Integrated Data Privacy Professional (IDPP™) Certification

Become a versatile professional who can integrate governance, strategy, performance, risk, compliance, ethics, security, privacy, and audit to achieve Data Privacy objectives. The Integrated Data Privacy Professional (IDPP) certification demonstrates that you have the understanding and skills to apply the Data Privacy Capability Model in your organization.

Become a versatile professional who can integrate governance, strategy, performance, risk, compliance, ethics, security, privacy, and audit to achieve Data Privacy objectives. The Integrated Data Privacy Professional (IDPP) certification demonstrates that you have the understanding and skills to apply the Data Privacy Capability Model in your organization.

This certification is your current focus. If you want to change your focus, remove your focus from this certification and pick another one to focus on.

Integrated Data Privacy Professional (IDPP™) is your current focus. Go to your program dashboard for more information on resources and examination.

Become a versatile professional who can integrate governance, strategy, performance, risk, compliance, ethics, security, privacy, and audit to achieve Data Privacy objectives. The Integrated Data Privacy Professional (IDPP) certification demonstrates that you have the understanding and skills to apply the Data Privacy Capability Model in your organization.

Show me alternatives

Become a versatile professional who integrates governance, strategy, performance, risk, compliance, ethics, security, privacy, and audit to achieve Principled Performance. The GRC Professional (GRCP) certification demonstrates that you have the understanding and skills to apply GRC in your organization.

Show me alternatives

This certification is currently in beta. The final is expected soon. During the beta period, we are provisionally certifying individuals who pass the beta IDPP exam.

Globally Recognized Data Privacy Certification

Get certified by the global nonprofit that invented GRC 20 years ago

What is the IDPP?

Effective data privacy management is an essential aspect of a GRC capability that drives the attainment of Principled Performance. The Integrated Data Privacy Professional (IDPP) certification validates that you understand how to develop an effective and fully integrated data privacy program. It ensures that you have the versatile skill set to integrate and advise on applying a GRC approach to the governance, management, and assurance of the data privacy program.

IDPP Candidate Handbook

Elevate your expertise in data privacy management with the Integrated Data Privacy Professional (IDPP) certification, a hallmark credential that signifies your proficiency in developing comprehensive and integrated data privacy programs. By obtaining IDPP certification, you demonstrate your adeptness in applying a GRC approach to govern, manage, and assure data privacy programs effectively.

What does the IDPP Cover?

The IDPP is based on the essential body of knowledge used daily by data privacy professionals. With the help of experts, this body of knowledge was identified, analyzed, and documented in the Data Privacy Capability Model. The IDPP also relies on data privacy laws, rules, regulations, and concepts found in the public domain.

We recommend using these resources to prepare for the IDPP Exam

  • Data Privacy Capability Model contains the essential body of knowledge for IDPP.
  • Integrated Data Privacy Professional Hands On Training is exclusively offered by our global training partner, Straits Interactive.
  • Data Privacy Fundamentals is a self-study online course provided to deepen your understanding of the audit and assurance concepts addressed in the Data Privacy Capability Model (under development)

While the exam does not require course attendance, most people who pass on the first attempt report that a course helped them pass.

The IDPP Exam is available now for members with an All Access Pass.

Is IDPP right for me?

The IDPP certification provides individuals with a holistic approach to governance, risk, and compliance, with a specific focus on the data privacy/protection domain. It is perfect for anyone who works directly or indirectly in any aspect of data privacy, protection, or governance.

IDPP helps to integrate what you do with the other departments and disciplines, including mainline business operations.

Our certifications are open and accessible to all professionals. We accept candidates from diverse cultural, educational, and professional backgrounds. We do not require specific experience or educational degrees to apply.

When should I get IDPP?

