Professional Documents
Culture Documents
Edition 201809
Copyright © EXIN Holding B.V. 2018. All rights reserved.
EXIN® is a registered trademark.
No part of this publication may be reproduced, stored, utilized or transmitted in any form or by any means, electronic,
mechanical, or otherwise, without the prior written permission from EXIN.
1. Overview 4
2. Exam requirements 7
3. List of Basic Concepts 10
4. Literature 14
Scope
The EXIN Privacy & Data Protection Practitioner is a certification that validates a professional’s
knowledge and understanding of the European privacy (data protection) legislation and its
international relevance as well as his or her ability to apply this knowledge and understanding in
everyday professional practice.
Summary
With the ever increasing explosion of information flooding the internet, every company needs to
plan how to manage and protect privacy of persons and their data. Not without a reason, many new
laws - in the EU as well as in the USA and many other regions - are being formed in order to regulate
both.
The European Commission has just published the EU General Data Protection Regulation (GDPR),
meaning that all organizations concerned need to comply with specific rules. This Practitioner
certification builds on the subjects covered by the Foundation exam by focusing on the
development and implementation of policies and procedures in order to comply with existing and
new legislation, application of privacy and data protection guidelines and best practices, and by
establishing a Data and Privacy Protection Management System.
Context
The certificate EXIN Privacy & Data Protection Practitioner (PDPP) is part of the qualification
program EXIN Privacy & Data Protection.
Examination details
Examination type: Multiple-choice questions
Number of questions: 40
Pass mark: 65%
Open book/notes: No, with the exception of literature C. Literature C may
be consulted throughout the exam. It is provided as
appendix to the digital exam. Please bring your own
copy if the exam takes place on paper.
Electronic equipment/aides permitted: No
Time allotted for examination: 120 minutes
The Rules and Regulations for EXIN’s examinations apply to this exam.
Bloom level
The EXIN Privacy & Data Protection Practitioner certification tests candidates at Bloom Level 2, 3
and Level 4 according to Bloom’s Revised Taxonomy:
• Bloom Level 2: Understanding – a step beyond remembering (Level 1). Understanding
shows that candidates can comprehend what is presented and can evaluate how the
learning material may be applied in their own environment.
This type of questions aims to demonstrate that the candidate is able to organize,
compare, interpret and choose the correct description of facts and ideas.
• Bloom Level 3: Applying – shows that candidates have the ability to make use of
information in a context different from the one in which it was learned.
This type of questions aims to demonstrate that the candidate is able to solve
problems in new situations by applying acquired knowledge, facts, techniques and
rules in a different, or new way. The question usually contains a short scenario
• Bloom level 4: Analyzing – shows that candidates have the ability to break learned
information into its parts to understand it. This Bloom level is mainly tested in the
Practical Assignments. The Practical Assignments aim to demonstrate that the
candidate is able to examine and break information into parts by identifying motives or
causes, make inferences and find evidence to support generalizations. .
Contact hours
The recommended number of contact hours for this training course is 21. This includes (group)
assignments, exam preparation and short breaks. This number of hours does not include
homework, practical assignments, the exam session and lunch breaks. The recommended
numbers of hours for the Practical Assignments is a maximum of 8. The Practical Assignments
can be completed outside of the training. They may also be included in the training if the training
duration is extended.
If the training provider wishes to dedicate time to national privacy and data protection legislation,
this will require extra training hours in addition to the 21 recommended training hours.
Training organization
You can find a list of our accredited training organizations at www.exin.com.
The exam requirements are specified in the exam specifications. The following table lists the
topics of the module (exam requirements) and the subtopics (exam specifications).
1
Exam requirement 2.2 is not included in the exam, as there is no suitable reference material
available yet. Exam questions about this specification will be added in a later version.
2
Exam requirement 2.2 is not included in the exam, as there is no suitable reference material
available yet. Exam questions about this specification will be added in a later version.
3
Before the GDPR was introduced the data protection authority was the national authority in EU
countries, in charge of the enforcement of regulation on data protection. In the GDPR it is now
called the supervisory authority.
This chapter contains the terms and abbreviations with which candidates should be familiar.
Please note that knowledge of these terms alone does not suffice for the exam; the candidate must
understand the concepts and be able to provide examples
Exam literature
The knowledge required for the EXIN Privacy & Data Protection Practitioner exam is covered in the
following literature:
B. Kyriazoglou, J.
Data Protection and Privacy Management System. Data Protection and Privacy Guide -
Vol. 1
bookboon.com 1st edition (2016)
ISBN 978-87-403-1540-0
C. European Commission
General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) Regulation of the
European Parliament and the Council of the European Union. Brussels, 6 April 2016,
available at http://eur-lex.europa.eu
PDF:
http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2016:119:FULL&from=EN
HTML:
http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L:2016:119:FULL&from=EN
Comment
The exam requirements are based on the exam literature. Literature C is no primary exam literature
because the other exam literature provides sufficient content about the GDPR. Candidates should
be familiar with literature C to the extent of the references made in the other literature. Literature C
may be consulted throughout the exam. It is provided as appendix to the digital exam. Please bring
your own copy if the exam takes place on paper.
Comment
Additional literature is for reference and depth of knowledge only.
Literature matrix
Comment
Literature C, the GDPR, is not referenced in detail.
www.exin.com