Does the DPO need to take a DPO training course and have a certificate proving it?
According to Article 37(5) of the GDPR, DPO shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39 of the GDPR. The Article 29 Working Party in its Guidelines on the DPOs indicates that the required level of expertise is not explicitly stated anywhere, but must be commensurate with the nature, complexity and volume of data processed within the entity.
The General Data Protection Regulation strongly emphasises the requirement for the knowledge and expertise of the DPO, but it does not regulate the principles or procedure for verifying that this requirement is met. Nevertheless, certificates, diplomas and other documents certifying the knowledge and experience of a DPO will undoubtedly be an important qualification criterion in most cases and an argument in favour of the person designated by a given controller to perform this function.