How can I advance my Data Protection competency through an international certification?

As countries enforce their data protection laws it becomes apparent there are variations to suit the culture and business environment. Yet, generally all data protection laws adhere to a common reason for its existence. The laws recognise both the need to protect individuals’ personal data and the need of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.  By protecting personal data, the laws help to build confidence in the business environment and hence facilitate transactions, collaboration and consumer confidence.

There are principles that are common under the data protection laws across the various jurisdictions.  To this end, there are international certifications that attest to the professional knowledge of data protection professionals in these principles. One of the more widely accepted certifications is from the International Association of Privacy Professionals (IAPP).  The IAPP has developed a globally recognised certification program around information privacy. Its current certification offerings include the following credentials:

• Certified Information Privacy Professional (CIPP): seeks to identify professionals who work primarily with privacy laws, regulations and frameworks
• Certified Information Privacy Manager (CIPM): seeks to identify professionals who manage day-to-day privacy operations for businesses and organisations
• Certified Information Privacy Technologist (CIPT): seeks to identify IT professionals who work regularly (if not primarily) with privacy policies, tools and technologies on the job

These certifications comply with the ANSI/ISO/IEC 17024 standard, which means they have been developed to meet stringent requirements for analysing the field of data protection and privacy.

If you are trying to build your career in the Data Protection industry, you and many others like yourself will have realised by now that there are a variety of academic and professional courses to take and acronyms to understand. 

What are some of the jargons that are commonly used in the industry?

Data Protection / Privacy Laws

The Personal Data Protection Act 2012 sets out the law on data protection in Singapore. Apart from establishing a general data protection regime, the Act also regulates telemarketing practices.

In Thailand, the Personal Data Protection Act 2019 sets out the law on data protection. The law which was scheduled to take full effect in 2020 was extended by a year to May 2021 instead.

The law that governs data protection in Malaysia is the Personal Data Protection Act 2010. Since the data protection law came into effect, there have been discussions and proposed changes to keep pace and better protect interests. 

In the Philippines, the law that governs data protection is termed, Data Privacy Act of 2012.

Data Protection / Privacy Regulators

The Personal Data Protection Commission (PDPC) serves as Singapore’s main authority in matters relating to personal data protection and will represent the Singapore Government internationally on data protection related issues.

Similarly, Thailand’s PDPA will be regulated by their own Personal Data Protection Commission.

Meanwhile, the Department of Personal Data Protection, Ministry of Communications and Multimedia Malaysia is the agency responsible for the enforcement and regulation of the PDPA in Malaysia.

In the Philippines, the National Privacy Commission (NPC) is the regulator for data privacy.

GDPR - General Data Protection Regulation

The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.

Why should you take these courses?

CIPM - Certified Information Privacy Manager

The Certified Information Privacy Manager is the world's first and only certification in privacy programme management. When you earn a CIPM, it shows that you know how to make a privacy programme work for your organisation.

CIPT - Certified Information Privacy Technologist

The Certified Information Privacy Technologist credential shows the knowledge to build one's organisation's privacy structures from the ground up. This covers privacy by design, security architecture, software engineering, data management or audit.

CIPP/A - Certified Information Privacy Professional/ Asia

The Certified Information Privacy Professional/Asia (CIPP/A) credential is designed for any person, regardless of location, whose work as a privacy professional involves Asian data protection regulations. The certification covers multiple jurisdictions in the Asia region, addressing data protection laws in Hong Kong, India and Singapore and the regional privacy concerns in the rapidly growing landscape.

CIPP/E - Certified Information Privacy Professional/ Europe

The Certified Information Privacy Professional/ Europe (CIPP/E) credential demonstrates that the individual has the comprehensive GDPR knowledge, perspective and understanding to ensure compliance and data protection success in Europe. Additionally, an individual who achieves a CIPM credential with the CIPP/E will be uniquely equipped to fulfil the DPO requirements of the GDPR. The CIPP/E relates to the knowledge a DPO must have concerning the European legal framework of the legislation, and the CIPM relates to the theoretical aspects necessary to lead an organisation’s data protection efforts.

Add a CIPM credential to the CIPP/E and you will be uniquely equipped to fulfil the DPO requirements of the GDPR. The CIPP/E relates to the knowledge a DPO must have concerning the European legal framework of the legislation, and the CIPM the theoretical aspects necessary to lead an organisation’s data protection efforts.

Where can you find these courses and take them?

You can find the IAPP and other data protection courses on the Data Protection Excellence Network (DPEX) website at www.dpexnetwork.org/courses/. The IAPP courses are developed by the International Association of Privacy Professionals (IAPP) and are brought to Singapore by Straits Interactive through the community platform, DPEX Network.

The unique links can be found here - Certified Information Privacy Manager (CIPM), Certified Information Privacy Professional/Asia (CIPP/A), Certified Information Privacy Professional/Europe (CIPP/E) and Certified Information Privacy Technologist (CIPT).

Article by Lee Wen Xin and Steffi Tay
Edited by Leong Wai Chong, GRCP, CIPM

For more details or any enquiries, please email courses@straitsinteractive.com.