Ultimate CIPP/E Study Guide 2026
The CIPP/E remains the most widely recognised data protection certification in Europe, and for good reason. It is rigorous, scenario-driven and directly relevant to anyone working with the GDPR. This CIPP/E study guide gives you a practical roadmap for passing the Certified Information Privacy Professional/Europe exam: what to study, how long it takes, which resources earn their cost and which traps to avoid.
Privacy Study Group is not affiliated with or endorsed by the IAPP. This guide reflects the collective experience of thousands of candidates across our Facebook study group and LinkedIn community who have prepared, sat and passed the exam. Whether you are starting from scratch or topping up existing knowledge, this CIPP/E study guide will help you build a study plan that works.
What Is the CIPP/E?
The Certified Information Privacy Professional/Europe (CIPP/E) is a globally recognised certification developed by the International Association of Privacy Professionals (IAPP). It validates that holders have demonstrated knowledge and expertise in European data protection law and practice, with the GDPR at its centre.
The CIPP/E is ANAB accredited under ISO 17024, which means it meets internationally recognised standards for certification programmes. Combined with the CIPM (Certified Information Privacy Manager), it is widely regarded as the qualification pathway for Data Protection Officer roles under the GDPR.
There are no formal prerequisites. No specific degree, no minimum years of experience. The exam is available in English, French and German, delivered online via Pearson VUE or at a physical test centre, and you receive your result immediately.
CIPP/E Exam Format and Fees
The exam consists of 90 multiple-choice questions. You have 2.5 hours (150 minutes), including an optional 15-minute break at the halfway point. If you take the break, you must submit the first half of your exam and cannot revisit those questions when you return. Of the 90 questions, 75 are scored; the remaining 15 are unscored pilot questions being tested for future exams. You will not know which are which, so treat every question seriously.
Some questions are scenario-based, presenting practical situations where you must apply GDPR principles to identify the correct answer. These reward understanding over memorisation. The pass mark is 300 on a scaled score of 100–500.
What the CIPP/E Costs
The exam fee is $550. Unlike the AIGP, there is no separate member pricing for the exam itself. If you need to retake, the fee is $375, and the same discount applies if you already hold a different IAPP certification. You must schedule and take the exam within 12 months of purchase.
IAPP membership ($295 per year) is still worth considering: members are exempt from the biennial $250 Certification Maintenance Fee, receive discounts on study materials and training, and get access to free CPE opportunities. Over a two-year certification cycle, the membership typically pays for itself.
What Is the CIPP/E?
The Certified Information Privacy Professional/Europe (CIPP/E) is a globally recognised certification developed by the International Association of Privacy Professionals (IAPP). It validates that holders have demonstrated knowledge and expertise in European data protection law and practice, with the GDPR at its centre.
The CIPP/E is ANAB accredited under ISO 17024, which means it meets internationally recognised standards for certification programmes. Combined with the CIPM (Certified Information Privacy Manager), it is widely regarded as the qualification pathway for Data Protection Officer roles under the GDPR.
There are no formal prerequisites. No specific degree, no minimum years of experience. The exam is available in English, French and German, delivered online via Pearson VUE or at a physical test centre, and you receive your result immediately.
CIPP/E Exam Format and Fees
The exam consists of 90 multiple-choice questions. You have 2.5 hours (150 minutes), including an optional 15-minute break at the halfway point. If you take the break, you must submit the first half of your exam and cannot revisit those questions when you return. Of the 90 questions, 75 are scored; the remaining 15 are unscored pilot questions being tested for future exams. You will not know which are which, so treat every question seriously.
Some questions are scenario-based, presenting practical situations where you must apply GDPR principles to identify the correct answer. These reward understanding over memorisation. The pass mark is 300 on a scaled score of 100–500.
What the CIPP/E Costs
The exam fee is $550. Unlike the AIGP, there is no separate member pricing for the exam itself. If you need to retake, the fee is $375, and the same discount applies if you already hold a different IAPP certification. You must schedule and take the exam within 12 months of purchase.
IAPP membership ($295 per year) is still worth considering: members are exempt from the biennial $250 Certification Maintenance Fee, receive discounts on study materials and training, and get access to free CPE opportunities. Over a two-year certification cycle, the membership typically pays for itself.
The CIPP/E Body of Knowledge
The IAPP publishes a Body of Knowledge (BoK) for each certification. The BoK defines every domain and topic candidates are tested on; think of it as the exam’s table of contents. If you have not encountered a BoK before, it is a structured list of competencies and performance indicators that tell you what you need to know and to what depth. The verbs in each performance indicator (identify, evaluate, understand, implement) signal the cognitive level the exam targets, following Bloom’s Taxonomy. The current CIPP/E BoK (v1.3.3, effective 1 September 2025) is a free download from the IAPP. Print it. It is the single most valuable free resource for your preparation.
