Should the DPO be certified

Eric Lachaud

Research output: Contribution to journalArticleScientificpeer-review


The General Data Protection Regulation proposal (GDPR) set stringent requirements about the skills of the Data Protection Officer (DPO) but does not provide any cue to ensure that DPOs really possess these competences.This paper explores the interest in introducing a certification process to certify the skills of the DPO. It shows that certification could be a way to ensure the consistency of the competences of the DPO throughout Europe.Public and private certification schemes, which are both encouraged in the last version of Article 39 of the GDPR, would be relevant and workable. The private schemes that already certify the competences of the data protection professionals in Europe offer a ready-to-go solution that must be evaluated.However, certification as a self-regulation tool presents drawbacks, especially in terms of reliability that limits its value as a regulatory tool.
Original languageEnglish
Pages (from-to)189-202
Number of pages14
JournalInternational Data Privacy Law
Issue number 3
Publication statusPublished - 1 Aug 2014


  • Certification
  • certification mechanisms
  • GDPR


Dive into the research topics of 'Should the DPO be certified'. Together they form a unique fingerprint.

Cite this