Justification conditions for DPO

Please turn your cell phone to see the tables below correctly

Justification Conditions for DPO


  • Provide a certificate of having received a minimum recognized training, in relation to the subjects covered by the program of the Scheme.
  • Justify, according to the prerequisites, a training of 60, 100 or 180 hours.
  • The recognition of the training will be done according to the requirements defined in the Scheme, by the Certification Bodies.
  • The distribution of the hours of the training programs shall follow the same percentage established for each of the program domains of the Scheme. A training program may consist of several courses.
  • - For training expressed in ECTS1 or LRU2 credits (referring to university training, including internships or final thesis), ECTS is considered to be 25 hours and LRU is 10 hours.
*1 Credit according to the European Credit Transfer System.
*2 credits according to the University Reform Act of 1983.
Justification Conditions for DPO

Work or professional experience

Justification Conditions for DPO

Justify the work or professional experience required by the prerequisites: two, three or five years of experience. For this purpose, objective evidence of general and specific experience must be provided by means of a statement from the employer or client, employment contract, etc.

Justification Conditions for DPO

Experience in the processing of high-risk personal data with twice as much time as years of experience in the processing of non-high-risk personal data will be especially valued.

Justification Conditions for DPO

In the event that the experience is not a full year, experience equal to or exceeding six months will be valued and will be valued as half of the annual score.

Justification Conditions for DPO

Only if the required experience is not reached, up to one year of experience may be validated by validation of additional merits, i.e. up to 60 points.

Justification Conditions for DPO

As work experience, the training given will also be considered and, specifically, it will be valued as double the number of hours of the training received.

Justification Conditions for DPO

For the training given in a specific subject only one of the editions given will be considered accepted, in case there is more than one with the same title and subject matter.

Justification Conditions for DPO

For the valuation of the experience, the following scale will be applied:

TrainingExperienceScore of Years of ExperienceMinimum score of years of experience
-5 years60 points300 points
60 hours3 years60 points180 points
100 hours2 years60 points120 points
180 hours---

Justification Conditions for DPO

Validation of additional merits

If the required score for the prerequisites of professional experience is reached, it will not be necessary to evaluate any additional merit. Only in the case that the minimum required score is not exceeded due to lack of years of experience, the following merit table will be used to complement the score.

Aspects already considered as prerequisites will not be evaluated as merits.

For the evaluation of additional merits, the scale of:

Specific or complementary university
education on data protection or privacy,
according to European Higher
Education Area (EHEA).4
30Bachelor´s degree or technical engineering degree612
Unofficial postgraduate or master's degree612
Official Postgraduate degree816
Official master´s degree1020
Specific or complementary
training on data
protection or privacy
50Attending courses, seminars, events, sessions or
conferences organised or expressly recognised by
Data Protection Certification Authorities or Bodies
(minimum 1 credit or 10h)
Attending non-university courses
or seminars organised by professional
organisations (minimum 2 credits or 20h).
Attending university courses or
seminars (minimum 2 credits or 20h)
Attending events, sessions or
conferences on the specialization,
which must total at least 20h per year
End of course work on data
protection or privacy issues.
10Overcoming end of course work with
a dedication of at least 40 hours.
Internships in companies in matters
of data protection or privacy.
10Overcoming end-of-course
work with a dedication of
at least 40 hours.
Work experience in data
protection or privacy
505Specific privacy functions at
the job, per year of experience
Professional or employee carrying out different activities, per project
(complexity, duration and role played will be considered)
*3 Attributable to each merit individually considered. In specific cases such as attendance to events events, a unit will be considered to be achieved when the minimum total of hours recognized is accredited.

*4 According to EHEA: European Higher Education Area.
*5 Experience different from that used for the valuation as a prerequisite.
Teaching activity related to data protection or privacy30Teaching at university degree programmes (per every 10 hours).0,510
Professor for basic level courses / seminars (per every 20h.) Professor for specialized courses and seminars (per every 10h.)0,25
Speaker or presenter at conferences (per event)0,510
Lecturer, speaker or conference speaker (per event)0,15
Specific or complementary training on data protection privacy20Authorship or co-authorship of books2,58
Authorship or co-authorship of book´s chapters, conference, reports and similar documents.0,55
Authorship or co-authorship of articles in specialised journals and publications.0,255
Authorship or co-authoring contributions in the media or blogs.0,102
Data Protection or Privacy Awards5Awards and professional or similar recognition510
Certifications in matters of data protection or privacy (current)5ACP-DPO from APEP, CDPP from ISMS FORUM, ECPC-B DPO from Maastricht University, DPO from EIPA (European Institute of Public Administration) or similar certification.410
Other certifications in related topics (current)10ACP-B/ACP-CL/ACP-CT/ACP-AL/ACP-AT from APEP, CDPP from ISMS FORUM, CISA/CISM/CRISC from ISACA,CISSP from Certified Information Systems Security Profesional ISC, CIPP/CIPT from IAPP (International Association of Privacy Professionals), Auditor ISO 27001 or similar certification210
*6 New CDPP as of December 2016.

*7 CDPP prior to December 2016.


Conviértete en PARTNER