Which privacy certification should I take first?

Do you recognize pattern?

There are recently a number of questions in the posts about IAPP certification, more specifically which of the CIPP, CIPM and CIPT privacy professional certificate should I do first. In general the answer I will discuss could be applied to any privacy education or training covering three main pillars: legal, compliance and technical.

Shift from legal to compliance to tech

I am in iapp certification process since 2017 and since had run dozen trainings. What I noticed from my trainees is that the leading certification interest actually had changed over time.

Back in 2017 the main interest was in CIPP (particularly CIPP/E in Europe) due to high expectations better to say concern about GDPR. CIPP/E is what I call in black and white picture “legal” part of privacy. We all had lot of questions about what kind of regulation is that and how it will be enforced.

Then we get some experience and realized that what is most important is how do we run our privacy programs and what is the best approach how to prove our accountability. That was main topic for CIPM, or how we would put it “compliance” part of the story: how to setup and keep running privacy program.

Today what we experience is that many privacy professionals are taking look at something I call “how to implement privacy protection?”. There are technical people looking with questions in their eyes into legal and compliance personnel talking to them about transparency, notices, appropriate technical measures and all that weird legal staff. At the same time legal people, process owners and better to say risk owners are trying to understand why technical guys and girls are shaking their heads telling them this is not possible or but we are already doing that or even worse – write down functional and non functional requirements. Then we have latest guidelines from EDPB telling about what SA expect from Data protection by design by default, we have India PDP Bill 2019 that define fiduciary responsibility about Privacy by design and many others. Suddenly, CIPT becomes topic number one. That is what I call “technical” part of the story. Today I have requests from all over the world coming from legal, compliance, tech and others asking about CIPT. Funny to say but my latest CIPT class is filled only with lawyers and attorneys. As well as CIPP/E and CIPM. What does this tell to me? Legal-tech is running at its fastest.

Does this answer question where to start? Yes. You should start where your pain is and where your national and corporate privacy maturity is. Nobody can tell you but your demanding market where you are working on. If you decide to go all of them, then the best practice sequence should be: CIPP/E, CIPM and CIPT.

Do it yourself or join the training dilemma

Next question is: should I do it myself or purchase IAPP program? The answer is also very simple.

If you can afford it, go for IAPP certification program. Not only that you will prepare for certification exam but you will meet other professionals and learn about pain they have and best practice they experience. If your OTP provide additional value then your training program will not last 2 days but 2 month as he/she will provide you with 4 weeks preparation before training, training itself and mentoring before exam – at least. That is value for the money.

If you do not have funds available, then rely on internet search, quiz-lets, exam sample books, common sense and – your experience. However – take into consideration that legal background make CIPP/E difficult to pass exam and strong IT experience make CIPT challenging exam.

Privacy and data protection is multidisciplinary field of work and that as well is IAPP privacy certification programs. If you need further explanation – feel free to ask me. Happy to be of any help to my fellow privacy professionals.

Data Protection Day 2021

Ove godine, nažalost, iz dobro poznatih razloga nismo u mogućnosti obilježiti Dan zaštite podataka u zajedničkom druženju, ali to nas nije spriječilo da ipak organiziramo mini konferenciju ali s maksi učesnicima i temom koja će u ovoj 2021 postati tema #1: integrirana zaštita podataka – kako glasi tajanstveni hrvatski prijevod Članak 25. ili Data protection by design and by default u engleskom originalu.

Stoga smo i nazvali konferenciju “Pbd/d – podcijenjena skraćenica“.

Posebno smo sretni što će nam se uvodno obratiti europski povjerenik za zaštitu podataka, g. Wojciech Wiewiórowski, European Data Protection Supervisor, možemo reći istinski domaćin obilježavanja ovog spomena na Konvenciju 108 i početaka obvezujuće zaštite podataka u svijetu općenito.

