Are you wondering when the IAPP CIPP exam updates happen in 2023 and what the updates will cover? We have answered those questions and more in this article.
The IAPP privacy professional exams will be updated on October 2nd, 2023.
Each year, the IAPP updates their exams to keep pace with the rapidly-changing privacy landscape. Occasionally, this results in some panic in our study groups as candidates with CIPP exam dates in 2023 feel they won’t be prepared or have been studying the wrong material.
However, only around 10% of the exam will be changed during these updates and plenty of advance notice is given, so you can easily adjust your study plan or take the exam before the change date.
Which IAPP exams will be updated?
These 4 exams will be updated on October 2nd 2023:
- Certified Information Privacy Professional/Europe (CIPP/E)
- Certified Information Privacy Professional/US (CIPP/US)
- Certified Information Privacy Manager (CIPM)
- Certified Information Privacy Technologist (CIPT)
The Certified Information Privacy Professional/Canada (CIPP/C) update took place on January 23rd this year.
This article will address the upcoming changes to the CIPP/E and CIPP/US exams. We have not addressed CIPT as the changes to the Body of Knowledge are extensive. Much of the content has been reorganised and there are a significant number of additional topics. Our CIPT Study Group is open for discussions on the changes.
IAPP certifications: The Body of Knowledge
The Body of Knowledge “is an outline of the information covered in the exam and represents the breadth of knowledge qualified candidates should possess on the topic.”
When planning your studies, this is the document that should guide you as this is basically a list of the topics that could appear on your exam.
CIPP/E 2023 exam updates
The new CIPP/E body of knowledge takes effect on October 2nd 2023. Each of the three domains has changes this year. The biggest change will be the addition of four new EDPB guidelines with the result that there are now 14 guidelines that can be examined.
These are the new topics to be added:
GDPR relationship with other laws
EU Artificial Intelligence Act
Transatlantic Data Privacy Framework
Dark Patterns in social media
Here’s a breakdown of the changes in each section of the body of Knowledge:
CIPP/E Domain I – Introduction to European Data Protection
Part A, point 6, ” A modernised framework” has been removed and replaced with two points:
6. Convention 108+
Part C, point 6 ” The GDPR and related legislation” now has a sub-point and two new points have been added (7 & 8)
a. Relationship with other laws (Payment Services Directive 2, Data Governance Act, Regulation (EU) 2018/1725, etc
7. NIS Directive (2016)/ NIS 2 Directive (2022)
8. EU Artificial Intelligence Act (2021)
CIPP/E Domain II – European Data Protection Law and Regulation
Part A, point 2 “sensitive data” now has a sub-point:
a. Special categories of personal data
Part F, point 1 “Access” now has a sub-point:
a. Guidelines 01/2022 on data subject right – Right of Access
Part G, point 2 “Breach notification” has two new sub-points:
b. Guidelines 01/2021 on Examples regarding Personal Data Breach Notification
c. Guidelines 9/2022 on Personal data breach notification under GDPR
Part I, point 3 “Safe Harbor and Privacy Shield” has been renamed to “Safe Harbor, Privacy Shield and the Transatlantic Data Privacy Framework” and a sup-point has been added:
a. Schrems decisions, implications of
Part J, point 1 “Supervisory authorities and their powers” now has a sub-point:
a. Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority
CIPP/E Domain III – Compliance with European Data Protection Law and Regulation
Part D, point 4 “Social networking services” has been renamed to “Social media Platforms” and a sub-point has been added:
a. Dark Patterns
CIPP/E additional readings
The 3rd edition of the recommended text book for the CIPP/E, European Data Protection, was published earlier this year. The new edition covers a lot of what has been added to the Body of Knowledge so make this your first choice for CIPP/E reading materials.
We have also linked to some additional readings and the newly added EDPB guidelines below should you wish to supplement your knowledge:
Interplay between GDPR and PSD2
NIS Directive – EU legislation on cybersecurity
Resources on the EU approach to AI and the EU Artificial Intelligence Act
Guidelines 01/2022 on data subject right – Right of Access
Guidelines 01/2021 on Examples regarding Personal Data Breach Notification
Guidelines 9/2022 on Personal data breach notification under GDPR
EDPB opinion on the Transatlantic Data Privacy Framework
Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority
EDPB guidelines – Dark Patterns in Social Media Platforms
Remember, these changes don’t take effect until October 2nd 2023 so if you are planning to take the CIPP/E exam before this date, please continue to use the current CIPP/E Body of Knowledge to guide your studies.
Our Ultimate Guide to passing the CIPP/E exam in 2023 is a useful summary of the steps you should take in order to prepare for your CIPP/E exam. What’s more, it includes codes for generous discounts on CIPP/E exam question trial exams, training courses and books.
CIPP/US 2023 exam updates
The CIPP/US exam will be updated on October 2nd 2023 and the new Body of Knowledge is now available. There have been small changes to domains I and II and more significant changes to domain V. This is due to the addition of facial recognition and biometric topics and new state privacy laws.
Here’s the breakdown of changed items:
CIPP/US Domain I – Introduction to the US Privacy Environment
Part B, point F “State Enforcement” has been expanded to add the California Privacy Protection Act (CPPA)
Part C, point K “International Data Transfers” has a new item added to sub-point i, the EU-US Data Privacy Framework
CIPP/US Domain II – Limits on Private-sector Collection and use of Data
Part B, point A “The Health insurance Portability and Accountability Act of 1996 (HIPPA)” has a new sub-point:
iii. Use of online tracking technologies by HIPAA covered entities and business associates
CIPP/US Domain V – State Privacy Laws
Part A has a new sub-point:
a. California Privacy Protection Act (CPPA)
Part B has added two new sub-points:
e. Facial recognition use restrictions
f. Biometric Information privacy regulations, with the sub-point – Illinois Biometric Information Privacy Act (BIPA) (2008)
Part G has added three new sub-points:
vi. Connecticut Data Privacy Act (CTDPA) (2022)
vii. Utah Consumer Privacy Act (UCPA) (2022)
viii. California Age-appropriate design code act (A.B. 2273) (2022)
CIPP/US additional readings
Here are some useful links so that you can read-up on the new items that will be added to the CIPP/US body of knowledge in October:
California Privacy Protection Agency
EDPB opinion on the EU-US Data Privacy Framework
Use of online tracking technologies by HIPAA covered entities and business associates
Biometric Information and Privacy Laws
Connecticut Data Privacy Act (CTDPA) (2022)
Utah Consumer Privacy Act (UCPA) (2022)
California Age-appropriate design code act (A.B. 2273) (2022)
A reminder that these changes do not affect exams to be taken before October 2nd 2023 so you do not have to alter your study plan if you are taking the exam before that date.
Our CIPP/US study group on Facebook is a great place to get support and study tips from fellow CIPP/US exam candidates and certified professionals. In addition, you can find links to courses, CIPP/US sample questions, study outlines and more resources in the group.
Wrapping up: CIPP exam updates for 2023
In summary, the upcoming changes to the IAPP CIPP exams on October 2nd include emerging topics such as AI and global privacy frameworks. The revised exams reflect the ever-evolving landscape of privacy and data protection and staying up-to-date with the latest developments is crucial.
Mark your calendars and revise your study plans if needed. Best of luck with your CIPP exams!