*** The latest round of exam changes has been announced for October 2023 and an updated version of this article on CIPP exam updates is now available***
This year, the annual IAPP exam updates go into effect on October 3rd and therefore, new Body of Knowledge documents are now available for all designations. We have recently watched a great video from the IAPP (Credentialing the Next Generation of Privacy Professionals) on the whole process behind the creation of the exams, how questions are written and updated and even how certified privacy professionals can become question writers! This is 30 mins long and well worth a watch, however, if you’re short on time you can read our summary of all the key points.
The Body of Knowledge “is an outline of the information covered in the exam and represents the breadth of knowledge qualified candidates should possess on the topic.” The IAPP will update all of their exams (CIPP/E, CIPP/US, CIPT and CIPM) regularly so they can keep pace with the ever-changing privacy landscape. So, in this article, we will highlight the key differences between the previous and new versions of the CIPP/E, CIPP/US and CIPT Bodies of Knowledge (BoK).
We did not cover the CIPM in this article as the new CIPM Body of Knowledge has substantial changes and should be read in detail. There are many new topics and sections have been re-worded to be more descriptive.
CIPP/E 2022 IAPP exam updates
The new CIPP/E Body of Knowledge takes effect from October 3rd 2022. This year, the biggest difference is that ten specific guidelines from the European Data Protection Board (EDPB) are listed as part of the Body of Knowledge. Candidates in our study group on Facebook regularly report that reading EDPB guidelines was helpful to them, but this is the first time we have seen them specifically identified as being covered in the exam.
The three domains on the CIPP/E Body of Knowledge are:
- Introduction to European Data Protection
- European Data Protection Law and Regulation
- Compliance with European Data Protection Law and Regulation
There is one small change in Part I. Section A, Item 3 “Early Laws and Regulations” – now expanded to specifically mention:
a. OECD Guidelines and The Council of Europe
b. Convention 108
In Section B, The Council of Europe has been removed.
Parts II and III contain the most updates. The below EDPB guidelines have been added so we have linked them all here individually
CIPP/E Part II updates
Section A “Data Protection Concepts”
Item 6 “Processor”
a. Guidelines 07/2020 on the concepts of controller and processor in the GDPR
Section B “Territorial and Material Scope of the General Data Protection Regulation”
Item 2 “Non-establishment in the EU”
a. Guidelines 3/2018 on the territorial scope of the GDPR
Section F “Data Subjects Rights”
Item 3 “Erasure and the right to be forgotten (RTBF)”
a. Guidelines 5/2019 on the criteria of the Right to be Forgotten in the search engines cases under the GDPR”
Item 8 “Restrictions”
a. Guideline 10/2020 on restrictions under Article 23 GDPR
Section I “International Data Transfers”
Item 1 “Rationale for prohibition”
a. Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR
Item 6 “Codes of Conduct and Certifications”
a. Guidelines 04/2021 on codes of conduct as tools for transfers
Item 7 “Derogations”
a. Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679
Item 8 “Transfer impact assessments (TIAs)”
a. Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data
CIPP/E Part III updates
Section B “Surveillance Activities”
Item 3 “Closed-circuit television (CCTV)”
a. Guidelines 3/2019 on processing of personal data through video devices
Section C “Direct Marketing”
Item 3 “Online behavioural targeting”
a. Guidelines 8/2020 on the targeting of social media users
Remember, these changes come into effect on October 3rd 2022 so if you are planning to take the CIPP/E exam before this date, please continue to use the current CIPP/E Body of Knowledge to guide your studies
We would also encourage you to read our Ultimate Guide to passing the CIPP/E exam which will give you a step by step preparation plan and join our study group for access to a generous discount on the guided study course and trial exam with analysis of your results from our partners at Privasy.eu.
This is a great opportunity to test your knowledge and go into your certification exam feeling completely prepared and above all, ready to pass with confidence. Read the pinned announcement post in our Facebook group so you can get access to the discount codes. Click on the #trialexam topic in the group in order to read reviews from group members who have used this excellent exam to prepare for passing the CIPP/E. In addition, at the time of writing, 100% of people who purchased the trial exam with analysis of result, went on to to pass the CIPP/E.
CIPP/E group members also receive a discount on the ebook Data Protection Law in Charts by Federico Marengo. This is a clear, easy to read set of charts presenting the GDPR main legal provisions, explanations and case law.
CIPP/US 2022 IAPP exam updates
The new CIPP/US Body of Knowledge comes into effect on October 3rd 2022
There have just been a few small changes. For instance, new topics are added in Parts I (Introduction to the US Privacy Environment) and IV (Workplace Privacy) and Part V (State Privacy Laws) is updated to reflect recent legislation changes.