IDPP is a versatile certification aimed to serve versatile needs for professionals in all stages of their careers. Professionals can use the IDPP in several scenarios:

  • Starter. Some professionals use the IDPP as a starting point for their careers in data privacy and protection. By understanding and applying the IDP Capability Model, you will gain traction ahead of your peers no matter what role you are in today – and it also gives you a well-rounded and versatile foundation to grow into other GRC or data governance roles over time!
  • Enhancer. Some professionals use the IDPP to enhance an existing certification in GRC (or a specific GRC role) or a certification in information privacy management, such as CIPP or CIPM. For example, a risk manager may have a certification in quantitative risk management – IDPP helps to integrate risk concepts in business operations as well as governance, strategy, compliance, security, and audit with data privacy. An audit manager may have a certification in internal audit – IDPP helps to integrate audit concepts in business operations as well as governance, strategy, risk, compliance, and security with data privacy. All of this makes you well-rounded and versatile.
  • Capstone. Some professionals use the IDPP as a capstone “on top of” a collection of existing certifications. IDPP uniquely integrates the many disciplines within data privacy, such as governance, strategy, risk, compliance, security, and audit. Professionals who have one or more certifications in those disciplines find value in the way IDPP cohesively pulls everything together into a framework and methodology.

For new and experienced professionals

  1. New Professionals

    Becoming an IDPP is the perfect way to start your career in data management and privacy protection, whether from a process or technology perspective. The big picture of GRC helps you integrate data privacy with governance, strategy, performance, risk, compliance, ethics, security, privacy, and audit. IDPP helps you understand the inner workings within and between other departments, including a greater understanding of how they operate, how they think, and what they need to be successful. And with IDPP, you open up more options in your career as you move forward.

  2. Experienced Professionals

    Becoming an IDP Professional is the perfect way to enhance existing certifications or to upgrade your skills in areas where you lack experience so that you can do even better work. As a data privacy professional, you may already have a certification from a professional association. However, most of these associations focus on a particular discipline (compliance, risk, internal control, security, etc.). IDPP helps to make you more well-rounded.

How do I get the IDPP Certification?

All of our certifications use a similar streamlined process. We pride ourselves on simplicity and accessibility. All of our exams are online and available at any time. No need to schedule! We include everything you need as part of your All Access Pass. To be clear, everything is included for no additional fees.

  1. 1. Get All Access Pass

    Our All Access Pass provides everything you need to prepare for this and all of our other certification exams. One fee for education, preparation, certification, and maintenance.

    Everything is included for no additional fees.

  2. 2. Prepare for IDPP

    Study the essential body of knowledge contained in the open-source Data Privacy Capability Model. The essential body of knowledge and self-study are included for no additional fees.

    Learn more through a hands on experience provided in an enhanced course delivered by Straits Interactive, our authorized training partner and primary contributing author of the IDPP, that teaches the Data Privacy Fundamentals content and shows you how to apply it.

    The Integrated Data Privacy Professional Hands-on Course is a comprehensive 3-week program combining E-Learning and 6 'live' tutorials over Zoom to go beyond theory. It enables GRC professionals to understand how to integrate the specialist subject matter of Data Privacy into the broader GRC capability and teaches Privacy professionals to integrate GRC concepts and capabilities into their data privacy management program. Learn more here.

  3. 3. Apply for IDPP

    Our certifications are open and accessible to all professionals. We accept candidates from diverse cultural, educational, and professional backgrounds.

    We do not require specific experience or educational degrees to apply.

    Just complete a simple form at the beginning of the exam to update your information and agree to the code of conduct.

    Application is included for no additional fees.

  4. 4. Earn the IDPP (Pass!)

    Access the online exam anywhere and anytime.

    The exam is limited to 1.25 hours (75 minutes) to answer 55 questions. Correctly answer 39 questions to pass. Exams are "open book," which means that you may use Google and other resources while taking an exam.

    You can retake an exam up to six times per year to pass it.

    The IDPP Exam also is offered at the end of the Integrated Data Privacy Professional Hands On Course offered by Straits Interactive.

    All retakes are included for no additional fees.

  5. 5. Maintain the IDPP

    Participate in the streamlined Unified Certification Maintenance program to maintain your certification. All continuing education is automatically tracked and administered under this unified program. Whenever you watch a video or attend an event on our website, it is automatically tracked and counted toward your certifications as appropriate.

