Requirements for professional profiles related to personal data processing and protection

The standard defines the requirements related to the professional activity of subjects active in the processing and protection of
personal data, namely the intellectual profession that is pursued at different levels of complexity and in different organizational
contexts, both public and private.
These requirements are specified, starting from the specific tasks and activities identified, in terms of knowledge, skills and
competence, in accordance with the European Qualifications Framework - EQF and are expressed in such a way as to facilitate and
contribute to harmonize, as far as possible, evaluation and validation processes of learning outcomes.

Anforderungen an Berufsprofile im Zusammenhang mit der Verarbeitung und dem Schutz personenbezogener Daten

Dieses Dokument definiert die Anforderungen an die berufliche Tätigkeit von Personen, die im Bereich der Verarbeitung und des Schutzes personenbezogener Daten tätig sind, d. h. an den intellektuellen Beruf, der auf verschiedenen Komplexitätsniveaus und in verschiedenen organisatorischen Kontexten, sowohl im öffentlichen als auch im privaten Bereich, ausgeübt wird.
Diese Anforderungen werden ausgehend von den identifizierten spezifischen Aufgaben und Tätigkeiten in Form von Wissen, Fertigkeiten und Kompetenzen in Übereinstimmung mit dem Europäischen Qualifikationsrahmen (EQR) spezifiziert und so ausgedrückt, dass sie die Evaluierungs- und Validierungsprozesse von Lernergebnissen erleichtern und so weit wie möglich zur Harmonisierung beitragen.

Exigences relatives aux profils de professionnels en lien avec le traitement et la protection de données à caractère personnel

Le présent document définit les exigences relatives à l'activité professionnelle des personnes intervenant activement dans le traitement et la protection des données à caractère personnel, à savoir la profession intellectuelle menée à différents niveaux de complexité et dans différents contextes organisationnels, à la fois publics et privés.
Ces exigences sont spécifiées en des termes de connaissances, d'aptitudes et de compétences conformément au cadre européen des certifications (CEC), en commençant par les tâches et activités spécifiques identifiées, et sont exprimées de telle manière à faciliter et contribuer à harmoniser, dans la mesure du possible, les processus d'évaluation et de validation des résultats d'apprentissage.

Zahteve za poklicne profile pri obdelavi in varovanju osebnih podatkov

Ta standard določa zahteve v zvezi s poklicno dejavnostjo oseb, ki so aktivne pri obdelavi in varstvu osebnih podatkov, in sicer intelektualnih poklicev, ki se jih opravlja z različnimi stopnjami zapletenosti in v različnih organizacijskih okvirjih, tako zasebnih kot javnih.
Te zahteve so določene, in sicer vse od posebnih nalog in dejavnosti v smislu znanj, spretnosti in pristojnosti, v skladu z evropskim ogrodjem kvalifikacij (EQF), in so izražene na način, da v največji možni meri olajša in prispeva k usklajenosti procesov ocenjevanja in preverjanja učnih rezultatov.

General Information

Status
Published
Publication Date
24-Oct-2023
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Start Date
25-Oct-2023
Due Date
05-Aug-2022
Completion Date
25-Oct-2023

Buy Standard

Standard
EN 17740:2024
English language
53 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-april-2024
Zahteve za poklicne profile pri obdelavi in varovanju osebnih podatkov
Requirements for professional profiles related to personal data processing and protection
Anforderungen an Berufsprofile im Zusammenhang mit der Verarbeitung und dem
Schutz personenbezogener Daten
Exigences relatives aux profils de professionnels en lien avec le traitement et la
protection de données à caractère personnel
Ta slovenski standard je istoveten z: EN 17740:2023
ICS:
03.100.30 Vodenje ljudi Management of human
resources
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 17740
NORME EUROPÉENNE
EUROPÄISCHE NORM
October 2023
ICS 03.100.30; 35.030
English version
Requirements for professional profiles related to personal
data processing and protection
Exigences relatives aux profils de professionnels en Anforderungen an Berufsprofile im Zusammenhang
lien avec le traitement et la protection de données à mit der Verarbeitung und dem Schutz
caractère personnel personenbezogener Daten
This European Standard was approved by CEN on 4 September 2023.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.

CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2023 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. EN 17740:2023 E
reserved worldwide for CEN national Members and for
CENELEC Members.
Contents Page
European foreword . 4
Introduction . 5
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
4 Professional profile tasks and specific activities . 8
4.1 General. 8
4.2 Introduction to professional profiles . 8
4.3 Tasks and activities of the professional operating in the processing and protection of
personal data . 9
5 Knowledge, skills and competencies associated with professional activity . 9
5.1 General. 9
5.2 Data protection officer professional profile . 9
5.2.1 Short description . 9
5.2.2 Mission . 9
5.2.3 Deliverables . 10
5.2.4 Main tasks . 11
5.2.5 Skills . 11
5.2.6 Knowledge . 13
5.2.7 Area of application of KPIs . 14
5.3 Data protection manager professional profile . 14
5.3.1 Short description . 14
5.3.2 Mission . 15
5.3.3 Deliverables . 15
5.3.4 Main tasks . 16
5.3.5 Skills . 17
5.3.6 Knowledge . 19
5.3.7 Area of application of KPIs . 21
5.4 Data protection specialist professional profile . 21
5.4.1 Short description . 21
5.4.2 Mission . 21
5.4.3 Deliverables . 21
5.4.4 Main tasks . 22
5.4.5 Skills . 23
5.4.6 Knowledge . 24
5.4.7 Area of application of KPIs . 27
5.5 Data protection engineer professional profile. 27
5.5.1 Short description . 27
5.5.2 Mission . 27
5.5.3 Deliverables . 27
5.5.4 Main tasks . 27
5.5.5 Skills . 28
5.5.6 Knowledge . 30
5.5.7 Area of application of KPIs . 32
5.6 Data protection auditor professional profile . 32
5.6.1 Short description . 32
5.6.2 Mission. 32
5.6.3 Deliverables . 32
5.6.4 Main tasks . 33
5.6.5 Skills . 33
5.6.6 Knowledge . 34
5.6.7 Area of application of KPIs . 36
6 Elements for the evaluation and validation of learning outcomes . 36
6.1 General . 36
6.2 Assessment methods of knowledge and specific experiences of the professional
operating in the field of processing and protection of personal data . 36
6.3 Evaluation and validation of results . 37
6.4 Qualification . 37
6.5 Requirements for permanent professional update . 37
Annex A (informative) Index of skills and knowledge . 38
Annex B (normative) Requirements for professional profiles access . 51
Bibliography . 53

FprEN 17740:2023 (E)
European foreword
This document (EN 17740:2023) has been prepared by Technical Committee CEN/CLC/JTC 13
“Cybersecurity and Data protection”, the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by April 2024, and conflicting national standards shall be
withdrawn at the latest by April 2024.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN website.
According to the CEN-CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia,
Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland,
Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North
Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the United
Kingdom.
Introduction
The definition of requirements for professional profiles in the field of processing and protection of
personal data are necessary to establish the fundamental set of knowledges, skills and competences that
distinguish such profiles.
The standard applies to the professional profiles in the identified area, regardless of the working methods
and type of employment relationship. Tasks and activities related to the profession are described on the
basis of all functions actually performed by professionals working in the field of processing and
protection of personal data in different work contexts. These functions are varied and concern technical,
administrative, cultural, scientific and legal aspects.
This document adopts the reference European framework for the definition of competences and related
skills: EN 16234-1. For related ICT-oriented profiles, such as for example the system administrator,
please refer to CEN CWA 16458-1.
The profiles specified in this document are not intended to be exhaustive and are applicable reg
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.