The Ultimate CIPP/E Study Guide
|This CIPP/E Study Guide post contains affiliate links. When you buy through links on our site we may earn a small commission. This helps us keep our website and study groups up and running at no additional cost to you.|
Now that 2020 is but a distant memory, why not set yourself the challenge to become a Certified Privacy Professional in 2021? If you already have, welcome! This is the ultimate CIPP/E study guide to help you pass the exam. If you haven’t, read on anyway and our step by step guide to passing the CIPP/E may change your mind.
Compiled from advice from certified professionals, detailed research and experiences of our community members, this guide will outline the necessary steps you need to take in order to ensure CIPP/E exam success. Privacy Study Group is not affiliated with or endorsed by the IAPP and this is not an official guide, simply our own recommendations and suggestions.
Some of the mentioned activities or resources are optional if you have the time, the money or the inclination. Others are non-negotiable, and are an essential part of the toolkit for becoming a certified privacy professional in 2021.
This is not an exhaustive list of study activities. There are other resources you could use but we aim to provide you with the most focused and useful activities, so you can make the best use of your time. Don’t waste valuable study hours on books, courses and videos that are unlikely to contribute to your learning journey.
What is the CIPP/E?
The CIPP/E is an ANSI/ISO-accredited professional certification. This means it’s globally recognised and demonstrates that certified professionals have skills that translate across the world. The exam has 90 questions (75 of which are scored) and you have 2.5 hours to complete it. There are no experience or educational prerequisites to taking the exam.
At the time of writing, the cost of taking the exam was $550. Upon passing the exam, you must pay a fee of $250 to become officially certified. This fee is payable every 2 years to maintain your certification. However, become an IAPP member and this is included in your IAPP annual membership.
You can take the exam online or in person at an exam centre. It is available in English, French and German and you will get your result immediately upon finishing the exam. You can read more on purchasing, scheduling, cancelling your exam, exam day information and the scoring process in the Certification Candidate Handbook, Read this carefully before purchasing your exam.
Why take the CIPP/E?
Getting certified shows that you have comprehensive knowledge of the GDPR and could be a stepping stone to a Data Protection Officer job if you go on to take the CIPM. Even if you are not a full-time privacy professional, the CIPP/E will help set you apart and give you an area of expertise that others in your industry don’t have. Overall, this is a great, specialist, certification for IT and InfoSec professionals, project managers and legal professionals
Once you’re up to speed with the basics above, start planning your study schedule. The IAPP recommends allowing 30 hours to study for this exam. However, our community members report spending anywhere from 30-80 hours studying. This varies depending on your level of experience in the data protection and privacy world, your personal studying style and your home/family/work commitments. A realistic average seems to be 50-60 hours.
CIPP/E Study Guide…the short version
If you are short on time or already have lots of relevant experience, here are the basic steps you should take when studying for the CIPP/E. We highly recommend you read on beyond this section, as the bare minimum tasks won’t usually be enough for most candidates to pass.
- Join our study group (link below)
- Read the Exam Blueprint and Body of Knowledge
- Buy and read the text book, European Data Protection, Second Edition
- Read the GDPR
- Read the EDPB opinions/guidelines and the ePrivacy Regulation
- Test your knowledge with a trial exam or sample question book
Firstly, join our CIPP/E Study group on Facebook. This is a welcoming, supportive community of exam candidates and certified professionals. We have 1,400+ members, many who have gone through the exam process and have shared their preparations, resources, tips and most importantly, their experiences of the exam. Click on the Exam Experience topic to read these personal accounts. Additionally, certified professionals and industry veterans generously share their knowledge and experience when exam candidates post their questions.
The IAPP website should be your next stop on your CIPP/E exam preparation journey. They have a very thorough Glossary of Privacy terms, the Body of Knowledge, the Exam Blueprint and a short CIPP/E Study Guide available to download. The Body of Knowledge is a list of all the concepts and topics you need to know to pass. The Exam Blueprint shows how many questions from each topic area will be on the exam. These documents are also available in French and German.
Continue reading if you want links (and discounts!) for the resources above.
CIPP/E Study Guide Essentials
CIPP/E exam books
Firstly, the starting point and the source of truth for all the CIPP/E exam is the IAPP recommended text, Ustaran, Eduardo et al. European Data Protection, Second Edition Portsmouth: IAPP Publications, 2019.
This book is available from the IAPP store in print or digital format. You can choose whichever format suits your learning style best.
This is the most fundamental resource you’ll need for the exam. If you do NOTHING else recommended in this CIPP/E study guide, buy this book.
Once you have the book, you’ll want to decide how much time to spend covering each chapter. You should take your own knowledge and experience into account when deciding this, but we have also prepared a guide to help you. This PDF is a map of the Body of Knowledge topics to the chapters in the book. It lists, in order, the chapters where most exam questions are coming from. This will really help you determine where to focus most of your study efforts.
