EXIN Privacy & Data Protection: Foundation & Professional Certifications

Attain the skills and knowledge needed to pass the EXIN Foundation and Professional Examinations

The EU General Data Protection Regulation (GDPR) is considered the most important change in data privacy regulation in 20 years. The regulation protects the data of all EU subjects regardless of the country in which they reside or the platform on which their data resides.



EU Data protection law has been transformed and GDPR is now fully enforceable in the Cyprus and the rest of the world. Under GDPR, the requirements to justify and document your personal data processing are onerous and the penalties for non-compliance will be substantial.



Wherever personal data is collected, stored, used, and finally deleted or destroyed, privacy concerns arise. With the EU General Data Protection Regulation (GDPR) the Council of the European Union aims to strengthen and unify data protection for all individuals within the European Union (EU). This regulation affects every organization that processes personal data of EU citizens.


With the ever increasing explosion of information flooding the internet, every company needs to plan how to manage and protect privacy of persons and their data. Not without a reason, many new laws within the EU, as well as in the USA and many other regions, are formed in order to regulate both privacy and data protection.



The European Commission has published the EU General Data Protection Regulation (GDPR), meaning that from the 25th of May 2018 on, all organizations concerned must comply with specific rules.

Attain the EXIN Privacy & Data Protection Certifications

Training Fee

Register for Both Courses & Benefit from the 20% Discounted Fee!

HRDA Subsidised:

€604 + €214.51 (VAT)

Non-HRDA Subsidised:

€1,024 + €194.56 (VAT)

Foundation Certificate in General Data Protection Regulation (GDPR)

Starts 21/10 (14 hours)

The course covers the main subjects related to the GDPR. The new standard in the ISO/IEC 27000 series: ISO/IEC 27701:2019 Security Techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management – Requirements and Guidelines is useful for organizations that want to show compliance with the GDPR.

Professional Certificate in General Data Protection Regulation (GDPR)

Starts 15/11 (21 hours)

This is an advanced-level certification that validates a professional’s knowledge and understanding of the European privacy (data protection) legislation. The exam looks at the international relevance of these regulations and tests the individual’s ability to apply this knowledge and understanding in everyday professional practice.

These Are Also Standalone Courses

Register to the Full CFE Preparation Course

Industry Expert

Olympios is a Lawyer and a Member of the Cyprus Bar Assosiation, Partner at C.D. Datashield Privacy Services Ltd and the Data Protection Officer of the Democratic Party. He worked as a Lecturer on European Union Law at various Higher Education Institutions in Cyprus. He obtained his LLB degree from the University of Leicester and his LLM degree on EU Law from the same University. He is a Certified Privacy and Data Protection Practitioner.

Olympios Christofi

Programme Information

21/10/2022 | 09:00-17:15

26/10/2022 | 09:00-17:15

15/11/2022 | 09:00-17:15

22/11/2022 | 09:00-17:15

24/11/2022 | 09:00-17:15

HRDA Subsidised: 604 + 214.51 (VAT)

Non-HRDA Subsidised: 1,024 + €194.56 (VAT)


Privacy and data protection fundamentals & regulations

  • Definitions
  • Personal data
  • Legitimate grounds and purpose limitation
  • Further requirements for legitimate processing of personal data
  • Rights of data subjects
  • Data breach and related procedures

Organising data protection

  • Importance of data protection for the organisation
  • Supervisory authority
  • Personal data transfer to third countries
  • Binding Corporate rules and data protection in contracts

Practice of data protection

  • Data protection by design and by default related to information security
  • Data protection impact assessment (DPIA)
  • Personal data in use

Data Protection Policies 

  • Purpose of the Data Protection and Privacy Policies within an Organization
  • Data Protection by Design and by Default

Managing and Organizing Data Protection

  • Phases of the Data Protection Management System (DPMS)

Roles of the Controller, Processor and Data Protection Officer (DPO) 

  • Roles of the Controller and Processor
  • Role and Responsibilities of a DPO

Data Protection Impact Assessment (DPIA) 

  • Criteria for a DPIA
  • Steps of a DPIA

Data Breaches, Notification and Incident Response 

  • GDPR Requirements with Regard to Personal Data Breaches
  • Requirements for Notification

EXIN Privacy & Data Protection Foundation is ideal for professionals who must have an understanding of data protection and European legal requirements as defined in the GDPR. This certification is tailored to data protection officers (DPOs), compliance officers, security officers, HR staff, process and project managers.


EXIN Privacy & Data Protection Practitioner is ideal for: Data Protection Officers (DPOs), Privacy Officers, Legal / Compliance Officers, Security Officers, Business Continuity Managers, Data Controllers, Data Protection Auditors (internal and external) and HR managers. As this is an advanced-level certification, it is advisable to have passed EXIN Privacy and Data Protection Foundation or have attended other similar type of courses or certifications before taking this exam.

Exam is optional, and participants will receive a certificate of attendance by EIMF without sitting the relevant EXIN examinations. If you choose to take the exam you will need to inform us, so we can make necessary arrangements.

EIMF, as an EXIN Accredited Training Provider and Exam Centre, is offering preparation courses and examinations to become a Privacy & Data Protection Professional. 

EXIN Anywhere | EXIN Anywhere lets you take the exam for your certification online. This means taking your exam at a time and location convenient to you. So this can be at home, in a meeting room at the office or in any other secluded space where else you feel comfortable. The only conditions are that you have an internet connection, a laptop that meets the requirements and that there is no one else in the room with you. Learn more

  • Examination type: Multiple-choice questions
  • Number of questions: 40
  • Pass mark: 65% (26/40)
  • Open book: The GDPR text may be consulted throughout the exam. It is provided as an appendix to the digital exam. Candidates are required to bring their own copy for paper-based exams.
  • Notes: No
  • Training mandatory: Yes
  • Electronic equipment/aides permitted: No
  • Exam duration: 120 minutes
  • Exam Fee: €200 + VAT

The Rules and Regulations for EXIN’s examinations apply to this exam.

Download Exam Syllabus here



United Kingdom

Get in touch

A member of the EIMF team will contact you within 24 hours after submitting this form.

Privacy PolicyCookie Policy

Member of EIMF GROUP © 2022. All Rights Reserved.