Launch offeryour first badge for €5 with code
Plume
← All skills
GDPR
Cybersecurity & GDPR

GDPR

Legal bases, register, DPIA, rights, DPO, processors, transfers, CNIL.

15 minutes€19.99

Before starting, we run a 1-minute tech check — microphone, ambient noise, connection. If your setup isn't good enough, the test is fully refunded.

How does it work? →

About the GDPR badge

Prove you actually know GDPR — legal bases, DPIAs, international transfers, data subject rights — in a 15-minute AI-led oral exam that separates real expertise from box-ticking.

The Plume GDPR badge tests your hands-on command of the General Data Protection Regulation through a 15-minute oral exam conducted by an AI examiner (OpenAI Realtime). The exam spans the full operational scope: choosing the right legal basis (legitimate interest vs. consent vs. contract performance), building and maintaining an Article 30 Record of Processing Activities, conducting a Data Protection Impact Assessment (DPIA), handling data subject rights requests within legal deadlines, managing processor relationships under Article 28, and navigating international data transfers from the invalidation of the Privacy Shield through to the EU-US Data Privacy Framework. A second AI model (Claude Opus) then reads the full transcript and produces a score from 0 to 100 with a level: Novice, Proficient, Advanced, or Expert.

Unlike a multiple-choice certification, the Plume oral forces you to reason out loud through real situations: arbitrating between operational constraints and a one-month erasure deadline, embedding privacy by design into a product sprint, or deciding whether a DPIA is actually required for a new profiling feature. The AI picks up the difference between someone who can quote Article 35 and someone who has actually run a DPIA end-to-end using the CNIL PIA tool or ISO 29134. Your detailed report — delivered within minutes — highlights exactly where you excel and where your reasoning has gaps, backed by quotes from your own answers.

This badge is built for DPOs, data protection lawyers, compliance officers, CISOs working on GDPR-adjacent projects, data protection consultants, and product managers overseeing high-risk processing activities. Whether you're preparing for a job interview, validating expertise you've built over years, or getting an honest benchmark before a promotion, the Plume GDPR badge gives you a concrete, shareable, AI-verified proof of your skills.

What this badge evaluates

Here are the concrete dimensions the AI examines during the 15-minute oral.

How this badge is scored

Final scoring is performed by Claude (Anthropic), which reads back the full transcript and applies this weighted criteria grid.

How the oral exam unfolds

A Plume session takes about 20 minutes, from tech check to badge delivery.

  1. Step 1

    Tech check (1 min)

    Before the exam starts, Plume verifies your microphone and connection quality. The entire exam is voice-only — no forms, no multiple-choice. Find a quiet room with a decent headset or microphone before you begin.

  2. Step 2

    Context-setting warm-up (2 min)

    The AI examiner asks you to introduce yourself and describe your GDPR context: the type of organisation you work in, the scope of your responsibilities, and roughly how many processing activities you oversee. This calibrates the depth of the follow-up questions to your actual profile.

  3. Step 3

    In-depth probing (10-12 min)

    The core of the exam: the AI works through 4 to 6 questions covering legal bases, DPIAs, the RoPA, data subject rights, international transfers and processor management. It follows your answers with targeted follow-ups — if you mention the 2021 SCCs, it drills into Transfer Impact Assessments; if you bring up a DPIA, it asks about your methodology and remediation output. Everything is transcribed in real time.

  4. Step 4

    Critical perspective question (2 min)

    The AI asks one higher-order question: situations where GDPR compliance conflicts with user experience, cases where a DPIA adds little real value, or when a DPO designation creates more friction than protection. This assesses your critical maturity — not just whether you know the rules but whether you can think around them.

  5. Step 5

    Score and badge delivery (under 5 min after the exam)

    Claude Opus analyses the full transcript and generates your score (0-100), your level (Novice to Expert), a theme-by-theme report with excerpts from your own answers, and a shareable public link to your badge. Everything arrives by email within a few minutes of finishing.

The 4 proficiency levels

Your score out of 100 translates into a level a recruiter can grasp at a glance.

Novice

Score 0-39

You know the GDPR exists and can name its core principles — lawfulness, purpose limitation, data minimisation — but you struggle to apply them without guidance. You tend to conflate consent and legitimate interest, and you haven't yet led a DPIA or built an Article 30 RoPA from scratch.

Proficient

Score 40-59

You handle routine data subject rights requests, contribute to RoPA updates and know when a DPIA is required. You work under the supervision of a senior DPO or data protection lawyer and need help on edge cases: sub-processor mapping, complex transfers, or breach notifications with a cross-border element.

Advanced

Score 60-79

You run GDPR compliance independently: you conduct end-to-end DPIAs, negotiate Article 28 clauses with processors, train internal teams, and coordinate breach response. You're fluent in the 2021 SCCs and the Data Privacy Framework and act as the primary contact for your supervisory authority.

Expert

Score 80-100

You anticipate regulatory shifts — Data Act, ePrivacy Regulation, EDPB guidelines — and integrate them into organisational strategy before they become obligations. You design multi-entity or multi-jurisdiction compliance programmes, advise senior leadership on legal and reputational risk, and develop training curricula for other data protection professionals.

Who this badge is for

No degree or years of experience required to take the badge. Here are the profiles it makes the most sense for.

Concrete use cases

Where and how your GDPR badge will help you day to day.

Prerequisites

A few minutes to check you have everything you need.

What you take away

At the end of your session you don't just get a score — here's everything that awaits you.

Frequently asked questions about the GDPR badge

The exam is calibrated on the GDPR as currently applied, including recent regulatory developments: the EU-US Data Privacy Framework (adequacy decision, July 2023), the Data Act, the latest EDPB guidelines on consent, cookie banners and international transfers, and notable enforcement decisions from EU supervisory authorities. If your knowledge is current through 2024-2025, you're in scope.

Other Cybersecurity & GDPR badges

Discover related skills you can validate with Plume.

Ready to take the GDPR badge?

A 15-min oral exam with an AI, a shareable badge for your recruiters.

Choose this badge · €19.99