The IAPP produces new editions of textbooks on roughly a 2 year cycle yet the CIPP/E exam and body of knowledge are updated annually. This means the topics on the Body of Knowledge may not always correspond exactly with the chapters in the text book. We endeavour to direct you towards additional readings to help fill those gaps whenever we can. For the current gaps between the book (2nd edition, 2019) and the exam (updated Sep 2020), we have prepared this list of suggested readings. The exam will be updated again on July 1st 2021
Additional optional reading
Some of our community members used other books to supplement their studies.
First up, available from Amazon, “Real CIPP/E Prep: An American’s Guide to European Data Protection Law And the General Data Protection Regulation (GDPR)” by Gordon Yu. Our members mostly used this to get an overview of the GDPR and as a “nice-to-have” supplement to the main textbook. The book is appealing because it includes 60 sample questions. Please note however, the current edition is from 2018 so may not perfectly reflect today’s exam content. Nevertheless, some comments from our group members:
“too high-level to be truly useful”
“only contributed a little bit to my knowledge.”
“by itself, really isn’t enough”
In addition, one member also noted some errors and typos in the book.
This book is a great, free resource: Handbook on Data Protection Law by EU Agency for Fundamental Rights and Council of Europe. This book was written for legal practitioners but many of our members found it helpful. Not only does it goes into great detail on the origins and background of European data protection law, but it also offers case law examples. It’s available to download for free or you can order a physical copy and pay for the postage.
Learning the GDPR
Knowledge of the General Data Protection Regulation (GDPR) is fundamentally important and no CIPP/E Study Guide would be complete without resources on learning and understanding this. The IAPP textbook covers the contents of the GDPR in detail. However if you have the time you should refer often to the text of the regulation. Or indeed, read the entire thing!
Depending on your learning style, you may wish to access the GDPR in different ways. Most straightforward, is to download the full GDPR text in this PDF.
|***Group member tip – If English isn’t your native language compare the GDPR in English and your own language. The concepts are the same but the structure of the sentences might differ by a lot***|
GDPR apps and websites
There are also easily searchable versions online with tables of contents to jump quickly from section to section. We like this site which also includes some analysis on key issues.
Some people like to browse and read on-the-go and there is a great mobile app for this by DLA Piper. It’s called Explore GDPR and is available for free, in 16 languages on Apple or Android devices. This app links articles and recitals to show how they are related. Additionally, it links GDPR articles to the corresponding articles in its predecessor – the EU Data Protection Directive.
GDPR in charts
Our favourite way to absorb all the dense, detailed text of the GDPR, is to view it in chart format. Data Protection Law in Charts is a visual guide to the General Data Protection Regulation. This ebook collection of charts provides a clear, easy to read presentation of the main legal provisions, explanations and case law.
Visualising the GDPR this way will help you to easily remember and interpret the text. It is an invaluable tool for anyone studying for the CIPP/E or for those in daily practice looking for a quick-reference guide. At the time of writing, a 10% discount on this ebook was available to members of our CIPP/E study group on Facebook. Join the group for the discount code and purchase the ebook here.
If video is your preferred learning tool, Phil Lee’s, “The new EU General Data Protection Regulation in Under 60 Minutes”, comes highly recommended by our group members. This is particularly beneficial for those coming from a non-privacy background or those starting with zero knowledge of the GDPR.
EDPB publications and the ePrivacy Regulation
The European Data Protection Board (EDPB) was established by the GDPR in 2018 and is a successor to the Article 29 Working Party (WP29). The Board issues opinions, recommendations, best practices and guidelines “to promote a common understanding of European data protection laws”. Our community members repeatedly say that reading these documents and the ones from the WP29 has been beneficial when taking the CIPP/E exam. You can find the EDPB documentation here and the WP29 documents here.
The ePrivacy Regulation
The proposed ePrivacy Regulation is an important and complex piece of legislation. It is closely intertwined with the GDPR and should not be left out of your studies.
Although the ePrivacy regulation is not yet finalised, exam candidates should keep pace with most recent developments. Once the final text is adopted, “the provisions of the ePR will take precedence over those of the GDPR. When no specific rule exists within the ePR for the processing of personal data, then the GDPR will apply to that processing”
|***This current draft of the Regulation is making it’s way through the EU legislative process and this is a good “Legislative Train Schedule” site which keeps track of the progress and provides useful references about the Regulation***|
Test your knowledge: CIPP/E sample questions and trial exams
There may come a point in your studies where this thought pops into your head; “How do I know if I’m ready to take the exam? I feel like I’ve read everything and can’t absorb any more information but still don’t know if I’ll pass”. If you’ve reached this stage, it’s time to test your knowledge.
