ECPC-A Jump-Start
GDPR Essentials – a jump-start Professional University Certificate

On completion of the course, participants take part in a multiple-choice test leading to the awarding of the ECPC-A Professional University Certificate. The examination takes place at the end of the one-day training course.

  • The multiple-choice test consists of 30 questions.
  • The test lasts approximately 45 minutes.
  • The passing score for obtaining the ECPC-A Professional University Certificate is 70%.

GDPR Compliance - DPO Professional University Certificate

In order to obtain the ECPC-B DPO Professional University Certificate, participants need to have either obtained the ECPC-A Jump Start certificate or will need to take the ECPC-A multiple-choice test. The jump-start is offered the day preceding the four-days course and as such participants can obtain their required ECPC-B DPO certification within one week. For experienced professionals, an exception can be made in order to skip the one-day jump start training; a request needs to be filed at the European Centre on Privacy and Cybersecurity by sending an email including your request for exemption of the jump-start training and your CV

Please note: If exemption of the jump-start training is granted, you still need to take and pass the multiple-choice test on the day preceding the four-day training course.

Throughout the course, the following examination elements need to be passed in order to obtain the ECPC-B DPO Professional University Certificate:

  • A group assignment under the supervision of tutors whereby the individual performance of the participants within the group is evaluated by two tutors independently.
  • A final examination at the end of the course based on cases. Participants can choose upfront for an oral or a written exam. (please note: In March 2018 no oral exam is offered)
  • The written exam lasts approximately 90 minutes, the oral exam lasts approximately 45 minutes (including preparation)
  • The passing score for obtaining the ECPC-B DPO Professional University Certificate is 70%.
  • The grades are weighted as follows: multiple choice test 25%, performance in the group work 25%, final examination 50%.

Problem Based Learning methodology

For years in a row now, Maastricht University applies successfully the Problem-Based Learning (PBL) education model. We believe, knowledge alone is not enough those days where we are facing changes constantly in the field of privacy, data protection and cybersecurity. Therefore, our ECPC-B certification programme is not focussed on a mere transfer of knowledge, but it follows the problem-based learning methodology: Throughout our training programme you are stimulated to actively work on real-life issues in order to acquire the skills needed to perform most effectively as a DPO in your organisation.

The training combines knowledge transfer followed by case studies based on real life scenarios, feedback sessions and group work with guidance of experienced professionals supervising the group process, asking critical questions, sharing their knowledge and providing support and tips as needed. In this way, you will get the most out of their expertise and also learn from each other’s experience. You learn dynamically by approaching issues actively, and as such you will be able to effectively set up operational policies and procedures and monitor data handling practices in your organization using tools such as e.g. privacy impact assessment, data mapping analysis, establishing a effective accountability framework, prepare for a data privacy audit from a data protection authority (DPA) etc.

The certification exam blueprint 

The examination model of multiple-choice questions, group assignment and a final exam will assess the general knowledge of the data protection law, the understanding on how to interpret and apply the legal framework as well as the capability to set-up a GDPR compliance framework in practice. The following topics are covered in the examination:

ECPC-A Jump-start: Privacy fundamentals
MCQ test

  • The legal framework (including GDPR)
  • Key data protection concepts, principles and obligations
  • Actors, roles and responsibilities
  • Data subjects’ rights
  • Processing sensitive personal data
  • Data security
  • Third country data transfers
  • The supervisory authority

ECPC-B DPO: Setting up and implementing a GDPR compliance framework in practice
Group assignment and final exam

  • Essential GDPR principles and requirements
  • The role of the DPO and the interaction with the rest of the organisation
  • Grounds for processing, including legitimate interest and consent
  • The rights of data subjects and how to handle them

Getting technical

  • Data protection by design and default
  • Data protection impact assessments
  • Data security management

Data transfers

  • Adequacy decisions
  • Standard Contractual Clauses
  • Binding Corporate Rules
  • Derogations and exceptions, including data subject consent
  • Transfer personal data safely

Demonstrating compliance

  • Accountability requirements
  • Setting up policies and procedures
  • Evidence collection
  • Privacy Audits
  • Supervision, enforcement action and sanctions

ECPC Maastricht University examination process

Multiple-choice test
The multiple-choice test consists of 35 multiple-choice questions to be completed on paper and corrected by Maastricht University staff.

Group assignment
Regular group work and assignments will be part of the training course; the individual performance of the participants in the group assignments is evaluated by two tutors independently.

Final exam
The final exam on the last day of the ECPC-B-DPO course can be taken as an oral or written exam. In order to guarantee a fair process, two randomly allocated reviewers from the examination board will evaluate the written exams separately. The Chair of the examination board will have the last word after seeing the conclusions of both reviewers. The oral exam committee will be composed of two members of the examination board and an observer. Further information on the possibility to register for the written or oral exam will be published soon.

The training courses as well as the examinations are offered in English only. No points are deduced due to possible grammar or language mistakes in the English language and the time limits set give sufficient time to non-native English speakers.

Handling of exams
Maastricht University takes all available precautions to ensure an appropriate and secure handling of completed tests. In the rare and unlikely case in which the tests become lost or unreadable, candidates will be required to undergo re-testing, without being charged a fee. Candidates will be responsible for their own travel-associated expenses for future testing.

Maastricht University offers you the possibility to do a free-of-charge re-sit within one year in case you did not manage to reach the set threshold and did therefore not pass the exam. For the re-sit you will always have to pass two elements of the exam: The multiple-choice test and the final exam. The grade for participation in the group assignment cannot be offered in the re-sit. The dates and locations for re-sits will be published online at https://www.maastrichtuniversity.nl/ecpc

Certificate validity
Privacy and data protection issues change continuously; for this reason our training courses focus on giving you the right methodology at hand to perform professionally and effectively as a DPO. Nevertheless, it is important to keep yourself ahead and update your knowledge regularly. Therefore, the Maastricht University Professional Certificates are valid for a first period of three years. After this initial period of three years you will need to prove the following every two years in order to maintain the validity of your certification:

Completion of at least 10 hours of ECPC training on data protection related issues, seminars, workshops or webinars. A full list of events is published at https://www.maastrichtuniversity.nl/ecpc.


10 hours of academic teaching or speaking in public at conferences/events about data protection topics of the ECPC exam blueprint publishing at least 10,000 words of publicly accessible research-based material (e.g. papers, articles, newsletters…) related to the data protection topics of the ECPC exam blueprint. Published material for purposes internal to a certified person’s organization are not eligible.

Gain from Maastricht University's 360 degrees feedback and realise your potential!

Holding the ECPC-B certification from Maastricht University shows employers you are a knowledgeable professional who has acquired the optimal methodology to manage privacy compliance effectively and interact with the rest of your organization in the fast-changing professional environment in which you need to operate.