To identify the skills and know-how of the Data Protection Officer (DPO), the CNIL has adopted two standards for DPO certification:
- A certification standard which sets the conditions for the admissibility of applications and the list of 17 skills and know-how expected to be certified as a DPO;
- An accreditation standard that sets the criteria applicable to organisations willing to be authorised by the CNIL to certify the DPO’s skills based on the certification framework it has developed.
The CNIL specified that certification is not mandatory to perform DPO duties. It is not a prerequisite to designate a DPO to the CNIL. There is no requirement to be nominated as a DPO to apply for this certification.
It is a voluntary mechanism that allows individuals to demonstrate that they meet the requirements of the DPO’s skills and expertise defined by the regulation.