DPO Objective -
DPO Objective -
Training: DPO Objective - GDPR
Preparing for CNIL DPO certification
35 hours - 100% e-learning - 12 months of access to the platform - €999 incl. tax*
*Payable in 3 installments of €333 (including tax) over 3 months (or €533 (including tax) if purchasing the training + certification package)
The "Objectif DPO" training course (35 hours) is designed to help participants master the 17 core competencies established by the CNIL in its certification framework for Data Protection Officers (Decision No. 2018-318 of September 20, 2018), and to ensure success on the DPO certification exam! 🚀 🚀 🚀
The program and teaching materials for this training course have been carefully developed based on the texts (GDPR, Data Protection Act), the doctrine of the CNIL and the EDPS, taking into account the certification reference framework and the structure of the certification test, as defined in the CNIL accreditation reference framework (deliberation no. 2018-317 of September 20, 2018).
Duration
35 hours
Difficulty level
🥚Beginner
🐣Beginner
🐥Intermediate
🐤Advanced
🐓 Expert
Would you like us to deliver this training in a synchronous format (online, in-person, or hybrid)?
Would you like a training program that is customized in terms of content or format?
-
![An icon of a speedometer showing 35, with a circular arrow around it.]()
35 hours of training
-
![Black-and-white play button]()
23.5 hours of video
-
![An outline of a human head with a speech bubble containing a list with checkmarks and an X.]()
460 quiz questions
-
![A white icon depicting documents with a magnifying glass on a black background.]()
6 case studies
-
![Icon of a test form with checkboxes and lines for answers.]()
A full practice exam
-
![Icon showing a hand holding a pen and checking boxes on a form.]()
Templates for processing records
-
![Graphs and charts of data displayed on screens and black-and-white sheets of paper, illustrating statistical analyses.]()
Impact analysis models
-
![An icon of a document with a pen signing it, representing a contract or a form.]()
Sample DPAs
-
![A download icon, depicted as a downward-pointing arrow inside a frame.]()
A wide variety of downloadable content
-
![A calendar icon showing the date 12]()
12 months of access to the e-learning platform!
100% pass rate on the certification exam!
Statistics as of December 22, 2025
On October 28, 2025, 100% of LégiSchool students who took the DPO certification exam after completing LégiSchool’s “Objectif DPO” training program—through our partnership with Apave Certification—passed the exam.
Qualiopi Satisfaction Indicators
Updated on October 28, 2025
(A) “Did this training actually help you achieve the goals you had set for yourself?”
4.6/5
(B) “In your opinion, was the training content well suited to your needs?”
4.4/5
(C) “In your opinion, was the training well-structured?”
4.4/5
(D) “How would you rate the teaching skills of the instructor(s)?”
4.4/5
Overall satisfaction score
86.8/100
Certification exam pass rate
100 %
Your instructor
Alexis Deroudille holds a doctorate in law, is a graduate of Sciences Po Paris, a member of the Paris Bar, and a certified DPO (IAPP) in accordance with the standards established by the CNIL. He has worked as a Data Protection Officer for many years, serving a diverse client base (including major tech companies, startups, associations, and small and medium-sized businesses), and also has extensive experience in teaching. Finally, he is the author of numerous in-depth articles on personal data protection law.
The educational objectives of the training program
Understand the key principles of personal data protection, identify the legal bases applicable to the processing of personal data, and the exceptions to the processing of special categories of personal data
Comply with transparency requirements, understand the rights of individuals whose personal data is being processed, and handle requests to exercise those rights
Understanding the legal requirements and contractual obligations related to subcontracting and international transfers
Understand the DPO’s responsibilities and duties: organize GDPR compliance audits, lead and train teams, and develop a compliance plan
Maintain a record of processing activities and a record of categories of processing activities, and fulfill the accountability requirement
Identify and address violations of personal data protection, and know when and how to report them to the supervisory authority and the individuals concerned
Assess the need for a data protection impact assessment (DPIA) and conduct it using the CNIL’s software
Understand the concepts of “privacy by design” and “privacy by default”
Understand how the CNIL operates (composition, powers, oversight), and manage relations with this supervisory authority
The target audience
This training program is designed to train data protection officers (DPOs) or prospective DPOs—whether or not they have been officially appointed—and to enable them to successfully pass the DPO competency certification exam, in accordance with the CNIL’s guidelines.
