Certified Privacy Professional

Evidence of Comprehensive Understanding of Personal Data and Privacy Protection


  1. OCPP – Ostendo Certified Privacy Professional certificate is an evidence of a holder’s comprehensive understanding of personal data and privacy protection in the EU from legal, organisational, technical and managerial perspectives.

Designed to cover all important aspects of a modern approach to this demanding professional field, OCPP has been evaluated by an European Data Protection Body member institution – the Croatian Data Protection Agency and found to be adequate for testing professional knowledge and the ability to carry out all activities and duties of Data Protection Officer (DPO) as required by the GDPR.

why is OCPP right for me?

If you are building a professional career in privacy and personal data protection, taking the OCPP exam will help you measure your knowledge and ability to make decisions in managing personal information as a data protection officer, an internal auditor, a business manager, an IT manager or any other business function which is directly or indirectly involved in personal data processing decision making.

How to get certified?

To become OCPP certified, you are required to pass an on-line exam consisting of 100 questions distributed amongst 5 professional domains, as seen on the table below:
In-depth understanding of the GDPR and EU privacy regulation  45%
Information security and understanding security needs of the controller 25%
Understanding information systems for data processing  15%
Understanding of the data processing activities in the data controller’s industry  10%
Case-law and practices


The OCCP exam consists of multiple-choice questions (MCQ), meaning you need to select one out of the multiple provided answers. Questions are formulated either in a form of an actual question or an incomplete statement. There are no essay questions and no negative marks for incorrect answers. There are 100 questions in total, and to successfully pass the exam a candidate has to correctly answer 70% of them, while achieving a minimum of 60% per each individual topic.

maintaining YOUR OCPP STATUS

To keep certification status, OCPP professionals are required to attend at least 40 hours of continuous professional education (CPE) per year and pay the annual maintenance fee.

CPE credits can be earned by attending or speaking at events covering OCPP professional domains, attending professional trainings, as well as writing professional and academic papers.

Certified professionals are required to provide a list of activities for their CPE credits to be verified.

The Certification committee will conduct occasional checks, so we encourage you to keep education records and evidences (conference program, attendee badge, invoices, etc.) for all reported CPE credits.


There are two types of fees to pay:

  • Exam fee (to purchase the OCPP exam): $149
  • Maintenance fee annually: $99
  • We want you to pass, but in case you fail, use the coupon code RETAKE25 to get 25% discount in your second try.


OCPP is currently available in following languages:

  • English
  • Croatian


To apply for the OCPP you need to first register with our certification platform Mettl and then pay the examination fee online. All major credit cards are accepted. Once you start the exam, you will have two hours to finish all questions.


The OCPP exam was created by professionals for professionals.
The exam domains and criteria as well as the questions are designed by a multidisciplinary team of legal, management and IT professionals with extensive experience in design and implementation of personal data management and protection architectures for leading international enterprises, public and government organizations in the EU.

OCPP ensures objective testing criteria and evaluation.
Since it is a computer-based test the answers are evaluated automatically by the system, thus removing the possibility of human error and ensuring absolute objectivity of the testing process.

OCPP is adequate for DPO’s and similar privacy professionals
The OCPP examination criteria and professional domains have been evaluated by the EDPB (European Data Protection Board) member, the Croatian Personal Data Protection Agency and found to be adequate for testing professional knowledge and the ability to carry out all activities and duties of the Data Protection Officer (DPO) as required by the GDPR. GDPR does not provide professional certification for DPOs, but data controllers and processors are required to appoint a DPO with adequate knowledge and ability to conduct this demanding function. OCPP is great way for testing it. 


You can take the exam online, from the comfort of your home or your office using your own computer. It will take two hours.

We advise you to take the exam on a personal computer (not a mobile phone/tablet), to avoid any potential difficulties that could stop you from successfully taking the exam (i.e. getting a phone call, SMS, notification, etc.).

It’s an “open-book” exam, so as candidates you are allowed to use literature and the internet while taking the exam. However, just pure knowledge of facts will not be enough to pass, since OCPP is about applied knowledge and understanding. The examination questions are designed to put the candidate into real-world situations, in which external resources will be available anyways. Some questions are designed in such a way that you can answer them straight away without any or with the minimal use of external sources, while others are designed to make you think. To answer such questions, you will need to dig deeper into a number of sources and choose the best answer among the offered ones. Some questions are designed not only to evaluate knowledge, but also your ethical thinking and decision-making ability. These questions could put you into a moral dilemma, and make you think and reconsider your answers twice.


There are many courses which can help you prepare for the OCPP exam, but very few cover all 5 of the professional domains in this exam. So, preparing for the OCPP exam will require an individual approach depending on your professional-background and knowledge.

For the domains that cover the legal aspects the best sources to learn from are the following:

  • EU data protection and privacy regulation
    (e.g. GDPR, e-Privacy Directive, Data Protection Directive, Convention No. 108, etc.)
  • WP29/EDPB guidelines
    (e.g. WP 243 rev.01, WP 260 rev.01, WP 248 rev.01, WP 259 rev.01, WP 217, WP 169, WP 250 rev.01, etc.)
  • Selected case-law of the EU Court of Justice
    (e.g. Bodil Lindqvist (C- 101/01), Volker und Schecke GbR (C-92/09 and C-93/09), Digital Rights Ireland (C-293/12), Costeja (C-131/12), Schrems (C-362/14), Breyer (C-582/14), Ryneš (C-212/13), Nowak (C-434/16), Fashion ID GmbH (C-40/17), Jehovah’s Witnesses (C-25/17), Wirtschaftsakademie Schleswig-Holstein GmbH (C-210/16), Tele2 Sverige and Watson (C-203/15 and C-698/15), etc.)
  • Selected case-law of the European Court of Human Rights
    (Peck v. UK (44647/98), Gardel v. France (16428/05), Barbulescu v. Romania (61496/08), Antović and Mirković v. Montenegro (70838/13), Niemietz v. Germany (13710/88), López Ribalda and Others v. Spain (1874/13), Malone v. UK (8691/79), Satakunnan v. Finland (931/13), S and Marper v. UK (30562/04 and 30566/04), K.U. v Finland (2872/02), L.H. v. Latvia (52019/07), etc.)
  • Guidelines and opinions provided by EU national supervisory bodies

If your professional background isn’t in IT, you will most probably need to focus a bit more on information security. Courses covering information security management (e.g. ISO 27001) and those covering the basic principles of minimization, anonymization and encryption should be enough.


The OCPP certificate is of informative nature so interested third parties (such as an employer, business partner, or supervisory authority) could easily verify the authenticity of the certificate.

The authenticity of the OCPP certificate can be verified here.


To apply for the OCPP you need to first register with our certification platform Mettl and then pay the examination fee online. All major credit cards are accepted. Once you start the exam, you will have two hours to finish all questions.

Copyright (c) Ostendogroup 2020, 2021 |