protection Seal) is covered in our Codes & certification schemes directory.
Vendor certification
-
Vendor / product-specific
OneTrust Certified Privacy Professional
OneTrust · global · product certificationWhat it covers: Competence in using OneTrust's privacy technology.
Flag: A vendor product certification, not a vendor-neutral credential — it demonstrates skill with OneTrust's platform rather than data protection knowledge in general. Some courses carry IAPP continuing-education credit. Useful if you work with the tooling; not a substitute for a neutral credential.
Reach privacy & data protection professionals researching the credentials that shape careers. Sponsorship enquiries.