CIPP/US Part I updates
Section C, Item K, point v. has been added “Schrems decisions, implications of”
CIPP/US Part IV updates
Section B, Item A “Automated employment decision tools” is a new addition
CIPP/US Part V updates
Section B, Item E “Recent Developments” previously contained 11 subpoints, but this has been reduced to 6. Points i. to iii. are the same as in the previous BoK but points iv. (Colorado Privacy Act (CPA) 2021) and v. (Nevada Privacy Law & Amendment (SB260) 2019/2021) are new
Section C, Item C “Recent Developments” previously contained 7 subpoints but this has been reduced to 3 points, all of which were on the previous BoK. No new items here.
Again, these changes don’t come into effect until October 3rd 2022 so if you are doing your exam before then, continue to use the current CIPP/US Body of Knowledge
Additional readings for new CIPP/US Body of Knowledge Topics
This is a list of some useful readings in addition to the core book that may help you learn more about the new topics.
- IAPP Frequently asked questions and resources on Schrems II
- What Principles of Explainability and Transparency Should an Employer Consider When Using Video Interviewing and Similar Automated Hiring Tools? from the National Law Review
- New York Passes Two Laws Protecting Employee Privacy from JDSupra website
- Colorado Privacy Act becomes Law from IAPP news
- Nevada Privacy Law & Amendment (SB260) 2019/2021 on Nevada state website
Consider joining our CIPP/US study group on Facebook for support and study tips from fellow exam candidates and certified professionals. CIPP/US group members also receive a discount on the ebook Data Protection Law in Charts by Federico Marengo. This is a clear, easy to read set of charts presenting the GDPR main legal provisions, explanations and case law. In addition, it’s a useful tool for supplementing your studies on the international privacy and GDPR sections
CIPT 2022 IAPP exam updates
The new CIPT Body of Knowledge is for anyone taking their exam after October 3rd 2022
Not only do the updates this year include new items added to the BoK but also the expansion of sections to provide more detail. One item was removed.
CIPT Part I updates
Section C, Item B “14 methods” was removed
CIPT Part II updates
Section A, Item F changed from “Data Inventories” to “Data Inventories, classification and records of processing”. Item H changed from “Privacy Impact Assessments” to “Data Protection and Privacy impact assessments (DPIA/PIAs)”
Section C “The privacy responsibilities of the IT professional” has been re-worded but is similar to the previous BoK
CIPT Part IV updates
Section A, Item D “Hide” has a newly added point v. “Masking”
Section B, Item B, point viii. “Irreversible masking” is newly added.
In the same section, Item D has a number of changes.
- Point iii. “User and Role-based access control (RBAC)” used to be two separate points but it now rolled into one.
- Point iv. “Privileged Access Management (PAM)” is new.
- Point vii. “Federated identity” is now “Federated identity and centralised identify inventory”.
- Point ix. “Dynamic Masking based on identities” is new.
Section C, Item B. The subpoints used to be Consent, Choice, Amend, Delete. These have changed to Consent, Choose, Update, Retract
CIPT Part V updates
Section A previously was just a heading “The Privacy Engineering role in the organization”. It has now expanded to include 3 items:
- a. Effective Implementation
- b. Technological Controls
- c. Protecting Privacy during the Development Lifecycle
CIPT Part VI updates
There are three new additions:
Section A, Item E “Privacy risk assessment and analysis”
Section B, Item A “Privacy audits and IT control reviews and Item F “Data cleansing in production and non-production environments”
CIPT Part VII updates
Section B, Item B previously read “Web Tracking” but has now changed to “Adtech, cookies and other web tracking technologies”
Section D has many new additions. Previously, there were 3 items: Internet of Things (IoT), Vehicular automation and Wearable devices but this has now changed to:
- a. Mobile phones and apps
- b. Internet of Things (IoT) and Edge Computing
- c. Smart Cities
- d. Vehicular automation/Smart vehicles
- e. Wearable devices
- f. Blockchain and NFTs
- g. Virtual Reality, Augmented Reality and Mixed Reality
As these changes won’t take effect until October 3rd 2022, you should continue to use the existing CIPT Body of Knowledge if taking your exam before this date
Consider joining our CIPT study group on Facebook for support and study tips from fellow exam candidates and certified professionals.
Additional readings for new CIPT Body of Knowledge Topics
This is a list of some useful readings in addition to the core books that may help you learn more about the new topics
- Data Masking in the Enterprise from the IAPP
- Privileged Access Management (PAM) article from TechTarget
- IAPP Privacy Engineering Section
- Privacy Risk Assessments DPIAs and PIAs
- Best Practices for Privacy Audits from ISACA
- NIST Cybersecurity, Privacy and Risk resources
- Ubiquitous computing resources from TechTarget
Privacy exam study groups
In conclusion, our advice is to start studying early and join the conversation about the 2022 IAPP exam updates in our study groups. In addition, you’ll find great study tips, discounts and reviews on courses, books etc and more in these private groups
Above all, best of luck with your studies!