Justification and conditions for DPO

Please turn your cell phone to see the tables below correctly

Formacion

Formation

  • Provide a certificate of having received a minimum recognized training, in relation to the subjects covered by the program of the Scheme.
  • Justify, according to the prerequisites, a training of 60, 100 or 180 hours.
  • The recognition of the training will be done according to the requirements defined in the Scheme, by the Certification Bodies.
  • The distribution of the hours of the training programs shall follow the same percentage established for each of the program domains of the Scheme. A training program may consist of several courses.
 
  • - For training expressed in ECTS1 or LRU2 credits (referring to university training, including internships or final thesis), ECTS is considered to be 25 hours and LRU is 10 hours.
*1 Credit according to the European Credit Transfer System.
*2 credits according to the University Reform Act of 1983.
Experiencia_Laboral

Work or professional experience

Grupo 176

Justify the work or professional experience required by the prerequisites: two, three or five years of experience. For this purpose, objective evidence of general and specific experience must be provided by means of a statement from the employer or client, employment contract, etc.

Grupo 175

Experience in the processing of high-risk personal data with twice as much time as years of experience in the processing of non-high-risk personal data will be especially valued.

Grupo 174

In the event that the experience is not a full year, experience equal to or exceeding six months will be valued and will be valued as half of the annual score.

Grupo 173

Only if the required experience is not reached, up to one year of experience may be validated by validation of additional merits, i.e. up to 60 points.

Grupo 191

As work experience, the training given will also be considered and, specifically, it will be valued as double the number of hours of the training received.

Grupo 192

For the training given in a specific subject only one of the editions given will be considered accepted, in case there is more than one with the same title and subject matter.

Grupo 193

For the valuation of the experience, the following scale will be applied:


Training Experience Score of Years of Experience Minimum score of years of experience
- 5 years 60 points 300 points
60 hours 3 years 60 points 180 points
100 hours 2 years 60 points 120 points
180 hours - - -

Meritos

Validation of additional merits

If the required score for the prerequisites of professional experience is reached, it will not be necessary to evaluate any additional merit. Only in the case that the minimum required score is not exceeded due to lack of years of experience, the following merit table will be used to complement the score.

Aspects already considered as prerequisites will not be evaluated as merits.

For the evaluation of additional merits, the scale of:

Maximum
score
Merit Unit
Points3
Maximum
Specific or complementary university
education on data protection or privacy,
according to European Higher
Education Area (EHEA).4
30 Bachelor´s degree or technical engineering degree 6 12
Unofficial postgraduate or master's degree 6 12
Official Postgraduate degree 8 16
Official master´s degree 10 20
Doctorate 9 9
Specific or complementary
training on data
protection or privacy
50 Attending courses, seminars, events, sessions or
conferences organised or expressly recognised by
Data Protection Certification Authorities or Bodies
(minimum 1 credit or 10h)
1 25
Attending non-university courses
or seminars organised by professional
organisations (minimum 2 credits or 20h).
0,20 10
Attending university courses or
seminars (minimum 2 credits or 20h)
0,50 10
Attending events, sessions or
conferences on the specialization,
which must total at least 20h per year
0,50 5
End of course work on data
protection or privacy issues.
10 Overcoming end of course work with
a dedication of at least 40 hours.
1,5 5
Internships in companies in matters
of data protection or privacy.
10 Overcoming end-of-course
work with a dedication of
at least 40 hours.
1,5 5
Work experience in data
protection or privacy
505 Specific privacy functions at
the job, per year of experience
10 30
Professional or employee carrying out different activities, per project
(complexity, duration and role played will be considered)
5 20
*3 Attributable to each merit individually considered. In specific cases such as attendance to events events, a unit will be considered to be achieved when the minimum total of hours recognized is accredited.

*4 According to EHEA: European Higher Education Area.
*5 Experience different from that used for the valuation as a prerequisite.
Category Maximum
score
Qualification Unit
Points3
Maximum
Teaching activity related to data protection or privacy 30 Teaching at university degree programmes (per every 10 hours). 0,5 10
Professor for basic level courses / seminars (per every 20h.) Professor for specialized courses and seminars (per every 10h.) 0,2 5
Speaker or presenter at conferences (per event) 0,5 10
Lecturer, speaker or conference speaker (per event) 0,1 5
Specific or complementary training on data protection privacy 20 Authorship or co-authorship of books 2,5 8
Authorship or co-authorship of book´s chapters, conference, reports and similar documents. 0,5 5
Authorship or co-authorship of articles in specialised journals and publications. 0,25 5
Authorship or co-authoring contributions in the media or blogs. 0,10 2
Data Protection or Privacy Awards 5 Awards and professional or similar recognition 5 10
Certifications in matters of data protection or privacy (current) 5 ACP-DPO from APEP, CDPP from ISMS FORUM, ECPC-B DPO from Maastricht University, DPO from EIPA (European Institute of Public Administration) or similar certification. 4 10
Other certifications in related topics (current) 10 ACP-B/ACP-CL/ACP-CT/ACP-AL/ACP-AT from APEP, CDPP from ISMS FORUM, CISA/CISM/CRISC from ISACA,CISSP from Certified Information Systems Security Profesional ISC, CIPP/CIPT from IAPP (International Association of Privacy Professionals), Auditor ISO 27001 or similar certification 2 10
*6 New CDPP as of December 2016.

*7 CDPP prior to December 2016.