Training
Certified Indonesian Personal Data Protection Officer
CIPDPO SCHEME
This certification scheme for the certification of personnel competence engaged in the Certified Indonesian Personal Data Protection Officer (CIPDPO) based on SKKNI No. 103 Tahun 2023.
CBQA Global has formed an Impartiality Committee and delegated to the IC that has responsibility for maintaining an overview of the operations of LSP. Membership of committees is open to the participation of individuals and organisations representative of stakeholders in the Scheme.
This document is prepared for the general requirements and procedures common to all general parts of the scheme. This scheme covers certification related to Certified Indonesian Personal Data Protection Officer (CIPDPO) based on SKKNI No. 103 Tahun 2023 coming for the certification.
BENEFIT
ENHANCE PROFESSIONAL COMPETENCY
- This certification ensures CIPDPOs have an in-depth understanding of data protection regulations under the PDP Act 2022.
- It equips CIPDPOs with practical skills in data management, risk assessment and implementing data protection policies in compliance with the law.
TRUST AND CREDIBILITY
- Certification provides evidence that an individual has the recognized competencies to fulfill the responsibilities of a CIPDPO.
- It enhances the credibility and trust of stakeholders in the individual's ability to protect personal information.
REGULATORY COMPLIANCE
- Helps organizations comply with the PDP Act of 2022 by ensuring that their CIPDPOs have a recognized certification.
- It reduces the risk of data breaches and regulatory liabilities that can result from non-compliance.
THE REQUIREMENT FOLLOWING CIPDPO CERTIFICATION:
- Minimum diploma;
- Having 1 year experience (at minimum) related to DPO/PDP. If the experience related to DPO/PDP is not sufficient, the participant must conduct additional training related to DPO/PDP for at least 2 days;
- Has attended DPO/PDP Training or related activities such as workshop, webinar, FGD, etc;
- Understanding the main tasks and functions of DPO/PDP;
- Understanding PDP law and other regulation related to DPO/PDP;
- Having technical and operational knowledge of DPO/PDP;
- If job description including data transfer to other country, participant should understand privacy law in that country.
Note: Requirements 1-3 are mandatory, other requirements are preferable
CIPDPO COMPETENCY UNITS
|
No. |
Competency Unit Code |
Competency Unit Title |
|
1. |
J.62PDP00.001.1 |
Determine the foundation of the Personal Data Protection Work Program |
|
2. |
J.62PDP00.002.1 |
Determine the Need for Personal Data Protection Team Structure |
|
3. |
J.62PDP00.003.1 |
Defining a Personal Data Protection Framework |
|
4. |
J.62PDP00.004.1 |
Identifying Laws and Regulations Related to Personal Data Protection |
|
5. |
J.62PDP00.005.1 |
Defining a Personal Data Protection Strategy |
|
6. |
J.62PDP00.006.1 |
Develop Risk Matrix Criteria Personal Data Protection |
|
7. |
J.62PDP00.007.1 |
Conducting an Impact Assessment Personal Data Protection |
|
8. |
J.62PDP00.008.1 |
Testing the Effectiveness of Work Programs Personal Data Protection |
|
9. |
J.62PDP00.009.1 |
Developing Personal Data Protection Governance |
|
10. |
J.62PDP00.010.1 |
Establishing Personal Data Protection Management in its Domain |
|
11. |
J.62PDP00.011.1 |
Implementing the Work Program Personal Data Protection |
|
12. |
J.62PDP00.012.1 |
Conducting Monitoring of Personal Data Protection Work Program in Compliance with Regulations |
|
13. |
J.62PDP00.013.1 |
Formulate Suggestions to Relevant Management |
|
14. |
J.62PDP00.014.1 |
Managing Audits Related to the Personal Data Protection Work Program |
|
15. |
J.62PDP00.015.1 |
Ensure that the follow-up to the results of the Personal Data Protection Audit is carried out by the relevant unit. |
|
16. |
J.62PDP00.016.1 |
Formulate a Process for Obtaining Consent for Processing Personal Data |
|
17. |
J.62PDP00.017.1 |
Responding to Personal Data Information Request As required |
|
18. |
J.62PDP00.018.1 |
Ensuring Personal Data Protection is Integrated into Incident Response Management |
|
19. |
J.62PDP00.019.1 |
Ensure Inside Response Management of Personal Data Protection Failures is in place |
RESULT OF EXAMINATION
The Written & Verbal Examination that has been answered by the candidate is sent to Examiner/Assessor. Based on the the results of examination is the criteria for evaluation. The same is evaluated and decision on granting of certification is taken by Technical Reviewer.
To be eligible for certification all candidates must achieve a score of no less than 70% in the general, and 50% in each section for written examination and for verbal examination no less than 70 in the general.
RE-EXAMINATION
A candidate who fails to obtain the pass grade, may be re-examined twice in the failed part(s), provided the re-examination takes place not sooner than one month, unless further training acceptable to is satisfactorily completed, not later than six months after the original examination.
A candidate who fails all permitted re-examinations shall apply for and take the initial examination according to the procedure established for new candidates.
A candidate whose examination results have not been accepted for reason of fraud or unethical behavior shall wait at least 12 months before re-applying for examination.
CERTIFICATION
Successful candidates will be issued a certificate of competence, which indicates that all conditions for certification, as detailed in the present specification document, are met. Issue of certification normally takes place within 30 days from the date of the examination.
VALIDITY OF CERTIFICATION
The period of validity of the certification is normally of 3 (three) years from the date of certification, and the expiry date is indicated on the certificate.
