| |

Annual IAPP exam updates, October 3rd 2022

Bypsgadmin Updated on

*** The latest round of exam changes has been announced for October 2023 and an updated version of this article on CIPP exam updates is now available***

This year, the annual IAPP exam updates go into effect on October 3rd and therefore, new Body of Knowledge documents are now available for all designations. We have recently watched a great video from the IAPP (Credentialing the Next Generation of Privacy Professionals) on the whole process behind the creation of the exams, how questions are written and updated and even how certified privacy professionals can become question writers! This is 30 mins long and well worth a watch, however, if you’re short on time you can read our summary of all the key points.

Contents hide
CIPP/E 2022 IAPP exam updates
CIPP/E Part II updates
CIPP/E Part III updates
CIPP/US 2022 IAPP exam updates
CIPP/US Part I updates
CIPP/US Part IV updates
CIPP/US Part V updates
Additional readings for new CIPP/US Body of Knowledge Topics
CIPT 2022 IAPP exam updates
CIPT Part I updates
CIPT Part II updates
CIPT Part IV updates
CIPT Part V updates
CIPT Part VI updates
CIPT Part VII updates
Additional readings for new CIPT Body of Knowledge Topics
Privacy exam study groups

The Body of Knowledge “is an outline of the information covered in the exam and represents the breadth of knowledge qualified candidates should possess on the topic.” The IAPP will update all of their exams (CIPP/E, CIPP/US, CIPT and CIPM) regularly so they can keep pace with the ever-changing privacy landscape. So, in this article, we will highlight the key differences between the previous and new versions of the CIPP/E, CIPP/US and CIPT Bodies of Knowledge (BoK). 

We did not cover the CIPM in this article as the new CIPM Body of Knowledge has substantial changes and should be read in detail. There are many new topics and sections have been re-worded to be more descriptive.

CIPP/E 2022 IAPP exam updates

The new CIPP/E Body of Knowledge takes effect from October 3rd 2022. This year, the biggest difference is that ten specific guidelines from the European Data Protection Board (EDPB) are listed as part of the Body of Knowledge. Candidates in our study group on Facebook regularly report that reading EDPB guidelines was helpful to them, but this is the first time we have seen them specifically identified as being covered in the exam.

The three domains on the CIPP/E Body of Knowledge are:  

  1. Introduction to European Data Protection
  2. European Data Protection Law and Regulation
  3. Compliance with European Data Protection Law and Regulation

There is one small change in Part I. Section A, Item 3 “Early Laws and Regulations” – now expanded to specifically mention:
a. OECD Guidelines and The Council of Europe
b. Convention 108

In Section B, The Council of Europe has been removed.

Parts II and III contain the most updates. The below EDPB guidelines have been added so we have linked them all here individually 

CIPP/E Part II updates

Section A “Data Protection Concepts”
Item 6 “Processor”
a. Guidelines 07/2020 on the concepts of controller and processor in the GDPR

Section B “Territorial and Material Scope of the General Data Protection Regulation”
Item 2 “Non-establishment in the EU”
a. Guidelines 3/2018 on the territorial scope of the GDPR

Section F “Data Subjects Rights”
Item 3 “Erasure and the right to be forgotten (RTBF)” 
a. Guidelines 5/2019 on the  criteria of the Right to be Forgotten in the search engines cases under the GDPR”
Item 8 “Restrictions”
a. Guideline 10/2020 on restrictions under Article 23 GDPR

Section I “International Data Transfers” 
Item 1 “Rationale for prohibition” 
a. Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR
Item 6 “Codes of Conduct and Certifications” 
a. Guidelines 04/2021 on codes of conduct as tools for transfers
Item 7 “Derogations” 
a. Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679
Item 8 “Transfer impact assessments (TIAs)” 
a. Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data

CIPP/E Part III updates

Section B “Surveillance Activities”
Item 3 “Closed-circuit television (CCTV)” 
a. Guidelines 3/2019 on processing of personal data through video devices

Section C “Direct Marketing”
Item 3 “Online behavioural targeting” 
a. Guidelines 8/2020 on the targeting of social media users

Remember, these changes come into effect on October 3rd 2022 so if you are planning to take the CIPP/E exam before this date, please continue to use the current CIPP/E Body of Knowledge to guide your studies

We would also encourage you to read our Ultimate Guide to passing the CIPP/E exam which will give you a step by step preparation plan and join our study group for access to a generous discount on the guided study course and trial exam with analysis of your results from our partners at Privasy.eu.

This is a great opportunity to test your knowledge and go into your certification exam feeling completely prepared and above all, ready to pass with confidence. Read the pinned announcement post in our Facebook group so you can get access to the discount codes. Click on the #trialexam topic in the group in order to read reviews from group members who have used this excellent exam to prepare for passing the CIPP/E. In addition, at the time of writing, 100% of people who purchased the trial exam with analysis of result, went on to to pass the CIPP/E.

CIPP/E group members also receive a discount on the ebook Data Protection Law in Charts by Federico Marengo. This is a clear, easy to read set of charts presenting the GDPR main legal provisions, explanations and case law. 

CIPP/US 2022 IAPP exam updates

The new CIPP/US Body of Knowledge comes into effect on October 3rd 2022

There have just been a few small changes. For instance, new topics are added in Parts I (Introduction to the US Privacy Environment) and IV (Workplace Privacy) and Part V (State Privacy Laws) is updated to reflect recent legislation changes.

