About the certification

Privacy by Design (PbD) is the practice of embedding data privacy and security when developing a product or process, right from the start. It is a framework based on proactively embedding privacy into the design and operation of IT systems, networked infrastructure, and business practices. The Foundational Principles of Privacy by Design can be used to proactively embedding privacy into the design of information technologies and business practices to gain a competitive advantage. Using the Principles of Privacy by Design provides privacy and information security professionals with a tool to effectively address the privacy risks that are created by emerging technologies.
The Privacy by Design (PbD) Foundation is a certification intended for Privacy Professionals seeking to validate their knowledge of Privacy by Design.

The exam includes topics such as Definition of Privacy, Privacy Terminology, The Importance of Consent, Dimensions of Privacy, Fair Information Practice Principles, Privacy Categories, Privacy Risks, Privacy Risks From Emerging Technologies, Origin of Privacy by Design, The 7 Foundational Principles of Privacy by Design, Operationalizing Privacy by Design, and Privacy Impact Assessment (PIA).

The Privacy by Design Foundation certification exam is an online, closed-book, and remotely-proctored exam. It includes 40 multiple-choice questions and the passing score is 70%. You will have 60 minutes to complete the exam. Validate your knowledge of Privacy by Design and advance your career. Register for your online proctored exam now!

Privacy by Design (PbD) Foundation

Exam details

Exam code


Launch date

January 31, 2023

Exam description

The Privacy by Design (PbD) Foundation exam tests the candidate knowledge in Privacy by Design.

Current version


Exam format

Multiple choice and True/False; closed book; online proctored exam

Number of questions

40 questions

Passing score

70% (28 out of 40)

Exam duration

60 minutes





Exam description

Definition of Privacy, Privacy Terminology (Personally Identifiable Information, Sensitive Personal Information, Data Subject, Data Controller, Data Processor, De-identified Information, Purpose Limitation, Data Minimization, Secondary Use, Retention, Collection, Use Limitation, Limiting Disclosure, Data Breach, and Privacy Policy), The Importance of Consent, Dimensions of Privacy, Fair Information Practice Principles (Collection Limitation, Data Quality, Purpose Specification, Use Limitation, Security Safeguards, Openness, Individual Participation, and Accountability), Privacy Categories (Privacy of the person, Privacy of behavior and action, Privacy of communication, Privacy of data and image, Privacy of thoughts and feelings, Privacy of location and space, and Privacy of association), Privacy Risks, Privacy Risks From Emerging Technologies (Internet of Things, Big Data Analytics, Social Media, Artificial Intelligence, and Tracking and Surveillance technologies) Origin of Privacy by Design, The 7 Foundational Principles of Privacy by Design (Proactive not Reactive, Privacy as the Default Setting, Privacy Embedded into Design, Full Functionality, End-to-End Security, Visibility and Transparency, and Respect for User Privacy), Operationalizing Privacy by Design, Privacy Impact Assessment (PIA).


16 hours

Bloom's Taxonomy

Level 1 (Remembering), Level 2 (Understanding) and Level 3 (Applying)

Recommended reading

• Privacy by Design: The 7 Foundational Principles
• Privacy by Design - The 7 Foundational Principles - Implementation and Mapping of Fair Information Practices
• OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
• Guidelines 4/2019 on Article 25 Data Protection by Design and by Default ('the Guidelines')


There are no prerequisites for this certification

Recommended experience

Six months of work experience in Privacy and Data Protection

Validity period


Exam Content Outline

   Domains Weight

1. Privacy Terminology


2. The Fair Information Practice Principles


3. Privacy Risks


4. The 7 Foundational Principles of Privacy by Design


5. Operationalizing Privacy by Design


6. Privacy Impact Assessment (PIA)




How to get certified


Browse our certification programs and choose your certification.


Discover the exam objectives and prepare for your exam.


Register for your online proctored exam.


Take your online proctored exam in the comfort of your home or office.


Congratulations! You are certified!

Stackable Certifications

Earn 5 certifications and receive an integrator certification (designation).

Information Security Management Foundation (ISO/IEC 27001)

Information Security Controls Foundation (ISO/IEC 27002)

Information Security Risk Management Foundation (ISO/IEC 27005)

IT Governance Foundation (ISO/IEC 38500)

 Certified Information Security Manager (CISM) v2

Frequently Asked Questions

  • How much does an ITCERTS certification exam cost?

    All exams are available for $150 USD each. Prices may vary slightly by region and currency exchange rates.

  • Are there any prerequisites to take the exams?

    There are no prerequisites to take the exams. ITCERTS recommends that candidates have at least six months of work experience in the area that the certification exam covers.

  • What is the exam retake policy?

    If a candidate does not achieve a passing score on the first attempt, there is no waiting period between the first and the second attempt. If a candidate does not achieve a passing score on the second attempt, the candidate must wait at least 7 days before retaking the exam for a third time. A candidate may not take a given exam any more than three times per year (12 months).

  • How do I register for an Online Proctored Exam?

    Visit the Online Proctored Exam registration page to find complete instructions.

  • Are there any mandatory training to take an exam?

    Training is recommended as part of your certification preparation, but it is not mandatory.

  • Which languages are the exams available in?

    Our exams are currently available in English and Portuguese.

  • Where can I take the exams?

    Exams are delivered online (Online Proctored Exams) and can be taken from anywhere in the world.

  • Do the ITCERTS certifications expire?

    ITCERTS certifications are considered good-for-life and do not expire.

  • How can a potential employer verify my certifications?

    Your employer can verify your certification on our certification verification page. Your certification number will be needed in order to process the verification.



Subscribe to our newsletter