Terms and conditions and timeframes for access
Immediately after completing their online registration by paying the registration fee, learners gain immediate access to the e-learning platform. Access to the platform is granted for a period of twelve (12) months of 30 days each, totaling 360 days. This period begins on the date the learner’s access to the LégiSchool e-learning platform is created.
Career Opportunities
Upon completion of this training program and after obtaining certification, the participant will be qualified to serve as an internal data protection officer within a company or as an external consultant (for example, at a consulting firm).
Prerequisites
This course does not require any specific prior knowledge, but is open only to qualified candidates with at least two years of professional experience (such as a bachelor’s or master’s degree in law or computer science, or significant experience in these fields). If you have any questions about the prerequisites, please contact our academic advisor.
Assessment criteria
This training course includes numerous quizzes—36 quizzes, each consisting of 10 questions, spread throughout the e-learning program. At the end of the training sequence, the skills acquired by the learner during the course are also assessed through a mock certification exam, which prepares learners for the CNIL’s DPO certification.
Learn about the financing options!
Teaching materials — The LégiSchool method
This course, available through our e-learning platform, follows LégiSchool’s standard methodology. Each module is divided into several sections, and each section into several chapters. The chapter is therefore the basic unit (or “building block”) of the course.
Each chapter of a LégiSchool course will always consist of a short instructional video (averaging 10 minutes) accompanied by a course handout that summarizes in writing all the key points covered in the video. Our course materials are comprehensive and feature numerous diagrams, tables, and visuals to ensure maximum clarity.
Finally, learners are encouraged to communicate regularly with a qualified trainer by phone or email through our educational and technical support service.
Our educational and technical support
100% e-learning or distance learning does not mean self-study. LégiSchool will never leave its learners to fend for themselves! We provide comprehensive support—both educational and technical—for all our 100% e-learning, distance learning, and hybrid courses. This educational and technical support is always provided by the qualified instructor who designed the training program in which the learner is enrolled. Learners can thus contact the trainer at any time throughout their training program to receive prompt answers to all their educational or technical questions.
You can reach LégiSchool's educational advisor at:
by email 7 days a week, or
by phone during LégiSchool’s business hours (contact information below).
Accessibility
LégiSchool is committed to serving people with disabilities and has developed an Accessibility and Disability Charter for this purpose. All videos available as part of LégiSchool’s e-learning modules are captioned. In addition, additional accessibility features are available for people with disabilities—for example, audio recordings of quizzes and practice exams. To request these, please contact LégiSchool’s accessibility coordinator, whose contact information is provided below.
LégiSchool's Accessibility and Disability Coordinator
67 Saint Jacques Street
Phone: 01 43 26 58 10
Email: accessibilite[at]legischool.fr
Available certifications
The "Objectif DPO" training course (35 hours) prepares participants for:
the certification of the data protection officer’s competencies, in accordance with the standards established by the National Commission on Information Technology and Civil Liberties;
The prerequisites and requirements for this certification are detailed below.
The certification exam fee is not included if you choose the training course only (€999, including tax).
Compliance Commitment
In accordance with its Terms and Conditions of Sale and Use (T&C), LégiSchool strictly guarantees that the curriculum and content of its certification courses will fully comply with the requirements of the certification standards in effect at the time the learner takes the certification exam.
Thus, in the event of any change or modification made by any competent authority to the content of certification standards—including changes to the content and requirements of such standards that occur during the course of a certification training program— LégiSchool undertakes to make, in a timely manner, any necessary modifications to its training program and its educational content, in order to bring them into line with the new standards applicable at the time the learner takes the certification exam, as reflected in the latest modifications made by the competent authority.
The DPO (35) Package + Certification through our partner Apave Certification
If you choose the Objectif DPO+Data Protection Officer Skills Certification Package (€1,599 including tax), you will have access to the full Objectif DPO e-learning course (35 hours), in addition to the right to take the DPO skills certification exam based on the CNIL framework, through our partner Apave Certification —provided that you verify that you meet the requirements set forth by the CNIL framework to take this exam (see below). It is your responsibility to ensure that you meet the requirements to take this exam before purchasing the package.
The price of the package (€1,599, including tax), which you pay to LégiSchool, entitles you to take your first certification exam in person or remotely. You can register with Apave Certification in just a few clicks via our e-learning platform: just follow the instructions!