CIPP/US Part I updates

Section C, Item K, point v. has been added “Schrems decisions, implications of”

CIPP/US Part IV updates

Section B, Item A “Automated employment decision tools” is a new addition

CIPP/US Part V updates

Section B, Item E “Recent Developments” previously contained 11 subpoints, but this has been reduced to 6. Points i. to iii. are the same as in the previous BoK but points iv. (Colorado Privacy Act (CPA) 2021) and v. (Nevada Privacy Law & Amendment (SB260) 2019/2021) are new

Section C, Item C “Recent Developments” previously contained 7 subpoints but this has been reduced to 3 points, all of which were on the previous BoK. No new items here.

Again, these changes don’t come into effect until October 3rd 2022 so if you are doing your exam before then, continue to use the current CIPP/US Body of Knowledge

Additional readings for new CIPP/US Body of Knowledge Topics

This is a list of some useful readings in addition to the core book that may help you learn more about the new topics.

Consider joining our CIPP/US study group on Facebook for support and study tips from fellow exam candidates and certified professionals. CIPP/US group members also receive a discount on the ebook Data Protection Law in Charts by Federico Marengo. This is a clear, easy to read set of charts presenting the GDPR main legal provisions, explanations and case law. In addition, it’s a useful tool for supplementing your studies on the international privacy and GDPR sections

CIPT 2022 IAPP exam updates

The new CIPT Body of Knowledge is for anyone taking their exam after October 3rd 2022

Not only do the updates this year include new items added to the BoK but also the expansion of sections to provide more detail. One item was removed.

CIPT Part I updates


Section C, Item B “14 methods” was removed

CIPT Part II updates

Section A, Item F changed from “Data Inventories” to “Data Inventories, classification and records of processing”. Item H changed from “Privacy Impact Assessments” to “Data Protection and Privacy impact assessments (DPIA/PIAs)”

Section C “The privacy responsibilities of the IT professional” has been re-worded but is similar to the previous BoK

CIPT Part IV updates

Section A, Item D “Hide” has a newly added point v. “Masking”
Section B, Item B, point viii. “Irreversible masking” is newly added.
In the same section, Item D has a number of changes. 

  • Point iii. “User and Role-based access control (RBAC)” used to be two separate points but it now rolled into one. 
  • Point iv. “Privileged Access Management (PAM)” is new. 
  • Point vii. “Federated identity” is now “Federated identity and centralised identify inventory”. 
  • Point ix. “Dynamic Masking based on identities” is new.

Section C, Item B. The subpoints used to be Consent, Choice, Amend, Delete. These have changed to Consent, Choose, Update, Retract

CIPT Part V updates

Section A previously was just a heading “The Privacy Engineering role in the organization”. It has now expanded to include 3 items:

  • a. Effective Implementation 
  • b. Technological Controls 
  • c. Protecting Privacy during the Development Lifecycle

CIPT Part VI updates

There are three new additions: 

Section A, Item E “Privacy risk assessment and analysis”

Section B, Item A “Privacy audits and IT control reviews and Item F “Data cleansing in production and non-production environments”

CIPT Part VII updates

Section B, Item B previously read “Web Tracking” but has now changed to “Adtech, cookies and other web tracking technologies”

Section D has many new additions. Previously, there were 3 items: Internet of Things (IoT), Vehicular automation and Wearable devices but this has now changed to:

  • a. Mobile phones and apps 
  • b. Internet of Things (IoT) and Edge Computing 
  • c. Smart Cities 
  • d. Vehicular automation/Smart vehicles 
  • e. Wearable devices 
  • f. Blockchain and NFTs 
  • g. Virtual Reality, Augmented Reality and Mixed Reality

As these changes won’t take effect until October 3rd 2022, you should continue to use the existing CIPT Body of Knowledge if taking your exam before this date 

Consider joining our CIPT study group on Facebook for support and study tips from fellow exam candidates and certified professionals.

Additional readings for new CIPT Body of Knowledge Topics

This is a list of some useful readings in addition to the core books that may help you learn more about the new topics

Privacy exam study groups

In conclusion, our advice is to start studying early and join the conversation about the 2022 IAPP exam updates in our study groups. In addition, you’ll find great study tips, discounts and reviews on courses, books etc and more in these private groups

CIPP/E Study Group
CIPP/US Study Group
CIPT Study Group
CIPM Study Group

Above all, best of luck with your studies!

Similar Posts

man studying and taking notes
| | | |

New CIPP/E Practice Exam and more from the IAPP

Bypsgadmin

IAPP Certification Director Doug Forman and Training Director Marla Berry went live on LinkedIn on October 14th 2020 to answer questions about IAPP Certifications & Training. It was a fantastic Q&A session and we have summarised some key points from the discussion below, including the announcement of a new CIPP/E practice exam coming in 2021!…

The two textbooks used for the CIPT exam

How to study for the CIPT

Bypsgadmin

If you are a candidate for the Certified Information Privacy Technologist exam, you have probably wondered how to study for the CIPT. So, here are the resources you need to get started. The CIPT Body of Knowledge outlines all the concepts and topics you’ll need to know. The Exam Blueprint tells you the minimum and…