# IIM CDPO Certification — Sir Sid's Plan

## Why This Matters
- **NDPC registration requires a named Data Protection Officer (DPO)**
- MediSeen handles patient health data = **sensitive personal data** under NDP Act 2023
- CDPO certification makes YOU the DPO — no need to hire externally (saves ₦500K-₦2M/yr)
- Recognized by NDPC (IIM is the licensed National Certification Body)
- Also covers SortAm, Klas, and all other products handling personal data

## Certification Overview
- **Exam:** 150 questions, 150 minutes, 70% pass (105/150)
- **Format:** Remote proctored (take from anywhere)
- **Domains:**
  1. Legal & Regulatory Frameworks — 30% (NDP Act, GDPR, Malabo Convention)
  2. Data Protection Principles & Compliance — 25%
  3. Risk Management & DPIA — 20%
  4. Incident Response & Data Breaches — 15%
  5. Governance, Policies & Ethics — 10%

## Prerequisites (Meet ONE)
- [x] 2+ years in compliance/information security — ✅ (you're building NDPA-compliant systems)
- [ ] IIM-accredited DPO training — alternative route
- [ ] Relevant professional certification — alternative route

## Action Steps

### Step 1: Register (This Week)
- [ ] Email certification@iim-africa.org for registration details and exam fee
- [ ] Complete application statement + confidentiality agreements
- [ ] Pay certification fee

### Step 2: Study (2-4 Weeks)
**Core Study Materials:**
- [ ] Nigeria Data Protection Act (NDP Act) 2023 — full text
- [ ] NDPC Training Manual for DPOs
- [ ] Malabo Convention + Convention 108+
- [ ] GDPR key principles (crossover knowledge)
- [ ] ISO/IEC 27701 overview

**Study Strategy (domain-weighted):**
| Domain | Weight | Hours | Priority |
|--------|--------|-------|----------|
| Legal & Regulatory | 30% | 12-15h | 🔴 Highest |
| Data Protection Principles | 25% | 10-12h | 🔴 High |
| Risk Management & DPIA | 20% | 8-10h | 🟡 Medium |
| Incident Response | 15% | 6-8h | 🟡 Medium |
| Governance & Ethics | 10% | 4-5h | 🟢 Lower |
| **Total** | **100%** | **~45h** | |

**Realistic Schedule:** 2h/day × 4 weeks = 56h (plenty of buffer)

### Step 3: Exam
- [ ] Schedule via IIM portal or helpdesk
- [ ] Remote proctored — quiet room, valid ID, 30 min early
- [ ] Pass ≥ 70%

### Step 4: After Certification
- [ ] Register on NDPC as Data Controller (MediSeen)
- [ ] Name yourself as DPO in NDPC submission
- [ ] Add CDPO badge to company profile + website
- [ ] Annual CPD maintenance (IIM members get discount)

## What I (Oga Agba) Can Do to Help
- Download and summarize the NDP Act 2023 for you
- Create flashcards / quiz questions per domain
- Draft MediSeen's DPIA (counts as real-world prep)
- Draft Privacy Policy + Data Processing Agreement (needed for NDPC anyway)
- Set up study reminders via heartbeat

## Timeline
| Milestone | Target Date |
|-----------|-------------|
| Email IIM for registration | March 3-4 |
| Receive fee info + register | March 7 |
| Study begins | March 10 |
| Complete all domains | April 4 |
| Practice exams | April 5-7 |
| **Take CDPO Exam** | **April 8-10** |
| NDPC Registration (with CDPO) | April 15 |

## Cost Estimate
- Exam fee: TBD (email IIM) — likely ₦150K-₦300K based on similar Nigerian certifications
- Training (optional): varies by ATO
- Annual CPD maintenance: TBD
- **ROI:** Saves hiring external DPO (₦500K-₦2M/yr) + mandatory for NDPC registration