Читать книгу Privacy & Data Protection Essentials Courseware - English - Ruben Zeegers - Страница 13
Оглавление1. Overview
EXIN Privacy & Data Protection Essentials (PDPE.EN)
Scope
EXIN Privacy and Data Protection Essentials (PDPE) is a certification that validates a professional’s knowledge about organizing the protection of personal data, the EU rules and regulations regarding data protection.
Summary
Wherever personal data is collected, stored, used, and finally deleted or destroyed, privacy concerns arise. With the EU General Data Protection Regulation (GDPR) the Council of the European Union attempts to strengthen and unify data protection for all individuals within the European Union (EU). This regulation affects every organization that processes EU personal data. PDPF covers the main subjects related to the GDPR.
Context
The EXIN Privacy & Data Protection Essentials (PDPE) is part of the EXIN qualification program Privacy and Data Protection. The Essentials exam is a subset of the Foundation exam. It cannot be used to gain access to the Practitioner exam, but is meant for those that need a basic understanding of the GDPR.
Target group
Everyone that wants or needs to have a basic understanding of data protection and European legal requirements as defined in the GDPR. The Essentials exam is exceptionally suitable for everyone that needs to make informed decisions regarding the privacy and data protection of their own data.
Requirements for certification
• Successful completion of the EXIN Privacy & Data Protection Essentials exam.
Examination details
| Examination type: | Multiple-choice questions |
| Number of questions: | 20 questions |
| Pass mark: | 65% |
| Open book/notes: | No |
| Electronic equipment/aides permitted: | No |
| Time allotted for examination: | 30 minutes |
The Rules and Regulations for EXIN’s examinations apply to this exam.
Bloom level
The EXIN Privacy & Data Protection Essentials certification tests candidates at Bloom Level 1 and Level 2 according to Bloom’s Revised Taxonomy:
• Bloom Level 1: Remembering – relies on recall of information. Candidates will need to absorb, remember, recognize and recall. This is the building block of learning before candidates can move on to higher levels.
Training
Contact hours
The recommended number of contact hours for this training course is 7. This includes group assignments, exam preparation and short breaks. This number of hours does not include homework, the exam session and lunch breaks.
Indication study effort
20 hours, depending on existing knowledge.
2. Exam requirements
The exam requirements are specified in the exam specifications. The following table lists the topics of the module (exam requirements) and the subtopics (exam specifications).
| Exam requirement | Exam specification | Weight |
| 1. Privacy and data protection fundamentals & regulation | 50% | |
| 1.1 Definitions | 10% | |
| 1.2 Personal data | 15% | |
| 1.3 Legitimate grounds and purpose limitation | 10% | |
| 1.4 Further requirements for legitimate processing of personal data | 5% | |
| 1.5 Rights of data subjects | 5% | |
| 1.6 Data breach and related procedures | 5% | |
| 2. Organizing data protection | 25% | |
| 2.1 Importance of data protection for the organization | 10% | |
| 2.2 Supervisory authority1 | 5% | |
| 2.3 Personal data transfer to third countries2 | -- | |
| 2.4 Binding Corporate rules and data protection in contracts | 10% | |
| 3. Practice of data protection | 25% | |
| 3.1 Data protection by design and by default related to information security | 5% | |
| 3.2 Data protection impact assessment (DPIA) | 5% | |
| 3.3 Practice related applications of the use of data, marketing and social media | 15% | |
| Total | 100% |
Exam specifications
1. Privacy and Data Protection Fundamentals & Regulation
1.1 Definitions
The candidate can …
1.1.1 give valid definitions of privacy.
1.1.2 relate privacy, in specific personal data, to the concept of data protection.
1.2 Personal Data
The candidate can …
1.2.1 give a definition of personal data according to the GDPR.
1.2.3 describe the data subject’s rights regarding personal data.
1.2.5 list the roles, responsibilities and stakeholders.
1.3 Legitimate Grounds and Purpose Limitation
The candidate can …
1.3.1 list the six legitimate grounds for processing.
1.3.2 describe the concept of purpose limitation.
1.3.3 describe proportionality and subsidiarity.
1.4 Further Requirements for Legitimate Processing of Personal Data
The candidate can …
1.4.1 describe the requirements for data processing.
1.4.2 describe the purpose of personal data processing.
1.5 Rights of Data Subjects
The candidate can …
1.5.2 is aware of the right to be forgotten.
1.6 Data Breach and Related Procedures
The candidate can …
1.6.1 describe the concept of data breach.
2 Organizing data protection
2.1 Importance of Data Protection for the Organization
The candidate can …
2.1.2 indicate what activities are required to comply with the GDPR.
2.1.3 give a definition of data protection by design and by default.
2.1.5 describe the data breach notification obligation as laid down in the GDPR.
2.2 Supervisory Authority
The candidate can …
2.2.1 describe the general responsibilities of a supervisory authority.
2.4 Binding corporate Rules and Data Protection in Contracts
The candidate can …
2.4.1 describe the concept of binding corporate rules (BCR).
2.4.2 describe how data protection is formalized in written contracts between the controller and the processor.
3 Practice of Data Protection
3.1 Data Protection by Design and Data Protection by Default
The candidate can …
3.1.1 describe the benefits of the application of the principles of Data protection by design and by default.
3.2 Data Protection Impact Assessment (DPIA)
The candidate can …
3.2.1 outline what a DPIA comprises and when to apply a DPIA.
3.3 Practice Related Applications of the Use of Data, Marketing and Social Media
The candidate can …
3.3.1 describe the purpose of Data Life Cycle (DLC) management.
3.3.3 describe what a cookie is and what its purpose is.
3.3.4 describe, from a data protection perspective, how the wide spread use of internet has affected the field of marketing.
3. List of Basic Concepts
This chapter contains the terms and abbreviations with which candidates should be familiar.
Please note that knowledge of these terms alone does not suffice for the exam; the candidate must understand the concepts and be able to provide examples.
4. Literature
Exam literature
The knowledge required for the EXIN Privacy & Data Protection Essentials exam is covered in the following literature:
| A. | A. CalderEU GDPR, A pocket guideIT Governance PublishingISBN 978-1-84928-855-2(or ISBN 978-1-84928-857-6 for e-book) |
| B. | L. BesemerWhite Paper – EXIN Privacy and Data Protection FoundationFree download on www.exin.com |
| C. | European CommisionGeneral Data Protection Regulation (GDPR) Regulation (EU) 2016/679) Regulation of the European Parliament and the Council of the European Union. Brussels, 6 April 2016, available at:http://eur-lex.europa.euPDF:http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2016:119:FULL&from=ENHTML:http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L:2016:119:FULL&from=EN |
Comment
The exam requirements are based on the exam literature. Literature C is no primary exam literature, because the other exam literature provides sufficient content about the GDPR. Candidates should be familiar with literature C to the extent of the references made in the other literature.
Literature matrix
_____________
1 Before the GDPR was introduced the data protection authority was the national authority in charge with the enforcement of regulation on data protection. In the GDPR it is now called the supervisory authority.
2 Exam specification 2.3 is only tested in the EXIN Privacy and Data Protection Foundation exam