CNIL Certification of Data Protection Officer (DPO) Competencies
The DPO certification exam is open to any professional with at least two years of professional experience and 35 hours of training in the field of personal data protection. It is administered byone of the certification bodies accredited by the CNIL.
The exam consists of a quiz with at least 100 questions, which may be single-choice and/or multiple-choice. To pass the test, you must answer at least 75 questions correctly in total, as well as achieve a score of at least 50% in each of the three subject areas. For each subject area, 30% of the questions are presented as case studies.
The fees for taking and registering for this certification exam are not included in the course price. LégiScool does not handle your registration or your participation in this certification exam. It is therefore your responsibility to contact one of the certification bodies approved by the CNIL to schedule your exam.
The exam guidelines do not provide for accommodations for individuals with disabilities. There are no nationality or residency requirements for registering for the certification exam.
The exam consists of a quiz with at least 100 questions, which may be single-choice and/or multiple-choice. To pass the test, you must answer at least 75 questions correctly in total, as well as achieve a score of at least 50% in each of the three subject areas:
📕 Area 1. – General data protection regulations and measures taken to ensure compliance (50% of the questions, or 50 questions)
⚖️ Area 2. – Liability (30% of the questions, or 30 questions)
💻 Area 3. – Technical and organizational measures for data security in light of the risks (20% of the questions, or 20 questions)
For each subject area, 30% of the questions are presented as case studies
The detailed training program
📕 Module 1 - The Fundamentals of Personal Data Protection Regulations
-
1.1.1. Historical Background
1.1.2. Definitions – Fundamental Concepts: Data, Personal Data, Processing, File, Data Subjects
📝 Quiz #1
1.1.3. Material scope of the GDPR and the French Data Protection Act
1.1.4. Geographical scope of the GDPR – Establishment criterion
1.1.5. Geographical scope of the GDPR – Targeting criterion – Other criteria
📝 Quiz #2
1.1.6. GDPR Stakeholders: Identifying the Stakeholders Involved – Functional, Autonomous, and Relative Nature of the Concepts
1.1.7. GDPR Stakeholders: Data Controller and Data Processor
1.2.8. GDPR Stakeholders: Complex Structures and Joint Liability
📝 Quiz #3 -
1.2.1. Lawfulness (Rule 1), Fairness, and Transparency (Rule 2)
1.2.2. Purpose Limitation (Rule 3)
📝 Quiz #4
1.2.3. Data minimization and accuracy (Rule #4)
1.2.4. Limitation of data retention periods and data lifecycle
(Rule #5)
1.2.5. Security obligations (Rule #6)
📝 Quiz #5
1.2.6. Protection of special categories of personal data (Rule #7)
1.2.7. Rights of data subjects (Rule #8)
📝 Quiz #6 -
1.3.1. The CNIL: Status and Powers
1.3.2. CNIL Inspections - Conditions for Initiating an Inspection
📝 Quiz #7
1.3.3. CNIL Inspections - Procedures and Investigative Powers
1.3.4. CNIL Inspections – Consequences of an Inspection and Sanction Procedures
📝 Quiz #8
1.3.5. The European Data Protection Board (EDPB) and cross-border processing
1.3.6. Judicial remedies and the right to compensation
1.3.7. The role of national courts and the Court of Justice of the European Union (CJEU)
📝 Quiz #9 -
1.4.1. The DPO’s Responsibilities – Advising and Informing – Role in Conducting Impact Assessments and Audits
1.4.2. The DPO’s Responsibilities – Independently and Impartially Monitoring Compliance with the GDPR
1.4.3. Serving as a Point of Contact – Data Subjects and Supervisory Authorities – Requests to Exercise Rights
1.4.4. The DPO’s duties – Documenting compliance
📝 Quiz #10
1.4.5. External DPO, internal DPO, and pooling of resources
1.4.6. Appointment of the DPO and termination of duties
📝 Quiz #11
1.4.7. The DPO’s functions – Safeguards: Independence, resources, accountability
1.4.8. The DPO’s duties – Obligations: Professional secrecy, absence of conflicts of interest
