|

IAPP annual CIPP exam updates: October 2023

Bypsgadmin Updated on

Are you wondering when the IAPP CIPP exam updates happen in 2023 and what the updates will cover? We have answered those questions and more in this article.

Contents hide
Which IAPP exams will be updated?
IAPP certifications: The Body of Knowledge
CIPP/E 2023 exam updates
CIPP/E Domain I – Introduction to European Data Protection
CIPP/E Domain II – European Data Protection Law and Regulation
CIPP/E Domain III – Compliance with European Data Protection Law and Regulation
CIPP/E additional readings
CIPP/US 2023 exam updates
CIPP/US Domain I – Introduction to the US Privacy Environment
CIPP/US Domain II – Limits on Private-sector Collection and use of Data
CIPP/US Domain V – State Privacy Laws
CIPP/US additional readings
Wrapping up: CIPP exam updates for 2023

The IAPP privacy professional exams will be updated on October 2nd, 2023.

Each year, the IAPP updates their exams to keep pace with the rapidly-changing privacy landscape. Occasionally, this results in some panic in our study groups as candidates with CIPP exam dates in 2023 feel they won’t be prepared or have been studying the wrong material.

However, only around 10% of the exam will be changed during these updates and plenty of advance notice is given, so you can easily adjust your study plan or take the exam before the change date.

Which IAPP exams will be updated?

These 4 exams will be updated on October 2nd 2023:

  • Certified Information Privacy Professional/Europe (CIPP/E)
  • Certified Information Privacy Professional/US (CIPP/US)
  • Certified Information Privacy Manager (CIPM)
  • Certified Information Privacy Technologist (CIPT)

The Certified Information Privacy Professional/Canada (CIPP/C) update took place on January 23rd this year.

This article will address the upcoming changes to the CIPP/E and CIPP/US exams. We have not addressed CIPT as the changes to the Body of Knowledge are extensive. Much of the content has been reorganised and there are a significant number of additional topics. Our CIPT Study Group is open for discussions on the changes.

IAPP certifications: The Body of Knowledge

The Body of Knowledge “is an outline of the information covered in the exam and represents the breadth of knowledge qualified candidates should possess on the topic.”

When planning your studies, this is the document that should guide you as this is basically a list of the topics that could appear on your exam.

women with headphones, notebook and laptop attending online privacy training

CIPP/E 2023 exam updates

The new CIPP/E body of knowledge takes effect on October 2nd 2023. Each of the three domains has changes this year. The biggest change will be the addition of four new EDPB guidelines with the result that there are now 14 guidelines that can be examined.

These are the new topics to be added:

Convention 108
Brexit
GDPR relationship with other laws
NIS directive
EU Artificial Intelligence Act
Schrems decisions
Transatlantic Data Privacy Framework
Dark Patterns in social media

Here’s a breakdown of the changes in each section of the body of Knowledge:

CIPP/E Domain I – Introduction to European Data Protection

Part A, point 6, ” A modernised framework” has been removed and replaced with two points:

6. Convention 108+
7. Brexit

Part C, point 6 ” The GDPR and related legislation” now has a sub-point and two new points have been added (7 & 8)

a. Relationship with other laws (Payment Services Directive 2, Data Governance Act, Regulation (EU) 2018/1725, etc

7. NIS Directive (2016)/ NIS 2 Directive (2022)
8. EU Artificial Intelligence Act (2021)

CIPP/E Domain II – European Data Protection Law and Regulation

Part A, point 2 “sensitive data” now has a sub-point:

a. Special categories of personal data

Part F, point 1 “Access” now has a sub-point:

a. Guidelines 01/2022 on data subject right – Right of Access

Part G, point 2 “Breach notification” has two new sub-points:

b. Guidelines 01/2021 on Examples regarding Personal Data Breach Notification
c. Guidelines 9/2022 on Personal data breach notification under GDPR

Part I, point 3 “Safe Harbor and Privacy Shield” has been renamed to “Safe Harbor, Privacy Shield and the Transatlantic Data Privacy Framework” and a sup-point has been added:

a. Schrems decisions, implications of

Part J, point 1 “Supervisory authorities and their powers” now has a sub-point:

a. Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority

CIPP/E Domain III – Compliance with European Data Protection Law and Regulation

Part D, point 4 “Social networking services” has been renamed to “Social media Platforms” and a sub-point has been added:

a. Dark Patterns

CIPP/E additional readings

The 3rd edition of the recommended text book for the CIPP/E, European Data Protection, was published earlier this year. The new edition covers a lot of what has been added to the Body of Knowledge so make this your first choice for CIPP/E reading materials.

