Examination

ECPC-A Jump-Start

Examination
On completion of the course, participants take part in a multiple-choice test leading to the awarding of the ECPC-A Professional University Certificate. The examination takes place during the DPO Certification course programme.

ECPC-B DPO Professional University Certificate

In order to obtain the ECPC-B DPO Professional University Certificate, participants need to pass the following three examination elements:

Multiple-choice test

• Closed book
• Bring Your Own Device
• Minimum passing grade is 60 (out of 100)
• Weight: 35% of your total examination grade

Graded group assignment

• Group working on cases throughout the programme
• Your performance in a group under the supervision of tutors whereby the individual performance of the participants within the group is evaluated
• Open book
• Pass/fail
• Weight: 15% of your total examination grade

Final exam

• Written exam at the end of the one-week programme
• Based on a case
• Closed book
• Bring Your Own Device
• Minimum passing grade is 60 (out of 100)
• Weight: 50% of your total examination grade

The passing score for obtaining the ECPC-B DPO Professional University Certificate is 65% cumulative, and a minimum requirement for all elements individually is 60%.

Problem Based Learning methodology

For years in a row now, Maastricht University applies successfully the Problem-Based Learning (PBL) education model. We believe, knowledge alone is not enough those days where we are facing changes constantly in the field of privacy, data protection and cybersecurity. Therefore, our ECPC-B certification programme is not focussed on a mere transfer of knowledge, but it follows the problem-based learning methodology: Throughout our training programme you are stimulated to actively work on real-life issues in order to acquire the skills needed to perform most effectively as a DPO in your organisation.

The training combines knowledge transfer followed by case studies based on real life scenarios, feedback sessions and group work with guidance of experienced professionals supervising the group process, asking critical questions, sharing their knowledge and providing support and tips as needed. In this way, you will get the most out of their expertise and also learn from each other’s experience. You learn dynamically by approaching issues actively, and as such you will be able to effectively set up operational policies and procedures and monitor data handling practices in your organization using tools such as e.g. privacy impact assessment, data mapping analysis, establishing a effective accountability framework, prepare for a data privacy audit from a data protection authority (DPA) etc.

The certification exam blueprint 

The examination model of multiple-choice questions, group assignment and a final exam will assess the general knowledge of the data protection law, the understanding on how to interpret and apply the legal framework as well as the capability to set-up a data protecetion compliance framework in practice. The following topics are covered in the examination:

ECPC-A Jump-start: Privacy fundamentals
MCQ test

• The legal framework 
• Key data protection concepts, principles and obligations
• Actors, roles and responsibilities
• Data subjects’ rights
• Processing sensitive personal data
• Data security
• Third country data transfers
• Supervisory authorities

ECPC-B DPO: Setting up and implementing a GDPR compliance framework in practice
Group assignment and final exam

• Essential data protection principles and requirements
• The role of the DPO and the interaction with the rest of the organisation
• Grounds for processing, including legitimate interest and consent
• The rights of data subjects and how to handle them

Getting technical

• Data protection by design and default
• Data protection impact assessments
• Data security- and data breach management

Data transfers

• Adequacy decisions
• Standard Contractual Clauses
• Binding Corporate Rules
• Derogations and exceptions, including data subject consent
• Transfer personal data safely

Demonstrating compliance

• Accountability requirements
• Setting up policies and procedures
• Evidence collection
• Privacy Audits
• Supervision, enforcement action and sanctions

ECPC Maastricht University examination process

Multiple-choice test
The multiple-choice test consists of 60 multiple-choice questions to be completed online.

Group assignment
Regular group work and assignments will be part of the training course; the individual performance of the participants in the various group assignments is evaluated.

Final exam
The final exam will be a written examination, based on a case with open questions. In order to guarantee a fair process, two randomly allocated reviewers from the examination board will evaluate the written exams separately. The Chair of the examination board will have the last word after seeing the conclusions of both reviewers. 

Language
The training courses as well as the examinations are offered in English only. No points are deduced due to possible grammar or language mistakes in the English language and the time limits set give sufficient time to non-native English speakers.

Handling of exams
Maastricht University takes all available precautions to ensure an appropriate and secure handling of completed tests. In the rare and unlikely case in which the tests become lost or unreadable, candidates will be required to undergo re-testing, without being charged a fee. Candidates will be responsible for their own travel-associated expenses for future testing.

Re-sit
Maastricht University offers you the possibility to do a free-of-charge re-sit within one year in case you did not manage to reach the set threshold and did therefore not pass the exam. The dates and locations for re-sits will be communicated to the candidates in writing.

Certificate validity
Privacy and data protection issues change continuously; for this reason our training courses focus on giving you the right methodology at hand to perform professionally and effectively as a DPO. Nevertheless, it is important to keep yourself ahead and update your knowledge regularly. Therefore, the Maastricht University Professional Certificates are valid for a first period of two years. After this initial period of two years you will need to prove the following every two years in order to maintain the validity of your certification:

Completion of at least 10 hours of ECPC training on data protection related issues, seminars, workshops or webinars. A full list of events is published at https://www.maastrichtuniversity.nl/ecpc.

or

10 hours of academic teaching or speaking in public at conferences/events about data protection topics of the ECPC exam blueprint publishing at least 10,000 words of publicly accessible research-based material (e.g. papers, articles, newsletters…) related to the data protection topics of the ECPC exam blueprint. Published material for purposes internal to a certified person’s organization are not eligible.