1.4.9. The DPO’s professional and personal qualities: Legal and technical skills – critical thinking, curiosity, teamwork
📝 Quiz #12
📕 Module 2 - Implementing Regulatory Requirements
-
2.1.1. Introduction: Legal Foundations, Special Categories of Data, and CNIL Guidelines
2.1.2. The Specifics of Consent – A Free, Specific, Informed, and Unambiguous Expression of Will
2.1.3. Specifics of consent – Demonstration and withdrawal
📝 Quiz #13
2.1.4. Specifics of consent – Consent of minors
2.1.5. Specifics of consent – Explicit consent
📝 Quiz #14
2.1.6. Use cases for consent: Trackers, electronic marketing, geolocation, credit card data
2.1.7. The performance of a contract to which the data subject is a party, or the fulfillment of pre-contractual measures at their request
2.1.8. Compliance with a legal obligation of the data controller
📝 Quiz #15
2.1.9. Protection of the vital interests of the data subject or a third party
2.1.10. Performance of a task carried out in the public interest by the data controller
2.1.11. Legitimate interests of the data controller or a third party
📝 Quiz No. 16 -
2.2.1. General rules regarding the exercise of data subjects’ rights
2.2.2. The data controller’s obligations regarding transparency and information
🔍 Case Study No. 1: PrivacyPolicy of a Website Selling Online Subscriptions
📝 Quiz No. 17
2.2.3. The right of access
2.2.4. The right to rectification
2.2.5. The right to erasure or “right to be forgotten”
2.2.6. The right to object
2.2.7. The right to restriction of processing
📝 Quiz #18
2.2.8. The right to data portability
2.2.9. The right not to be subject to a fully automated decision
2.2.10. Limitations on the exercise of rights specific to French domestic law
2.2.11. The right to determine the fate of personal data after death
📝 Quiz No. 19 -
2.3.1. The Relationship Between the Data Controller and the Data Processor – Selecting a Data Processor and Signing a DPA
🔍 Case Study No. 2: DPA Offered by a SaaS Recruitment Software Provider to Its Clients
2.3.2. Formalizing relationships between a processor and a subprocessor
🔍 Bonus: Analysis of the Commission’s standard contractual clauses – Relationship between a data controller and a processor
📝 Quiz No. 20
2.3.3. Relationships between non-joint data controllers and the signing of a CtoC Agreement
2.3.4. Relationships between joint data controllers and the signing of a “Joint Controller Agreement” (JCA)
2.3.5. Codes of conduct
2.3.6. Certification
📝 Quiz No. 21
2.3.7. International transfers – Concept – Mapping obligation
2.3.8. International Transfers – Adequacy Decisions – The Schrems II Ruling and the Data Privacy Framework
📝 Quiz #22
2.3.9. International Transfers – “Appropriate Safeguards”: BCRs, Standard Contractual Clauses, etc.
🔍 Bonus: Analysis of the Commission’s standard contractual clauses for the transfer of personal data
2.3.10. International transfers – Data transfer impact assessment (DTIA)
2.3.11. Transfers – Derogatory grounds
📝 Quiz No. 23
⚖️ Module 3 - Accountability
-
3.1.1. The principle of accountability
3.1.2. The responsibility of the data controller
3.1.3. The responsibility of the data processor
3.1.4. The responsibility of the DPO
3.1.5. Privacy by design – Historical overview
3.1.6. Privacy by Design – Definition
📝 Quiz #24
3.1.7. Privacy by Default
3.1.8. Privacy by Design and by Default - Examples of Implementing the Principles
3.1.9. Privacy by Design and by Default - Free-form Input Fields
📝 Quiz #25 -
3.2.1. An illustration of the principle of accountability
3.2.2. Identifying personal data processing and mapping it
3.2.3. The two types of records - Common characteristics
3.2.4. Structure of the controller’s record
3.2.5. Example of a data controller’s record
🔍 Case Study No. 3: Template for a record of processing activities – Human resources management activities
3.2.6. Structure of the data processor’s record
3.2.7. Example of a data processor’s record
3.2.8. Maintaining and updating the register
3.2.9. The enhanced register - A compliance management tool
🔍 Bonus: Analysis of a processing activities table for a company operating in the behavioral advertising market