U nedavno objavljenoj strategiji EDPB za 2021-2023 jedna od ključnih točaka je upravo Pbd/d. Također nedavno je izdana smjernica EDPB “Guidelines 4/2019 on Article 25” koja na odličan način objašnjava važnost ali i pristupu usklađenju s ovim zahtjevom GDPR. Kolega Neven Dujmović iz aspekta svoje bogate prakse iznijeti će kao uvodno predavanje u panel diskusiju upravo ovu smjernicu.

Panelisti koji će osvijetliti poslovne, informatičke, pravne, auditorske i druge aspekte ovog Članka i same filozofije koja seže do Ann Cavoukian i Privacy by Design principa, dolaze iz redova iskusnih “privacy professionals”, posebno dvije dame: Vlatka Vuković i Natalija Parlov Una.

Konferenciju zajednički organiziraju Hrvatska udruga poslodavaca i lokalni IAPP KnowledgeNet Chapter.

Prijave su preko adrese hup@hup.hr.

Dvije godine primjene GDPR

U razvoju djeteta, dvije godine života imaju veliko značenje. Kažu stručnjaci da dijete u toj dobi počne prepoznavati osnovna svojstva predmeta i da ih počinje aktivno isprobavati, razlikuje dijelove od cjelina. Razlikuje boje ali ih točno ne imenuje. Počinje shvaćanje vremena i prostora. Ima prirođen osjećaj za količinu do broja 3. Poboljšava se pamćenje redoslijeda radnji! U izgovoru ima još pogrešaka.
Nadalje, kažu stručnjaci da bi odrasli trebali nastojati razumjeti što Dijete želi priopćiti. Da u razgovoru s Djetetom treba rabiti jednostavne rečenice, izgovarati ih polagano i razgovjetno. Neprestano i strpljivo govoriti s Djetetom. Davati mu mogućosti da i ono što više priča i odgovara na pitanja, podržati ga i hrabriti na verbalizaciju. Biti tolerantan prema pogreškama u izgovoru, ne opominjati i ispravljati, već mu pružati ispravan govorni model. Listati i gledati slikovnice s Djetetom uz čitanje i poslije čitanja teksta. Poticati Dijete da prema slici samo nadopunjava priču svojim riječima i daje svoja tumačenja.
(izvor Grdelin – ovdje)

Naše Dijete – Opća uredba o zaštiti podataka EU 2016/679 koje od milja zovemo GDPR – navršilo je 25.5.2020. dvije pune godine. Prepoznajemo li osobine djeteta u osobinama primjene ove uredbe. Te osobine nalaze se u svakome od onih koji sudjeluju u toj primjeni. Prvo, to su ispitanici: ja, ti, on – sve fizičke osobe čije osobne podatke netko prikuplja i obrađuje. Razumijevanje prava i pristupa zaštiti tim pravima, po nekim općim naznakama predstavlja vrlo napredno Dijete. Drugo, to su organizacije: voditelji i izvršitelji obrade, svi oni koji određuju koje osobne podatke će prikupljati i u koju svrhu će ih obrađivati. Kao i kod sve djece, tu vlada veliko šarenilo. Neka Djeca, nažalost, još uvijek nisu prohodala i zaostaju u razvoju toliko da to postaje vrlo zabrinjavajuće. Vrlo često, problem su njihovi Roditelji i Skrbnici koji ne shvaćaju da Dijete traži pažnju i skrb kako u jednom trenutku ne bi shvatili da je prekasno. Treće, tu se nalaze i nadzorna tijela pa i država, sabor, predstavnici vlasti. To su Djeca koja traže posebnu skrb i veliko strpljenje te ustrajni napor i rad za poticanje njihovih vještina.
Pažljivo pročitajte što stručnjaci prepoznaju kao osobine i psihološke uvjete razvoja djeteta u dobi od 2 do 3 godine, pa ih tumačite u ovom kontekstu Djece.

Europsko nadzorno tijelo objavilo je svoje izvješće za 2019. godinu, pa ga preporučam za čitanje u cijelosti ovdje.