    DOUBLE CREDIT! One CPE credit may track to multiple certifications. For example, a course on “Risk Assessments” counts toward all certifications that use Risk Assessment skills.

    All maintenance and CPEs are included for no additional fees.

  6. 6. BONUS! Add More Certifications

    Apply to gain additional certifications. We add new certifications regularly.

    All certifications are included for no additional fees.

FAQ about Preparing for IDPP

How long does it take to prepare for IDPP?

Preparation time varies based on your experience. People who pass the exam report anywhere from 2 hours to 40 hours of preparation before the exam.

This wide range is explained by the differences in background. If you are more experienced in data privacy/security then less time may be required to prepare vs. someone new to data privacy/security.

What is the best way to prepare for IDPP?

The essential body of knowledge for the IDPP is contained in the open-source Data Privacy Capability Model and other concepts in the public domain. We recommend that you:

  • Carefully study the Data Privacy Capability Model.
  • If you want more support in your preparations, consider participating in a detailed course over a three week timeframe, with hands on aspects - the Integrated Data Privacy Professional Hands On Course offered by Straits Interactive (our exclusive beta testing partner) live online or in person. There is a fee for this course.
How do I get IDPP Training?

During our beta test period, you can self-train using the Integrated Data Privacy Capability Model or attend the Integrated Data Privacy Professional On Hands Course offered by our exclusive beta test training partner, Straits Interactive.

What does it cost to get IDPP training?

When finalized, all of our self-study preparation courses for IDPP will be included for no additional fees. This means that Data Privacy Fundamentals is part of your All Access Pass.

During the beta test period, our exclusive beta test training partner, Straits Interactive, delivers the Integrated Data Privacy Professional Hands On Course for an additional fee. This hands on course will also continue to be available after the beta period. Click here to learn more.

FAQ about the IDPP Exam

How do I schedule the IDPP Exam?

All of our exams are online and available at any time. No need to schedule!

How do I apply for the IDPP exam?

Applying is simple! If you are already an OCEG member, we have most of the information necessary. Just complete a simple form at the beginning of the exam to update your information and agree to the code of conduct.

As a reminder, our certifications are open and accessible to all professionals. We accept candidates from diverse cultural, educational, and professional backgrounds. We do not require specific experience or educational degrees to apply.

How difficult is the IDPP Exam?

Most people who pass the exam report that they carefully studied the essential body of knowledge and completed the preparation course.

Those who fail tend to pass on a subsequent attempt if they study and complete a preparation course.

In other words ... STUDY and WATCH the videos or attend a class if you want to pass the exam.

What is on the IDPP Exam?

The IDPP certification demonstrates that you can apply the principles and practices of an effective data privacy capability. The exam covers awareness and application of concepts found in the Integrated Data Privacy Capability Model.

20% General Knowledge

  • Understand key terms and definitions related to data privacy
  • Understand key principles and drivers behind a data privacy capability
  • Understand background information found in the introduction of the Integrated Data Privacy Capability Model, including the data privacy lifecycle and the lawful bases of the processing
  • Understand the benefits of integrating a data privacy program throughout the business

80% IDP Capability Model Details

  • Understand the structure of the IDP Capability Model
  • Understand key management actions and controls
  • Understand design and implementation considerations
  • Overall 25% Learn – 20%, Align – 30%, Perform – 20%, Review – 5%

The IDPP topics and questions were determined by the authors, and a global expert review panel was assembled for the development of the Data Privacy Capability Model. The members of the review committee include former regulators and governmental advisors from several countries with advanced data privacy regulations, academics, and practitioners. Their input and other research yielded a blueprint that serves as a competency model for the IDPP.

We update the Integrated Data Privacy Capability model and IDP Professional Exam to reflect important and relevant changes in the global regulation and industry practices for data privacy.

How was the IDPP Exam developed?

