Use this quick start guide to collect all the information about IAPP CIPP-E Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the IAPP Certified Information Privacy Professional/Europe (CIPP-E) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual IAPP Certified Information Privacy Professional/Europe (CIPP-E) certification exam.
The IAPP CIPP-E certification is mainly targeted to those candidates who want to build their career in Privacy Laws and regulations domain. The IAPP Certified Information Privacy Professional/Europe (CIPP-E) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of IAPP Information Privacy Professional/Europe.
IAPP CIPP-E Exam Summary:
| Exam Name | IAPP Certified Information Privacy Professional/Europe (CIPP-E) |
| Exam Code | CIPP-E |
| Exam Price | $550 (USD) |
| Duration | 150 mins |
| Number of Questions | 90 |
| Passing Score | 300 / 500 |
| Books / Training | European Data Protection (CIPP-E) |
| Schedule Exam | Pearson VUE |
| Sample Questions | IAPP CIPP-E Sample Questions |
| Practice Exam | IAPP CIPP-E Certification Practice Exam |
IAPP Information Privacy Professional/Europe Exam Syllabus Topics:
| Topic | Details |
|---|---|
Introduction to European Data Protection |
|
| Understand the origins and historical context of European data protection laws |
- Know the historical rationale for data protection. - Know relevant human rights laws and early data protection laws and regulations such as the OECD Guidelines, the Treaty of Lisbon, and Convention 108, and understand the ways in which some of these laws have been updated (e.g., Convention 108+). - Understand how the need for a harmonized European approach to data protection developed, and know the challenges involved in implementing this approach (e.g., Brexit). |
| Understand the roles and functions of significant European Union institutions | - Know the roles and functions of the European Union institutions such as the Council of Europe, the European Court of Human Rights, European Parliament, the European Commission, the European Council and the Court of Justice of the European Union. |
| Understand the legislative framework underpinning the principles of European data protection |
- Understand early pieces of data protection legislation, such as the Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data of 1981 (the CoE Convention), the EU Data Protection Directive (95/46/EC), the EU Directive on Privacy and Electronic Communications (2002/58/EC) (ePrivacy Directive) — as amended, and the EU Directive on Electronic Commerce (2000/31/EC). - Understand the main principles and goals of significant data protection legislation, such as the General Data Protection Regulation (GDPR) (EU) 2016/679 and related legislation, the NIS/NIS 2 Directives, and the EU Artificial Intelligence Act. |
European Data Protection Law and Regulation |
|
| Understand basic GDPR data protection concepts |
- Know the concepts of personal data, sensitive personal data, and special categories of personal data. - Understand the concepts of pseudonymous and anonymous data and the differences between them. - Know the key principles of lawful processing. - Know the concepts of controller and processor, and understand European Data Protection Board guidelines and opinions on the subject. - Understand the concept of data subject. |
| Understand the requirements involved in maintaining the security of personal data |
- Understand what appropriate technical and organizational measures are (e.g., protection mechanisms such as encryption and access controls) and how they should be defined. - Know what is required for breach notification (e.g., risk reporting requirements), and understand EDPB guidelines and opinions on the subject. - Understand the principles of effective and responsible vendor management. - Know the key principles and requirements of sharing personal data with third parties. |
| Understand data subjects’ rights |
- Understand the right of access, including EDPB guidelines and opinions on the subject. - Understand the right of rectification. - Understand the right of erasure/the right to be forgotten (RTBF), including EDPB guidelines and opinions on the subject. - Understand the rights of restriction and objection. - Understand the concept of consent, including the right of withdrawal. - Understand the rights related to automated decision-making, including profiling. - Understand the right of data portability. - Know the restrictions on data subjects’ rights and understand the principles regarding them set forth by EDPB guidelines. |
European Data Processing |
|
| Understand the principles of European data processing | - Understand the data processing concepts of fairness and lawfulness, purpose limitation, proportionality, accuracy, storage limitation (retention), and integrity and confidentiality. |
| Know what constitutes a lawful processing basis |
- Understand lawful processing bases (consent, contractual necessity, legal obligation/vital interests/public interest and legitimate interest), including European Data Protection Board guidelines and opinions on the subject. - Understand processing of special categories of personal data. |
