What is the academic certificate route for a DPO?


In our DPEX Network Community, we recognise there is a diverse base of learners such as the following:

  • Data protection officers (DPO)/information security (Infosec) processionals
  • Governance/risk management/compliance functions (GRC)
  • Departmental/functional heads
  • Operational or specialized roles
  • Those who just want to enhance or switch careers

Not everyone is a trained legal professional. When designing the courses, we decided to approach the curriculum from an operational perspective to data protection practices (besides a purely legal perspective) so that adult learners can relate better to their everyday work scenarios. 

These courses also take into account competencies highlighted by the Personal Data Protection Commission of Singapore in their Data Protection Competency and Training Roadmap.

Hence, we divided the courses into two categories of competencies:

  • Data Protection Operational Excellence
  • Data Protection Principles

...and approached our DPEX Network partnering universities in the region to offer adult learning courses in data protection by incorporating these courses.

Roadmap of Data Protection Competencies

Example of the Singapore Management University Learning Roadmap

Upon successful completion of all the above modules within the two categories of competencies, the learner would have acquired all the necessary competencies. Note that the requirements towards the achievement of the advanced certificate, diploma or degree are dependent on the discretion of our DPEX Network partnering university. The above example is from the Singapore Management University Academy.

We expect De La Salle University of the Philippines and International Islamic University Malaysia to formalise their offerings by the end of 2020.

Data Protection Operational Excellence

As the name implies, we approached these courses from an operational compliance angle, catering to data protection functions and practices within an organisation.

In short, these courses, in our view, will help data protection officers and functions to achieve operational excellence in data protection. Hence, we have been working with several universities in the ASEAN region to incorporate these courses into their own local certificates/diplomas/degrees.



1. A Practical Approach to Data Protection for DPOs

Foundation course covering both local data protection law and basics of privacy management

2. Information & Cyber Security for Managers - EXIN Certification

Basic ISO27001/02 information security concepts from a management perspective

3. Advanced Data Protection Techniques: Data Protection by Design, DPIA & DPTM

3 key areas: Data Protection by Design, Data Protection Impact Assessment & Trustmarks

4. Data Protection Management Programme - DPMP

Insights to creating and implementing a data protection management programme

5. Data Protection Trends and Roles of the DPO

Key milestones in data protection and insights into the role of a DPO

Data Protection Operational Excellence Roadmap – Singapore Management University

The above is an example of the Advanced Certificate in Data Protection Operational Excellence offered by Singapore Management University (SMU).

Modular approach and flexibility

Learners can take any of these modular courses at any time and work towards attaining an Advanced Certificate in Operational Excellence. For example, in the case of SMU, course participants have one year to complete all the courses and would need to pass a mini assessment that will be given after each course module. The certificate will be awarded upon passing all of the assessments.


We also took into account that learners may not start their certificates as a beginner. Those who have already taken the Data Protection Hands-on course are exempted from taking the Practical Approach to Data Protection. For Singapore’s citizens or permanent residents, the course is also exempted for those who successfully passed the Practitioner Certificate in Data Protection AND have taken the PDPA – Operational Perspective courses or Fundamentals of the PDPA course.

Similarly, anyone with an IAPP Certified Information Privacy Manager (CIPM) professional certification (i.e. passed the examination) or anyone with a formal information security professional certification (e.g. IAPP Certified Information Privacy Technology (CIPT), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) will be exempted from taking the Information and Cybersecurity for Managers course.

Data Protection Principles

The other course category for data protection competencies is called Data Protection Principles. Breaching data protection principles carry the heaviest penalties under any data protection law. The curriculum was deliberately designed so that non-legal professionals especially those performing data protection functions can also take these courses without having a formal legal background as the content is presented with minimal legal language. However, regulatory references are still included for the convenience of legal professionals.

The scope of the content is catered primarily for those whose job scope covers ASEAN and to any extent Asia Pacific. The General Data Protection Regulation and Applications on Asia is therefore also covered. Although not every country in Asia Pacific is covered (e.g. Korea and Japan), the course Data Protection Framework and Standards provides the learner with the necessary knowledge to cover any kind of data protection jurisdiction.



1. Data Protection in Asia Part 1 - Singapore, Hong Kong, India

Covers Singapore (PDPA), Hong Kong (PDPO) and India’s IT rules/latest bill

2. Data Protection in Asia Part 2 - Philippines, Malaysia

Covers Philippines (DPA) and Malaysia (PDPA)

3. Data Protection in Asia Part 3 - Indonesia, Thailand, Rest of the World

Covers Indonesia (Bill), Thailand (PDPA) and rest of ASEAN

4. Data Protection in Asia Part 4 - Taiwan, China

Covers Taiwan (PDPA), China (PI Specifications)

5. General Data Protection Regulation (GDPR) and Application on Asia

Covers EU GDPR and relevance to Asia

6. Data Protection Framework and Standards, ISO 29100, Nymity Accountability and APEC Privacy Framework

Covers all frameworks and standards including ISO 27701

Data Protection Principles Roadmap – Singapore Management University

The above is an example of the Advanced Certificate in Data Protection Principles offered by Singapore Management University (SMU).


Any IAPP Certified Information Privacy Professional (CIPP) (i.e. passed the examination) will be exempted from certain course modules e.g. CIPP/A – Part 1, and CIPP/E – GDPR module).

Similarly, anyone who clears Part 1 and the GDPR module have the option to register and sit for the respective certification exams (CIPP/A and Exin GDPR certification) separately. Note that the GDPR module within the series of courses within the Data Protection Principles does not equate to the CIPP/E module. Learners will have to sit for the course and exams separately.

By Kevin Shepherdson, CEO, Straits Interactive Pte Ltd

Write to us at courses@straitsinteractive.com should you need advice.

Image by StockSnap from Pixabay

Become a DPEX Community member to access
data protection resouces and discussions on pertinent topics now.

Access online / in-person courses and view past training records


Join lively discussions on pertinent data protection topics


Gain access to data protection research and video resources


Receive value-added data protection updates from the region

Related Articles