Justification and conditions for DPO
Formation
- Provide a certificate of having received a minimum recognized training, in relation to the subjects covered by the program of the Scheme.
- Justify, according to the prerequisites, a training of 60, 100 or 180 hours.
- The recognition of the training will be done according to the requirements defined in the Scheme, by the Certification Bodies.
- The distribution of the hours of the training programs shall follow the same percentage established for each of the program domains of the Scheme. A training program may consist of several courses.
- - For training expressed in ECTS1 or LRU2 credits (referring to university training, including internships or final thesis), ECTS is considered to be 25 hours and LRU is 10 hours.
*2 credits according to the University Reform Act of 1983.
Work or professional experience
Justify the work or professional experience required by the prerequisites: two, three or five years of experience. For this purpose, objective evidence of general and specific experience must be provided by means of a statement from the employer or client, employment contract, etc.
Experience in the processing of high-risk personal data with twice as much time as years of experience in the processing of non-high-risk personal data will be especially valued.
In the event that the experience is not a full year, experience equal to or exceeding six months will be valued and will be valued as half of the annual score.
Only if the required experience is not reached, up to one year of experience may be validated by validation of additional merits, i.e. up to 60 points.
As work experience, the training given will also be considered and, specifically, it will be valued as double the number of hours of the training received.
For the training given in a specific subject only one of the editions given will be considered accepted, in case there is more than one with the same title and subject matter.
For the valuation of the experience, the following scale will be applied:
| Training | Experience | Score of Years of Experience | Minimum score of years of experience |
|---|---|---|---|
| - | 5 years | 60 points | 300 points |
| 60 hours | 3 years | 60 points | 180 points |
| 100 hours | 2 years | 60 points | 120 points |
| 180 hours | - | - | - |
Validation of additional merits
If the required score for the prerequisites of professional experience is reached, it will not be necessary to evaluate any additional merit. Only in the case that the minimum required score is not exceeded due to lack of years of experience, the following merit table will be used to complement the score.
Aspects already considered as prerequisites will not be evaluated as merits.
For the evaluation of additional merits, the scale of:
| Maximum score |
Merit | Unit Points3 |
Maximum | |
|---|---|---|---|---|
| Specific or complementary university education on data protection or privacy, according to European Higher Education Area (EHEA).4 |
30 | Bachelor´s degree or technical engineering degree | 6 | 12 |
| Unofficial postgraduate or master's degree | 6 | 12 | ||
| Official Postgraduate degree | 8 | 16 | ||
| Official master´s degree | 10 | 20 | ||
| Doctorate | 9 | 9 | ||
| Specific or complementary training on data protection or privacy |
50 | Attending courses, seminars, events, sessions or conferences organised or expressly recognised by Data Protection Certification Authorities or Bodies (minimum 1 credit or 10h) |
1 | 25 |
| Attending non-university courses or seminars organised by professional organisations (minimum 2 credits or 20h). |
0,20 | 10 | ||
| Attending university courses or seminars (minimum 2 credits or 20h) |
0,50 | 10 | ||
| Attending events, sessions or conferences on the specialization, which must total at least 20h per year |
0,50 | 5 | ||
| End of course work on data protection or privacy issues. |
10 | Overcoming end of course work with a dedication of at least 40 hours. |
1,5 | 5 |
| Internships in companies in matters of data protection or privacy. |
10 | Overcoming end-of-course work with a dedication of at least 40 hours. |
1,5 | 5 |
| Work experience in data protection or privacy |
505 | Specific privacy functions at the job, per year of experience |
10 | 30 |
| Professional or employee carrying out different activities, per project (complexity, duration and role played will be considered) |
5 | 20 |
*4 According to EHEA: European Higher Education Area.
*5 Experience different from that used for the valuation as a prerequisite.
| Category | Maximum score |
Qualification | Unit Points3 |
Maximum |
|---|---|---|---|---|
| Teaching activity related to data protection or privacy | 30 | Teaching at university degree programmes (per every 10 hours). | 0,5 | 10 |
| Professor for basic level courses / seminars (per every 20h.) Professor for specialized courses and seminars (per every 10h.) | 0,2 | 5 | ||
| Speaker or presenter at conferences (per event) | 0,5 | 10 | ||
| Lecturer, speaker or conference speaker (per event) | 0,1 | 5 | ||
| Specific or complementary training on data protection privacy | 20 | Authorship or co-authorship of books | 2,5 | 8 |
| Authorship or co-authorship of book´s chapters, conference, reports and similar documents. | 0,5 | 5 | ||
| Authorship or co-authorship of articles in specialised journals and publications. | 0,25 | 5 | ||
| Authorship or co-authoring contributions in the media or blogs. | 0,10 | 2 | ||
| Data Protection or Privacy Awards | 5 | Awards and professional or similar recognition | 5 | 10 |
| Certifications in matters of data protection or privacy (current) | 5 | ACP-DPO from APEP, CDPP from ISMS FORUM, ECPC-B DPO from Maastricht University, DPO from EIPA (European Institute of Public Administration) or similar certification. | 4 | 10 |
| Other certifications in related topics (current) | 10 | ACP-B/ACP-CL/ACP-CT/ACP-AL/ACP-AT from APEP, CDPP from ISMS FORUM, CISA/CISM/CRISC from ISACA,CISSP from Certified Information Systems Security Profesional ISC, CIPP/CIPT from IAPP (International Association of Privacy Professionals), Auditor ISO 27001 or similar certification | 2 | 10 |
*7 CDPP prior to December 2016.