Povodom dvije godine primjene GDPR iapp je ponudio certifikacijske i trening pakete po značajno nižim cijenama

Trening, osim što kroz rad s trenerom, na radnim materijalima i knjigama postiže određenu kvalifikaciju i vještinu zaštite podataka, ujedno je i priprema za polaganje IAPP certifikacijskog ispita:

Trening i priprema su mogući u slijedećim opcijama:

  • s uključenom ili bez godišnje IAPP članarine
  • s ili bez vaučera za polaganje certifikacijskog ispita
  • u živo s trenerom (live in-person)
  • e-learning materijal za samopripremu (online) koji u organizaciji Bello Consulting uključuje i određeni broj sati mentoringa s IAPP FIP trenerom

Svi treninzi slijede isti Book of Knowledge (BoK) za pojedine certifikate.

Novi oblici treninga i pripreme za polaganje certifikacijskog ispita

Live In-person trening i priprema za CIPM, CIPP/E ili CIPT ispite bez godišnjeg članstva u IAPP i bez vaučera za polaganje ispita.
Cijena: do 30. svibnja 3.950,00kn, do 30. rujna 4.590,00kn i redovna cijena 6.200,00kn

Online e-learning trening i priprema za CIPM, CIPP/E ili CIPT ispite koja uključuje godišnje članstvo u IAPP i vaučer za polaganje ispita.
Cijena: do 30. svibnja 6.950,00kn i redovna cijena 7.950,00kn

Trening, priprema i polaganje certifikacijskog ispita

Trening i priprema za CIPM, CIPP/E ili CIPT ispite koja uključuje godišnje članstvo u IAPP i vaučer za polaganje ispita.
Cijena: do 30. svibnja 7.950,00kn, do 30. rujna 9.950,00kn i redovna cijena 15.000,00kn

Napomena: sve cijene su bez PDV-a

Prijaviti se možete ovdje.

IAPP Certification testing available online (as of mid May)

Online Proctoring Brings Certification Testing to Your Home or Private Workspace.

In our current state of social distancing and working from home, we are finding new ways to help you continue to advance your career. With Pearson Vue’s online option, you can take your exam in a private, secure location with a few technological requirements.

How Will it Work?

This remote testing option utilizes today’s technology and live monitoring to give you a more convenient experience through your chosen location.

First, you will need:

  • Quiet, private location.
  • Reliable computer with a web camera and microphone.
  • Strong internet connection.

How Can I Schedule Online Proctoring?

As of mid-May, you can schedule your exam with this new option. Simply, purchase your training through the Bello Consulting here and go through mentoring and training either in-person/live or online . Then, schedule with OnVUE, Pearson VUE’s online proctoring platform. You will choose “online proctoring” and a date and time with a live proctor available.

Online testing is limited to proctor availability, so be sure to look at the open exam slots as you plan for your testing date. Also understand this form of testing is unavailable in certain countries, so visit Pearson VUE for availability near you. Online testing is available for Croatia.

After scheduling your exam, you will receive instructions to verify your space meets the technical specifications, and how to install the online proctoring application and testing secure browser (“Installer”), so you can access your exam.

Watch the video

Get comfortable, brew a cup of your favorite coffee or tea and learn more today here.

For more details read:

https://bello.hr/iapp/gdprready-training/

Video to IAPP Training Partners from CEO, J. Trevor Hughes

To our trusted Official Training Partners,

I am reaching out with a message of encouragement. We are in unprecedented times. In a matter of days, the way we have always done business was turned upside down and we have had to reinvent ourselves in this new normal. Where you might have had a spring schedule of public trainings, you have now pivoted to live online offerings or reselling our self-paced, online trainings. However we can assist you, your Channel Team is there to support your efforts.

Make no mistake, privacy is not going away. The important and necessary work privacy professionals are doing all over the world continues despite these trying times. To help you relay this message, I have created a short video for you to share with your trainees (and potential trainees) about the importance of prioritizing professional development and working with you to make that happen.

We are in this together and will adapt as needed to make it to the other side. Lean on the IAPP’s Channel Team to help you navigate your way forward. 

Kind regards, 
J. Trevor Hughes 
President & CEO, IAPP