Hundreds of people in our community have shared their experiences and opinions on various methods of doing this. Here’s a summary of the main options:
IAPP Sample questions.
These are available in German, French or English from the IAPP store, $25 for members, $35 for non-members. A PDF of 25 questions and answers plus an explanation for each. Group member feedback on these is that it’s a small sample size and generally much easier than the real exam.
CIPP/E sample question books
Jasper Jacobs books from Amazon. There are two books – A practice exam (90 questions) and a case study edition (90 questions from 18 case studies). Get them on Amazon:
This is a popular choice with group members and the pricing is very reasonable. However, some members have pointed out issues with poorly constructed sentences, typos and grammatical errors. One member said they “wish(ed) the explanations were more comprehensive”. It’s also worth noting they have not been updated since 2018 and 2019. Despite the issues, people seem to find them very helpful.
**Updated May 2022: A very popular choice with our study group members is this book by Dr. Majid Hatamian.
With members calling it “invaluable” and “really helpful” it seems to be the most accurate sample question book out there. Indeed one member said: “You pick up so many peculiarities of the test along the way (eg. translation issues/awkward phrasing / threshold points / double and triple negatives etc.).”
CIPP/E online trial exam
The trial exam at privacy-exam.com is an excellent option. This method of testing your knowledge is closest to the real thing. Fully up to date, the questions are of similar difficulty to the actual exam. Also, it replicates the live, timed, exam environment as opposed to the paper-based options above.
Group members have referred to this option as a “confidence booster” that you will pass the real thing and a great way to find gaps in your knowledge.
“Taking this exam gave me confidence heading into the exam……. I highly recommend it”
“I honestly don’t think I would have passed without it”
Sample questions – Caution
There have been mentions of using Udemy courses and sample questions as well as Quizlet flash cards in our group. However, these have always come with mixed (and honestly, mostly negative) reviews. If you find a good set of accurate cards then the consensus is that they are beneficial. But there are a lot of badly written and just plain incorrect ones out there. Therefore we have not included any links in this CIPP/E study guide. These can really lead to huge confusion if you are not already confident in your knowledge. If you do choose to use these, our recommendation is to use them towards the end of your studies so you have learned enough to be able to identify right from wrong.
CIPP/E Study Guide Nice-to haves
CIPP/E training Courses
You may have noticed that we haven’t included taking a training course in our recommendations. Why? Well, we have limited advice on this because the majority of our community didn’t do so. Some opinions of those that did:
“I did pay for the IAPP online course but quickly abandoned it – it’s only useful as an intro, not thorough enough to help you pass”
“The online training of IAPP is too basic to take the exam”
What we noticed is that those who did take a course, seemed to do as much extra work (reading books, articles, watching videos) as those who did not.
Of those who did take the official IAPP training, the ones who took the online course (self-paced, no interaction) found this less useful than those who took an in-person or live online course. Having an instructor to speak to or a live class to hold discussions with seemed to be of more benefit. In particular if the trainer provided sample questions or extra readings for the students.
There are much cheaper, unofficial courses available through private companies or on platforms like Udemy and LinkedIn learning. However, similar to the trial exam issue, the quality and accuracy were not always good enough. We have not been able to identify any specific courses that have satisfied enough of our community members to make a recommendation.
CIPP/E websites and videos
Everything mentioned below we could class as “nice-to-haves”. These are resources that you can consult if you have already done everything listed above but still want more information.
The UK Information Commissioners Office (ICO) – a few community members used this site in their studies. It’s a favourite of ours for really easy to understand explanations of various concepts and topics. It also has real-life examples, handy if you’re having difficulty understanding how a scenario would play out in the real world. Just to note – as the UK data protection landscape changes post-brexit, this site may become less relevant over time.
Using Legitimate Interests as legal grounds for Direct Marketing
Koen Lanaerts: The GDPR 5 months on
European Union Institutions
Scheduling the CIPP/E Exam
Our Study group members generally recommend scheduling the date and time for your exam as soon as possible. This gives you something to work towards and can focus your attention. Once you book in the date and time for your exam, you can reschedule any time up until 48 hours before the exam time. Do take note and check your confirmation email to make sure the date and time are exactly as you expect. You don’t want any nasty surprises if you are contacted to ask why you didn’t turn up to your exam that was scheduled a day earlier than you thought! IAPP will send you a reminder email 7 days before the scheduled exam date.
|***Once you have purchased the exam, you must take it within one year of purchase. More information on the examination process is here – including what’s allowed and what is not allowed when taking the exam***|
Taking the CIPP/E exam
You’ve finally made it, you have read every detail of this CIPP/E Study Guide and exam day has arrived. Candidates currently have the option to take the exams remotely or in person at a test centre.
