EXIN Privacy and Data Protection Professional is an advanced-level certification that validates a professional’s knowledge and understanding of the European General Data Protection Regulation (GDPR). The exam tests the candidate’s ability to apply this knowledge and understanding in everyday professional practice.

Overview

EXIN Privacy & Data Protection Professional is a certification that validates a professional’s knowledge and understanding of the European privacy and data protection legislation and its international relevance, as well as the professional’s ability to apply this knowledge and understanding to everyday professional practice.

With the ever increasing explosion of information flooding the internet, every company needs to plan how to manage and protect privacy of persons and their data. Not without a reason, many new laws within the EU, as well as in the USA and many other regions, are formed in order to regulate both privacy and data protection.

The European Commission has published the EU General Data Protection Regulation (GDPR), meaning that from the 25th of May 2018 on, all organizations concerned must comply with specific rules. This Practitioner certification builds on the subjects covered by the Foundation exam by focusing on the development and implementation of policies and procedures in order to comply with existing and new legislation, application of privacy and data protection guidelines and best practices, and by establishing a data protection management system (DPMS).

The new standard in the ISO/IEC 27000 series: ISO/IEC 27701:2019 Security Techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management – Requirements and Guidelines is useful for organizations that want to show compliance with the GDPR. The content of the new ISO standard helps fulfill the GDPR obligations to organizations regarding the processing of personal data.

Neither the GDPR nor the ISO standard are exam literature. However, the literature matrix in Chapter 4 is designed to show the link between the exam requirements, the literature, the GDPR and the ISO/IEC 27701:2019 standard to give the certification a broader context

Skills Covered

  • Data protection policies
  • Managing and organizing data protection
  • Roles of the Controller, Processor and Data Protection Officer (DPO)
  • Data Protection Impact Assessment (DPIA)
  • Data breaches, notification and incident response

Prerequisites

  • Successful completion of the EXIN Privacy & Data Protection Practitioner exam.
  • Accredited EXIN Privacy & Data Protection Practitioner training, including completion of the Practical Assignments.

Target Audience

This Practitioner level certification will be particularly useful to Data Protection Officers (DPOs) /Privacy Officers, Legal / Compliance Officers, Security Officers, Business Continuity Managers, Data Controllers, Data Protection Auditors (internal and external), Privacy Analysts and HR managers.

Course Curriculum

Module 1: Data Protection Policies

1.1 Purpose of the Data Protection and Privacy Policies within an Organization

The policies and procedures needed within an organization to comply
with data protection legislation.

The content of the policies.

1.2 Data Protection by Design and by Default

  • The concept of data protection by design and by default.
  • The seven principles for data protection by design and by default.
  • Illustrate how principles of privacy by design and by default can be
    implemented.

Module 2: Managing and Organizing Data Protection

2.1 Phases of the Data Protection Management System (DPMS)

  • Illustrate how to apply phase 1 of the DPMS: Data Protection and Privacy: Preparation.
  • Illustrate how to apply phase 2 of the DPMS: Data Protection and Privacy: Organization.
  • Illustrate how to apply phase 3 of the DPMS: Data Protection and Privacy: Development and Implementation.
  • Illustrate how to apply phase 4 of the DPMS: Data Protection and Privacy: Governance.
  • Illustrate how to apply phase 5 of the DPMS: Data Protection and Privacy:

Module 3: Roles of the Controller, Processor and Data Protection Officer (DPO)

3.1 Roles of the Controller and Processor

  • Enact the responsibilities of the controller
  • Enact the responsibilities of the processor.
  • The relationship between the controller and the processor in a specific situation.

3.2 Role and Responsibilities of a DPO

  • Appointment of a DPO is mandatory under the GDPR.
  • The role of the DPO.
  • The position of the DPO in relation to the supervisory authority1

Module 4: Data Protection Impact Assessment (DPIA)

4.1 Criteria for a DPIA

  • The criteria for conducting a DPIA.
  • The objectives and outcomes of a DPIA.

4.2 Steps of a DPIA

  • The steps of a DPIA.
  • DPIA in a specific situation

Module 5: Data Breaches, Notification and Incident Response

5.1 GDPR Requirements with Regard to Personal Data Breaches

  • Assess whether a data breach has taken place in terms of the GDPR.

5.2 Requirements for Notification

  • Notify the supervisory authority of a personal data breach.
  • Notify the data subject of the personal data breach.
  • The elements of the GDPR documentation obligation.

Module 6: Malaysia Legal and Regulatory Compliance

  • ACT 854 CYBER SECURITY ACT 2024
  • ACT 709 PERSONAL DATA PROTECTION ACT 2010)
  • ACT A1727 PERSONAL DATA PROTECTION (AMENDMENT) ACT 2024
  • ACT 864 Public Sector – The Data Sharing ACT 2025

Dates & Locations

Let’s make it work for you

Can’t find a date that fits? Need to train your whole team? Looking for a discount?
Speak to one of our learning experts today.

x Clear all selections

July 8, 2026 - July 10, 2026

Location: Kuala Lumpur
Modal: ILT
Availability: TBC
Exam:
Included
RM 6000 RM 5000
PROMO

July 8, 2026 - July 10, 2026

Location: Online
Modal: VILT
Availability: TBC
Exam:
Included
RM 6000 RM 5000
PROMO

September 23, 2026 - September 25, 2026

Location: Kuala Lumpur
Modal: ILT
Availability: TBC
Exam:
Included
RM 6000 RM 5000
PROMO

September 23, 2026 - September 25, 2026

Location: Online
Modal: VILT
Availability: TBC
Exam:
Included
RM 6000 RM 5000
PROMO

November 25, 2026 - November 27, 2026

Location: Kuala Lumpur
Modal: ILT
Availability: TBC
Exam:
Included
RM 6000 RM 5000
PROMO

November 25, 2026 - November 25, 2026

Location: Online
Modal: VILT
Availability: TBC
Exam:
Included
RM 6000 RM 5000
PROMO
Trainocate exam and cert

Exam & Certification

EXIN Privacy & Data Protection Professional

EXIN Privacy & Data Protection Practitioner is a certification that validates a professional’s knowledge and understanding of the European privacy and data protection legislation and its international relevance, as well as the professional’s ability to apply this knowledge and understanding to everyday professional practice.

Training & Certification Guide

  • Duration: 02 hours
  • Number of Questions: 40 (Multiple Choice)
  • Pass mark: 65%
  • Open book: No
  • Training mandatory: Yes
  • Electronic equipment allowed: No
  • Level: Advanced
  • ECTS Credits: 4
  • Languages: Chinese, Dutch, English, German, Japanese, Portuguese
    Requirements for certification:
    Accredited training Privacy and Data Protection Professional, including successful completion of the Practical Assignments

Frequently Asked Questions

EXIN Privacy & Data Protection Professional is ideal for Data Protection Officers (DPOs), Privacy Officers, Legal / Compliance Officers, Security Officers, Business Continuity Managers, Data Controllers, Data Protection Auditors (internal and external), and HR managers. As this is an advanced-level certification, it is advisable to have passed EXIN Privacy and Data Protection Foundation before taking this exam.

Speak to a Training Consultant

All courses are HRD Claimable.
Get in touch with our team via the form or WhatsApp us on +6011-5119 6631

Preferred mode of training
Checkboxes