The five domains and their approximate question weightings are:
| Domain | Focus | Questions (min–max) |
| I. Introduction to European Data Protection | Historical context, EU institutions, legislative framework (GDPR, ePrivacy Directive, NIS2, EU AI Act) | 7–13 |
| II. European Data Protection Law and Regulation | GDPR concepts, security of personal data, data subjects’ rights, EDPB guidelines | 18–28 |
| III. European Data Processing | Processing principles, lawful bases, transparency, international data transfers | 13–21 |
| IV. Scope and Accountability | Territorial scope, accountability requirements, DPIAs, DPOs, supervision and enforcement | 8–18 |
| V. Compliance | Employment, surveillance, direct marketing, internet technology, AI compliance issues | 8–16 |
Domain II carries the heaviest weighting (up to 28 scored questions). This is where the GDPR lives in detail: personal data concepts, lawful processing, security obligations and data subjects’ rights. If you are going to over-invest your study time anywhere, this is the domain.
The BoK is reviewed annually and updated each September. The 2025 update (effective 1 September 2025) added explicit references to the EU AI Act, NIS2 and the broader digital regulatory landscape. The IAPP typically states that annual updates introduce no more than 10–15% new content, so this is evolution rather than revolution.
How Long Should You Study?
The IAPP recommends 30 hours of study time. Our community members report a realistic average of 50–60 hours, with the range spanning 30 hours (experienced privacy professionals) to 80+ hours (candidates new to data protection). Your background makes the difference: if you already work with the GDPR daily, much of Domain II will be revision; if you are coming from a non-privacy role, budget more time for the legal foundations.
A useful starting point is the free CIPP/E assessment at 22academy.com. It identifies your strongest and weakest domains and helps you decide whether you need a full study programme or targeted reinforcement. Starting with a diagnostic saves weeks of studying material you already know.
Schedule the Exam Early
This is the single most repeated piece of advice across our study groups: book your exam date before you feel ready. A fixed deadline concentrates effort. Without one, preparation expands indefinitely. You can reschedule up to 48 hours before a test-centre appointment or up to 15 minutes past the start time for an online session. There is no penalty for rescheduling, and you can do it as often as you like within the 12-month window.
What to Study: a Practical CIPP/E Study Guide Framework
Start with the BoK
Work through the BoK domain by domain. For each performance indicator, ask yourself: could I explain this to a colleague? Could I apply it in a scenario question? If not, that indicator is where your study time goes. This triage prevents the common mistake of spending equal time on everything; your study plan should be weighted towards your weakest areas and towards the domains with the highest question counts.
Master the Core GDPR Concepts
Certain GDPR topics appear across multiple domains and form the backbone of the exam. You should be able to explain and apply each of the six lawful bases for processing (Article 6), with particular confidence on consent, legitimate interest and contractual necessity; these are tested frequently in scenario questions. Understand the difference between controllers and processors, including joint controller arrangements, and know the EDPB guidelines on the subject.
Data subjects’ rights (Articles 15–22) carry significant weight in Domain II. Know each right, its conditions and its exceptions. The right of access, the right to erasure and the right to object are tested most frequently, but do not neglect data portability or the right to restriction of processing. Automated decision-making under Article 22 is increasingly relevant given the exam’s expanded coverage of AI-related compliance issues.
International data transfers (Chapter V of the GDPR) are tested in Domain III and consistently trip candidates. Understand adequacy decisions, Standard Contractual Clauses, Binding Corporate Rules and the Article 49 derogations. Know the Schrems II judgment and its practical consequences for transfer mechanisms. The EDPB’s supplementary measures recommendations are on the BoK and examinable.
Read the GDPR
There is no substitute for reading the regulation itself. The GDPR is dense but not impossibly long, and the exam tests whether you understand its provisions in context. A searchable, article-by-article version is available at privasy.eu/gdpr, which links articles to their corresponding recitals. 22Academy also offers a free downloadable GDPR text in PDF format. If English is not your first language, compare the GDPR in English and your native language; the concepts are the same but sentence structures can differ significantly, and reading both versions often clarifies meaning.
Know the EDPB Guidelines
The European Data Protection Board publishes guidelines, opinions and recommendations that interpret the GDPR. Fourteen EDPB guidelines are explicitly referenced in the CIPP/E BoK and are examinable. These cover topics including controller and processor concepts, territorial scope, the right to be forgotten, Article 49 derogations for international transfers, video surveillance, social media targeting, the right of access, breach notification, lead supervisory authority and codes of conduct for transfers.