The CIPP/E exam, as with all the IAPP certification exams, is a multiple choice exam. There are 90 questions and the exam is 2.5 hours long. Only 70 of these questions are scored. The methods used by IAPP to score the exams are strictly confidential. We only know the information provided on their website FAQs and in their Certification Candidate Handbook.
CIPP/E exam remote proctoring
The IAPP is currently offering the option to take the exams remotely via their partner Pearson Vue or in person in an approved test centre. They have over 6,000 test centres worldwide, so check on their website which location suits you. Pearson Vue also offers an option to take the exam by remote proctoring.
Many of our group members have commented that the remote proctoring experience can be challenging. One person reported technical issues and being unable to scroll properly through the exam (the pre-exam system check didn’t allow for scrolling to be tested). Another member reported that they had no webcam connection, in spite of it working every time in numerous pre exam system checks.
In the event of any issues, it takes 3 – 5 business days for IAPP to investigate your claim of technical issues.
In addition, take note of logistical preparations, make sure your mouse and keyboard are fully charged, know how to increase the size of the text on your screen – some members have reported the text comes up very small on the screen. Be prepared to disconnect all monitors and keyboards if you use a docking station. You may also need to remove them from your desk and show this. There are many rules and regulations around the online proctoring, make sure you are familiar with them and be prepared to accommodate additional requests.
CIPP/E exam tips and strategies
Here we go through some of the exam tips and strategies our group members have recommended.
- Firstly and most importantly, pay attention to the detail! Many of the answer choices are similarly worded. Eliminate any answers you know are incorrect first and then decide between the remaining ones
- If an answer jumps out at you, go with your gut instinct
- Don’t dwell. If you feel like you’re taking too long on one question, mark it and come back to it at the end. You may learn more information in the remaining questions that will help you to find the best answer for questions you were originally unsure of.
- If a scenario-based question, then read the question BEFORE reading the scenario. There can be a lot of irrelevant information in the scenario, as a result, reading the questions first will help you to filter this out.
- Don’t go back over questions you have already answered – there is no time for second-guessing yourself
Remember, the above are pointers from members of our group but everyone has their own exam strategy. If you have your own methods that work, stick with it! Better still, share your wisdom in the group so others can benefit.
The CIPP/E and all IAPP tests are computer based and you get your results immediately upon completion.
After the CIPP/E exam
If you fail, hard luck, you aren’t the first person to fail and you won’t be the last. This is a difficult exam but it is not unachievable. Do not be disheartened. You must wait 30 days and then you can schedule a retake and pay the $375 fee to the IAPP.
If you pass – congratulations! You will be told if you have passed or failed as soon as you finish the exam. In addition, this result will be emailed to your IAPP registered email address. IAPP will also send you a link to your PR toolkit, which is accessible from your profile on the IAPP website. This consists of:
- A news release template, ready for customization
- Tip sheets for engaging with the media, including local news outlets, blogs, trade magazines, newsletters, professional journals and alumni publications
- Suggestions for showcasing your certification to your professional network using the features of your new electronic certificate
|***You are not fully certified until you pay the $250 certification fee. You can do this after you pass or in advance of taking the exam so your certification will automatically activate once you pass***|
Maintain your certification
Your certification is valid for 2 years from the date of passing the exam. During this time you must earn Continuing Privacy Education (CPE) credits and pay the maintenance fee of $250 every two years. If you are an IAPP member you do not have to pay this fee as it is included in your membership fee. You do not have to take the exam again at the end of your two year cycle. Simply earn the required number of CPEs, pay the fee and you will remain certified.
The IAPP website is very helpful in providing some resources for earning CPE’s. You can filter the content to find the CPE resources most relevant to you.
CPE’s are not limited to IAPP specific resources, CPE’s can also be earned from attending industry conferences, attending privacy training and a number of other activities, all outlined in the IAPP CPE policy.
CIPP/E Study Guide… In conclusion
After you pass, do come back to our Facebook group and let everyone know how you got on. Share your preparation experience with our study group. Tell the community what worked for you, what didn’t and how you found the overall certification experience. It’s only through our members sharing their experiences that we are able to provide meaningful support and resources for privacy exam candidates.
When you feel ready for it, move on to your next certification! If you already hold one certification IAPP offers the subsequent certifications at a reduced rate of $375. If you decide to add to your IAPP certifications you should come join our other other study groups:
Congratulations on making it to the end of our ultimate CIPP/E study guide to passing the CIPP/E in 2021. You might not get through all this information in one sitting, so bookmark this page or email it to yourself as a reminder to come back later. And if you found this guide useful, please feel free to link to it from your own website, post a link on social media or pin it on Pinterest using one of the images below. Best of luck with your studies!