We have also linked to some additional readings and the newly added EDPB guidelines below should you wish to supplement your knowledge:

Interplay between GDPR and PSD2
NIS Directive – EU legislation on cybersecurity
Resources on the EU approach to AI and the EU Artificial Intelligence Act
Guidelines 01/2022 on data subject right – Right of Access
Guidelines 01/2021 on Examples regarding Personal Data Breach Notification
Guidelines 9/2022 on Personal data breach notification under GDPR
EDPB opinion on the Transatlantic Data Privacy Framework
Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority
EDPB guidelines – Dark Patterns in Social Media Platforms

Remember, these changes don’t take effect until October 2nd 2023 so if you are planning to take the CIPP/E exam before this date, please continue to use the current CIPP/E Body of Knowledge to guide your studies.

Our Ultimate Guide to passing the CIPP/E exam in 2023 is a useful summary of the steps you should take in order to prepare for your CIPP/E exam. What’s more, it includes codes for generous discounts on CIPP/E exam question trial exams, training courses and books.

man reading privacy book in a library

CIPP/US 2023 exam updates

The CIPP/US exam will be updated on October 2nd 2023 and the new Body of Knowledge is now available. There have been small changes to domains I and II and more significant changes to domain V. This is due to the addition of facial recognition and biometric topics and new state privacy laws.

Here’s the breakdown of changed items:

CIPP/US Domain I – Introduction to the US Privacy Environment

Part B, point F “State Enforcement” has been expanded to add the California Privacy Protection Act (CPPA)

Part C, point K “International Data Transfers” has a new item added to sub-point i, the EU-US Data Privacy Framework

CIPP/US Domain II – Limits on Private-sector Collection and use of Data

Part B, point A “The Health insurance Portability and Accountability Act of 1996 (HIPPA)” has a new sub-point:

iii. Use of online tracking technologies by HIPAA covered entities and business associates

CIPP/US Domain V – State Privacy Laws

Part A has a new sub-point:

a. California Privacy Protection Act (CPPA)

Part B has added two new sub-points:

e. Facial recognition use restrictions
f. Biometric Information privacy regulations, with the sub-point – Illinois Biometric Information Privacy Act (BIPA) (2008)

Part G has added three new sub-points:

vi. Connecticut Data Privacy Act (CTDPA) (2022)
vii. Utah Consumer Privacy Act (UCPA) (2022)
viii. California Age-appropriate design code act (A.B. 2273) (2022)

CIPP/US additional readings

Here are some useful links so that you can read-up on the new items that will be added to the CIPP/US body of knowledge in October:

California Privacy Protection Agency
EDPB opinion on the EU-US Data Privacy Framework
Use of online tracking technologies by HIPAA covered entities and business associates
Biometric Information and Privacy Laws
Connecticut Data Privacy Act (CTDPA) (2022)
Utah Consumer Privacy Act (UCPA) (2022)
California Age-appropriate design code act (A.B. 2273) (2022)

A reminder that these changes do not affect exams to be taken before October 2nd 2023 so you do not have to alter your study plan if you are taking the exam before that date.

Our CIPP/US study group on Facebook is a great place to get support and study tips from fellow CIPP/US exam candidates and certified professionals. In addition, you can find links to courses, CIPP/US sample questions, study outlines and more resources in the group.

Wrapping up: CIPP exam updates for 2023

In summary, the upcoming changes to the IAPP CIPP exams on October 2nd include emerging topics such as AI and global privacy frameworks. The revised exams reflect the ever-evolving landscape of privacy and data protection and staying up-to-date with the latest developments is crucial.

Mark your calendars and revise your study plans if needed. Best of luck with your CIPP exams!




Similar Posts

A hand drawing charts, graphs, and icons representing updated study materials and data, reflecting the importance of using current resources for exams like IAPP certifications.

Study Tips: Using Up-to-Date Study Materials

ByBas Hennis

Preparing for an International Association of Privacy Professionals (IAPP) certification exam, such as CIPP/E, CIPM, or AIGP, is an essential step toward advancing your career in privacy and data protection. Privacy laws and regulations evolve constantly, so keeping your study materials current is critical. Using outdated resources could harm both your exam performance and professional…

man studying and taking notes
| | | |

New CIPP/E Practice Exam and more from the IAPP

Bypsgadmin

IAPP Certification Director Doug Forman and Training Director Marla Berry went live on LinkedIn on October 14th 2020 to answer questions about IAPP Certifications & Training. It was a fantastic Q&A session and we have summarised some key points from the discussion below, including the announcement of a new CIPP/E practice exam coming in 2021!…