Certification of persons in the field of personal data protection
On 2 July 2026, a meeting was held at the Personal Data Protection Office headquarters with representatives of associations of data protection practitioners. During the meeting the plans were presented to launch a certification pilot for data protection specialists by NASK (Scientific and Academic Computer Network - National Research Institute). The programme will target a wide range of data protection professionals: data protection and compliance officers, controller’s agents. In the future also data protection officers will have a dedicated certification profile.
The certification scheme that will launch a certification profile for data protection specialists will constitute a certification of persons in accordance with PN-EN ISO/IEC 17024 Conformity assessment — General requirements for bodies operating certification of persons. The certification will attest the knowledge of individuals on appropriate technical and organisational measures to ensure information security and basic data protection requirements. The program does not constitute certification within the scope of Art. 42 GDPR.
During the meeting, representatives of the largest associations of data protection officers and practitioners: SABI, ZFODO, IAPP KnowledgeNet Chapter and the Social Team of Experts to the President of the Personal Data Protection Office took note of the proposal for a certification profile for data protection specialists. The opinions expressed in connection with the NASK and the Personal Data Protection Office proposal will be an inspiration to improve the solutions in the proposed certification profile.
The Office for Personal Data Protection continues its certification activities in the field of personal data protection. Initiatives working on solutions supporting compliance with the GDPR in organizations translate into improving the security of personal data and facilitate exercising data subjects' rights. Therefore, the President of the Personal Data Protection Office is interested in the development of such initiatives, in the scope of certification provided for in Articles 42-43 of the GDPR.