Reading all fourteen guidelines in full is a substantial commitment. If you are short on time, 22Academy offers a EDPB Guidelines Booklet with structured summaries of all relevant guidelines. This is also included with the Prep Suite. For exam preparation, understanding the principles and practical implications of each guideline matters more than memorising every paragraph.
Understand the EU Institutional Framework
Domain I tests your knowledge of EU institutions and how they relate to data protection law. The relationships between the European Commission, European Parliament, Council of the EU, Court of Justice of the European Union and the Council of Europe can be confusing if you have not studied EU law before. This European Institutions resource provides a clear overview of this landscape.
Books Worth Reading
The IAPP Official Textbook
Unlike the AIGP, the CIPP/E has an official textbook: European Data Protection, Third Edition (Ustaran et al.), available from the IAPP store in print, digital or audiobook format, and in English, French and German. It is a solid, thorough text that covers the full BoK curriculum. For self-studiers, it is close to essential. If you are taking a comprehensive preparation course, you may find you can pass without it, but having it as a reference is still worthwhile.
One thing to watch: the IAPP updates the BoK annually but publishes new textbook editions on a roughly two-year cycle. This means the textbook chapters may not always correspond exactly with the current BoK. Use the BoK as your definitive curriculum and the textbook as your study companion, not the other way around.
GDPR in charts
Federico Marengo’s Data Protection Law in Charts is a visual guide to the GDPR that presents legal provisions, explanations and case law in chart format. If you are a visual learner, this can make dense legal text significantly more accessible and memorable. Our readers get a 10% discount with code privacystudygroup at checkout.
Case Law and Practical Application
The CIPP/E increasingly tests practical application of the GDPR, including enforcement decisions and case law from the Court of Justice of the European Union. Understanding major cases (Schrems I and II, Google Spain, Planet49 and others) in their practical context strengthens your ability to answer scenario-based questions. This GDPR Court and Study Cases resource provides structured case summaries designed for exam preparation.
Training Courses
IAPP Official Training
The IAPP offers CIPP/E training in three formats: in-person classroom sessions, live virtual instructor-led courses and self-paced online modules. Prices range from around $995 for self-paced online to over €2,000 for in-person classroom training.
The in-person format has genuine value if you learn best through discussion and direct instructor access. However, the consistent feedback from our study groups is that the IAPP training provides a solid introduction but does not fully prepare candidates for the exam. Members regularly report needing substantial additional study; reading the textbook, studying the EDPB guidelines and taking practice exams on top of the official course. At the price point, that is a limitation worth knowing about before you commit.
22Academy CIPP/E Prep Suite
The 22Academy CIPP/E Prep Suite is a comprehensive preparation programme aligned to the current BoK. It includes a diagnostic assessment, structured study guide, eLearning course with video lessons, quizzes, flashcards, case studies, practice tests and a full trial exam. It also includes the EDPB Guidelines Booklet. Materials are updated after each annual BoK revision and access continues until you pass.
In terms of content coverage, exam alignment and value for money, it is the most comprehensive CIPP/E preparation option currently available. The combination of study materials, multiple practice formats and trial exam in a single package means you do not need to piece together resources from multiple providers.
CIPP/E Exam Question Masterclass
If you already know the material but struggle with how the IAPP frames its questions, the CIPP/E Exam Question Masterclass addresses that specific problem. It teaches you to think like a certification question writer: how Bloom’s Taxonomy maps onto CIPP/E questions, how to predict which GDPR concepts are most likely to be tested, how to decode scenario-based questions under time pressure and how to spot misleading answer choices. The course includes nine modules that take you from analysing question structures to building your own practice sets and running realistic trial exams. At €195 it is a focused investment for candidates who find that reading the material is not the same as answering questions about it.
Practice Exams: the Core of Your CIPP/E Study Guide
Practice exams are where preparation becomes real. Reading builds knowledge; testing reveals whether you can apply it under time pressure. The CIPP/E rewards understanding over memorisation, and the only way to calibrate whether your understanding is exam-ready is to test it.
Start practice tests early. Do not leave them until the final week. Use early tests to identify weak domains, study those domains and then retest. This feedback loop is more effective than linear reading.
Trial Exam
The 22Academy CIPP/E trial exam is the most accurate and up-to-date practice exam available. It mirrors actual exam conditions: timed, online, with the ability to flag questions and return to them. After completing the exam, you receive a personalised results analysis that explains the subject of every incorrectly answered question in detail, allowing you to focus your remaining study time precisely where it is needed. If you invest in only one paid resource beyond the exam itself, this is where your money should go.
