Accreditation requirements
Get recognition for your Training Entity
In accordance with the provisions of section 5.2.4 Requirements relating to the recognition process for Training Entities, in relation to part II of Annex I of the AEPD-DPD Certification Scheme v.1.4., the Certification Entities shall recognise the training programmes of the Training Entities in accordance with the following requirements:
Duration
(60, 100 or 180 hours)
Subject area
In accordance with the programme defined in the Scheme
Validation method
By passing an examination (it is not sufficient to justify attendance at training).
Didactic methodology
Including the teaching of theoretical knowledge, practical exercises and the development of collaborative exercises with a result and expository value (group work including presentations and debates, either face-to-face and/or telepresence).
To this end, the persons providing the training must be independent professionals from the scheme with knowledge and professional experience equivalent to or greater than that required of the candidate to be certified and with the capacity to assess the training of the trainees.
They may not combine training with the development of questions or the role of assessor in certification bodies.
A continuous obligation is imposed on the Certification Bodies to supervise these training programmes. To this end, Training Entities are informed that both ENAC and technical personnel from the AEPD may attend the courses they give in an unannounced manner in order to assess the effectiveness of the control systems established by the Certification Bodies.
Program or list of contents
In accordance with Annex V of v 1.4 of the AEPD-DPD Certification Scheme.
Domain 1
General data protection regulations. Compliance with European regulations, national rules, and European directive on ePrivacy. Guidelines and guides from art. 29 WG, etc.
Domain 2
Accountability. Personal data processing risk assessment and management; data protection impact assessment, data protection by design, data protection by default, etc.
Domain 3
Techniques to ensure compliance with data protection regulations. Security audits, data protection audits, etc.