3.2.10. Notification to the CNIL and other forms of disclosure
📝 Quiz #26 -
3.3.1. What is a Privacy Impact Assessment (PIA)
3.3.2. Under what circumstances is a PIA mandatory
3.3.3. The nine criteria for assessing the concept of high risk
3.3.4. Scope and timeframe of the PIA
3.3.5. The steps of the PIA – Context
3.3.6. The steps of the PIA – Fundamental principles
3.3.7. The steps of the PIA – Risks
3.3.8. The steps of the PIA – Validation
3.3.9. The role of the DPO in the impact assessment
3.3.10. Submission to the supervisory authority
🔍 Case Study No. 4: Impact Assessment of MédiaBunny – Medical-Social Software
📝 Quiz No. 27 -
3.4.1. What obligations apply to which breaches?
3.4.2. Maintaining a record of breaches
3.4.3. Notification to the supervisory authority
3.4.4. Notification to data subjects
3.4.5. Some examples of breaches
🔍 Case Study #5: Example of a breach record
📝 Quiz #28
💻 Module 4 - Technical and Organizational Measures for Data Security
-
4.1.1. The principles of confidentiality, integrity, availability, and resilience in the GDPR
4.1.2. ANSSI and IT security regulations
📝 Quiz #29 -
4.2.1. Training staff
4.2.2. Mapping information systems and networks
4.2.3. Authenticating users
📝 Quiz #30
4.2.4. Authenticating users - Authentication procedures and passwords
4.2.5. Securing workstations
4.2.6. Securing the network
📝 Quiz #31
4.2.7. Securing the network - Securing Wi-Fi
4.2.8. Securing the network - Securing a website
4.2.9. Securing Network Administration
📝 Quiz #32
4.2.10. Managing Mobile Work
4.2.11. Keeping the System Up to Date
4.2.12. Monitoring, Auditing, and Responding
🔍 Case Study #6: Example of an IT Security Policy
📝 Quiz #33 -
4.3.1. Symmetric and asymmetric encryption algorithms
4.3.2. TLS-HTTPS and IPsec protocols
📝 Quiz #34
4.3.3. Hash functions and password security
4.3.4. Irreversible anonymization techniques
4.3.5. Pseudonymization techniques
📝 Quiz #35 -
4.4.1. Disaster recovery plans or business continuity plans
4.4.2. Backup procedures: full, incremental, and differential backups
📝 Quiz #36
📕⚖️💻 Module 5 - Practice Exam (100 questions - 3 hours)
This training course already includes the following modules
If you have already purchased one of these modules, you are entitled to a discount equal to the purchase price of that module on this course, in accordance with Section 8.2 of LégiSchool’s Terms and Conditions.
-
![Cover of a book or document titled "The Legal Implications of the GDPR," featuring a blue background and white geometric shapes.]()
The legal challenges of the GDPR
5 hours - 100% E-learning
Perfect your legal knowledge of the GDPR: civil and criminal liability, administrative penalties, contractual obligations, international transfers, etc.
-
![A geometric diagram composed of triangles of various sizes and in shades of blue, gray, and white, with the phrase "7 Safety" written diagonally across each section.]()
The Basics of IT Security - 5 hours
5 hours - 100% E-learning
5 hours to understand the fundamentals of information system security: authentication procedures, encryption algorithms, logging, etc.
-
![A blue image with the word ">Awareness" written in the top left corner, accompanied by three geometric shapes in shades of gray and white.]()
Awareness of information system security
1 hour - 100% E-learning
Mastering IT hygiene is now an essential prerequisite for organizational security: train your teams in best practices with a 60-minute e-learning course!
-
![]()
The fundamentals of the GDPR
5 hours - 100% E-learning
Train yourself and your teams in the fundamental principles of the General Data Protection Regulation (GDPR).
-
![Book cover titled "360 Questions" featuring an illustration of three stylized arrows pointing in different directions against a blue background.]()
DPO Certification - 360 quiz questions to prepare for the exam!
5 hours - 100% E-learning
Prepare for the DPO certification exam with confidence using our quiz questions (multiple choice and single choice), organized by topic and covering the entire program.
-
![The word "Blanc" written several times with highlights and gradient letters, on a blue background at the top and a white background at the bottom.]()
DPO mock exam - 100% free!
3 hours - 100% E-learning
Test your knowledge as a data protection officer and prepare for your certification exam with our 100% free mock exam!
-
![]()
Free demo
30 minutes - 100% online learning
Take advantage of our free demo, taken from the Objectif DPO training course, to familiarize yourself with the LégiSchool method and our e-learning platform! All you have to do is sign up!
Last updated on December 22, 2025