IAPP Practice Exam
The IAPP offers its own CIPP/E practice exam as a PDF with 90 questions, correct answers and explanations. Some questions are retired from the actual exam. It is useful for familiarising yourself with how the IAPP phrases questions, which has a distinctive style. Take it under timed conditions about two weeks before your exam to calibrate readiness.
A Warning About Exam Dumps
You will find websites selling “real CIPP/E exam questions” or question banks promising guaranteed passes. These are exam dumps: stolen content that is frequently inaccurate, often outdated and always unethical. Using them violates your candidate agreement with the IAPP and can result in permanent decertification.
They also do not work. The CIPP/E is a scenario-driven exam that rewards applied understanding. Memorised answers from a dump will not help you when the scenario presents a variation you have not seen before. If you are entering a profession built on data protection and compliance, start as you mean to go on.
Join a Study Group
No CIPP/E study guide replaces the value of a community. Our CIPP/E study group on Facebook has over 5,000 members, including candidates at every stage and certified professionals who generously share their experience. Members post questions, share resources, discuss tricky GDPR interpretations and report back after their exams. Follow Privacy Study Group on LinkedIn for updates, articles and study tips.
If you can find two or three people studying on a similar timeline, form a small study group. Research consistently shows that explaining concepts to someone else is one of the most effective ways to learn; a study partner who asks “but what about legitimate interest in this scenario?” forces you to move from recognition to genuine understanding.
Taking the CIPP/E Exam
Remote Proctoring vs. Test Centre
You can take the exam remotely via Pearson VUE’s OnVUE platform or in person at one of over 6,000 test centres worldwide. Both work; neither is objectively better.
Remote proctoring offers convenience but introduces variables. Members of our study groups have reported technical difficulties including inability to scroll, webcam failures despite passing pre-exam system checks, long waits in the proctor queue and small text on screen. The environment requirements are strict: clear desk, no second monitors, no other people in the room.
If you choose remote, do a full dry run the day before. Fully charge your mouse and keyboard. Know how to increase text size on your screen. Disconnect docking stations and external monitors; you may be asked to show the proctor that they have been removed.
Exam Day Strategy
Read the question before the scenario. Scenario-based questions often contain irrelevant detail designed to distract. Reading the question first tells you what to look for, which saves time and reduces confusion.
Eliminate first, then choose. With four options and only one correct answer, start by removing the answers you know are wrong. This is faster and more reliable than trying to identify the right answer from scratch.
Do not dwell. If a question is taking too long, flag it and move on. You have roughly 1 minute 40 seconds per question; that is comfortable if you do not get stuck on any single one. Trust your first instinct unless you have a specific reason to change an answer.
Pay attention to qualifier words. “Most likely,” “best,” “primary” and “except” change the logic of a question entirely. Many candidates lose marks not because they do not know the material but because they misread what the question is actually asking.
After the CIPP/E Exam
Your result appears on screen immediately. If you pass, the IAPP will email your digital certificate through Accredible and provide a PR toolkit through your MyIAPP profile. You are not fully certified until you pay the Certification Maintenance Fee or IAPP membership.
If you do not pass, you are in good company. The CIPP/E is a difficult exam and many strong candidates need a second attempt. You must wait 7 days before scheduling a retake and pay the retake fee ($375). Use the waiting period to review your weakest domains. If you used 22Academy’s trial exam, the personalised results analysis pinpoints exactly where to focus.
Maintaining Your Certification
The CIPP/E certification is valid for two years. To maintain it, you must submit evidence of 20 Continuing Privacy Education (CPE) credits and pay a Certification Maintenance Fee. For IAPP members, the fee is included in your membership. For non-members, it is $250 per two-year term. You do not need to retake the exam. CPE credits can be earned through IAPP webinars, industry conferences, relevant training and other professional development activities.
What Comes Next?
Many CIPP/E holders go on to add the CIPM, which together with the CIPP/E qualifies you for the Fellow of Information Privacy (FIP) designation. Others add the AIGP as AI governance becomes an increasingly central part of the privacy professional’s role. Either way, the CIPP/E is a strong foundation.
Where to Start
Download the CIPP/E Body of Knowledge from the IAPP. Take the free CIPP/E assessment to identify your baseline. Then build your study plan around the gaps. Bookmark this CIPP/E study guide and come back to it as your preparation develops.
Good luck with your preparation. Share your experience in the study group when you are done; the candidates coming after you will benefit from it, just as benefit from those who came before.