The IDPP topics and questions were determined by the authors, and a global expert review panel was assembled for the development of the Data Privacy Capability Model. The members of the review committee include former regulators and governmental advisors from several countries with advanced data privacy regulations, academics, and practitioners. Their input and other research yielded a blueprint that serves as a competency model for the IDPP.

We update the Integrated Data Privacy Capability model and IDPP Exam to reflect important and relevant changes in the global regulation and industry practices for data privacy.

How many questions are on the IDPP Exam?

There are 55 scored questions and up to 10 unscored questions on the exam. We calculate your final score on the 55 scored questions. Scored questions have gone through a rigorous validation process.

The unscored questions are used to introduce and validate new questions without affecting your score. However, the unscored items are not labeled – so make sure you answer each question as if it counts!

All questions are multiple-choice.

How do I pass the IDPP Exam?

You have 1.25 hours (75 minutes) to complete the exam. You must correctly answer 70% or 39 of the 55 scored questions.

Is the IDPP Exam "open book" like the real world?

Yes! The exam is open-book, meaning you may use Google and other resources while taking the exam.

We believe that the exam process should reflect modern reality and user experiences. In your job, you use Google and online resources daily. You should be able to use these resources when you learn and when you take the exam.

However, don't be fooled! The exam is challenging even with the help of these resources.

When do I find out if I passed the IDPP?

You get your result immediately after taking the exam. If you pass, your certificate is immediately available for sharing and printing from your Certification Dashboard.

What happens if I fail the IDPP?

You may retake the exam up to six (6) times per year. Almost everyone is able to accomplish this goal. We believe that certification should be part of the learning process and help reinforce understanding and not just be a point-in-time proof of memorized knowledge.

Consider being fully prepared each time that you attempt the exam. Our database of questions is extensive, so it is unlikely that you will see the same questions each time that you attempt the exam.

FAQ about Maintaining IDPP

How long is my certificate valid?
  1. When a certificate is awarded, it is awarded for a full year starting on the day you passed the exam.
  2. Your first full year has no CPE requirement (because you spent at least 8 hours preparing for and taking the exam).
  3. Starting your second year, you must earn at least eight (8) credits of continuing education related to the certification topic annually.
  4. When a certificate renews, it renews for a full year. Automatic renewal on the day of certificate expiration happens if both of these conditions are true: a) Member has an active AAP and b) CPE requirement has been met (if applicable).
  5. If the expiration date passes and you do not meet both conditions, you have a grace period of 90 days to fulfill the requirements (renewing your AAP and/or getting enough credits). After the grace period is over, your certification gets deleted from our records, and certificates are no longer available for display.
Do I need to recertify every year?

NO! You only need to pass the exam once every five (5) years. We use continuing education requirements to ensure that you stay current with new developments.

How do I maintain the IDPP?

Maintaining ALL of your certifications is simple and straightforward. We use a Unified Certification Maintenance program on our website. Whenever you watch a video or attend an event on our website, it is automatically tracked and counted toward your certification.

You can see all of your current CPE credits on your Certification Dashboard and CPE Transcript.

The unified program allows you to track one CPE credit to multiple certifications. So, for example, a course on “Risk Assessments” would count toward not only THIS certification but also ALL other certifications that rely on Risk Assessment skills.

How do I submit CPEs for the IDPP?

You don’t have to!

All continuing education for OCEG certifications is automatically tracked and administered under a unified program on our website.

Whenever you watch a video or attend an event, such as a webinar on our website, it is automatically tracked and counted toward your IDPP (or other OCEG certifications as appropriate).

You may also manually submit CPEs from other pre-approved continuing education experiences.

You can check your CPE progress at any time on your CPE Dashboard.

Do I get "double credit" for CPEs?

Yes! Many of our continuing education experiences count toward multiple OCEG certifications. The unified program also allows you to track one CPE credit to multiple certifications. This means that a single webinar or course can count toward one or more of your certifications.

One experience. Multiple credits.

So, for example, a course on “Risk Assessments” would count toward not only IDPP but also several other certifications that rely on Risk Assessment skills.