| Understand information provision obligations |
- Understand the transparency principle. - Know the key components of privacy notices. - Understand the purpose of layered privacy notices. |
| Understand the principles of, and the risks involved in, international data transfers |
- Understand the rationale for prohibiting transfers, including EDPB guidelines and opinions on the subject. - Know the concept of adequate jurisdiction. - Understand the historical importance of Safe Harbor and Privacy Shield (including the implications of the Schrems decisions regarding them) and know the basics of the EU-US Data Privacy Framework. - Understand the content, purpose and use of Standard Contractual Clauses and Binding Corporate Rules (BCRs). - Understand the role of codes of conduct and certifications, including EDPB guidelines and opinions on the subject. - Understand the rationale for, and role of, derogations, including EDPB guidelines and opinions on the subject. - Understand the goal of transfer impact assessments (TIAs), including EDPB guidelines and opinions on the subject. |
European Data Protection: Scope and Accountability |
|
| Understand issues related to the territorial and material scope of the GDPR |
- Understand what constitutes establishment and non-establishment in the EU, including European Data Protection Board guidelines and opinions on the subject. - Understand the GDPR’s scope of processing, as well as the exemptions it allows. |
| Understand the various accountability requirements under the GDPR |
- Understand the accountability requirements of controllers, joint controllers and processors, including those related to data protection by design and by default. - Understand the importance of documentation and cooperation with regulators. - Understand the role of data protection impact assessments (DPIAs) and know the established criteria for conducting them. - Understand the requirement for mandatory data protection officers. - Understand the role that auditing plays in privacy programs. |
| Understand the European data protection supervision and enforcement structure |
Understand the roles and powers of the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS). Understand the roles and powers of other supervisory authorities. Understand the concept of lead supervisory authority, including EDPB guidelines and opinions on the subject. |
| Understand the consequences for GDPR violations |
- Know the procedures related to GDPR violations, and the fines that may be imposed as a result of infringements. - Understand the conditions under which class actions involving GDPR violations may be filed. - Understand the types and amounts of compensation due to data subjects stemming from GDPR violations. |
Compliance with European Data Protection Law and Regulation |
|
| Understand how to comply with European data protection laws and regulations in the workplace, specifically as they relate to employment relationships |
- Know the legal basis for processing employee data, the issues related to the storage of personnel records and the risks involved in handling employee data. - Understand the role of, and the risks involved in, workplace monitoring and data loss prevention. - Understand the pros and cons of bring your own device (BYOD) programs. - Understand the role of EU Works Councils and whistleblowing systems. |
| Understand how to comply with European data protection laws and regulations related to surveillance activities |
- Understand the compliance issues related to surveillance conducted by public authorities. - Understand the laws regarding the interception of communications. - Understand the compliance issues related to technologies such as closed-circuit television (CCTV), geolocation and biometrics/facial recognition, and know European Data Protection Board guidelines and opinions on the subject. |
| Understand how to comply with European data protection laws and regulations related to direct marketing |
Understand the compliance issues and requirements related to the processing of personal data for marketing activities. Understand the compliance issues related to online behavioral targeting, including EDPB guidelines and opinions on the subject. |
| Understand how to comply with European data protection laws and regulations related to internet technology and communications |
- Understand the compliance issues related to cloud computing. - Understand the compliance issues related to the use of web cookies. - Understand the compliance issues related to social media platforms (e.g., the use of dark patterns), and know EDPB guidelines and opinions on the subject. - Understand the compliance issues related to search engine marketing (SEM). - Understand the compliance issues and ethical issues related to artificial intelligence (AI), including machine learning. |
To ensure success in IAPP Information Privacy Professional/Europe certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for IAPP Certified Information Privacy Professional/Europe (CIPP-E) exam.