Official IAPP
CIPP/E textbooks
4-hour
online sessions
Classroom
training
CIPP/E exam
voucher
Exam
preparation
1st year
IAPP membership
The Certified Information Privacy Professional Europe (CIPP/E) is the leading independent qualification covering European privacy laws and regulations developed by the International Association of Privacy Professionals (IAPP). The CIPP/E is suitable for mandatory appointed data protection officers (DPOs) and other compliance professionals who are required to maintain an expert-level knowledge of the EU General Data Protection Regulation (GDPR). By obtaining the CIPP/E certification, practitioners can significantly improve their career prospects and lifetime earnings. Award holders will join an elite group of highly decorated, globally recognised data protection professionals.
Official IAPP
CIPP/E textbooks
4-hour
online sessions
Classroom
training
CIPP/E exam
voucher
Exam
preparation
1st year
IAPP membership
Since the EU General Data Protection Regulation (GDPR) entered into application on 25 May 2018, the protection of personal data has become a board-level priority for organisations around the world. With its mandatory requirement to appoint data protection officers (DPOs), the need for suitably qualified practitioners to ensure data processing operations are compliant has grown exponentially.
To meet the demand for skilled employees, the International Association of Privacy Professionals (IAPP) introduced the Certified International Privacy Professional Europe (CIPP/E) credential. The CIPP/E is one of four professional certifications in the CIPP programme. The three other versions cover the laws and regulations that apply in the US private sector (CIPP/US), Canada (CIPP/C) and Asia (CIPP/A).
The CIPP/E certification provides DPOs and other industry practitioners involved in compliance or privacy-based roles with comprehensive knowledge of the European data protection legislative framework from its early beginnings in the 1980s through to the GDPR, the EU Directive on Privacy and Electronic Communications (ePrivacy Directive) and other related legislation, such as the EU Data Governance Act and the EU Artificial Intelligence Act. CIPP/E award holders will develop detailed knowledge of all aspects of privacy and data protection across the EU, including key terminology and practical concepts concerning the collection, processing, storage, use, transfers, sharing, disclosure, and disposal of personal information in today's digital economy.
The syllabus (body of knowledge) consists of three separate sections. The first section is the introduction to European data protection, which covers the institutional background and the legislation. The second section addresses European data protection laws and regulations, while the third deals with compliance and the application of the law in certain situations.
This CIPP/E course is delivered online for convenience and for the significant environmental and sustainability benefits it offers. Delegates can gain a recognised practitioner-level workplace qualification at home or from their desk by attending four consecutive 4-hour live online sessions across one week. This accredited IAPP course prepares participants for the 150-minute multiple-choice IAPP Exam.
For the second year running, Freevacy has been shortlisted in the Best Educator category at the PICCASO Privacy Awards. The awards were established to recognise the people making an outstanding contribution to this dynamic and fast-growing sector. The Best Educator award will go to a professor, lecturer, teacher, or training provider who leads by example to inspire and motivate the next generation of privacy professionals.
Who should attend?
What you will learn
This accredited CIPP/E training course is delivered online over 4 consecutive morning sessions (or 2 full days when provided in-company).
The IAPP ensures the CIPP/E Body of Knowledge (BoK) is always relevant and up to date through consultation with its global community of information privacy practitioners and lawyers.
The CIPP/E is certified by the ANSI National Accreditation Board (ANAB) under ISO17024: 2012.
The following is extracted from the CIPP/E BoK version 1.3.1:
|
Part 1:
Introduction to European Data Protection
|
Origins and Historical Context of Data Protection Law: • Rationale for data protection
• Human rights laws • Early laws and regulations • The need for a harmonised European approach • The Treaty of Lisbon • Convention 108+ • Brexit |
|
European Union Institutions
• European Court of Human Rights
• European Parliament • European Commission
• European Council • Court of Justice of the European Union
|
|
|
Legislative Framework
• CoE Convention (1981)
• EU Data Protection Directive (95/46/EC) • EU Directive on Privacy and Electronic Communications (EU) 2002/58/EC (ePrivacy Directive) • EU Directive on Electronic Commerce (2000/31/EC) • General Data Protection Regulation (GDPR) (EU) 2016/679 • Payment Services Directive 2 (PSD2) (EU) 2015/2366 • Data Governance Act (DGA) (EU) 2022/868 • NIS Directive (2016) & NIS 2 Directive (EU) 2022/2555 • Regulation (EU) 2018/1725 • EU Artificial Intelligence Act (2021) |
|
|
Part 2:
European Data Protection Law and Regulation
|
Data Protection Concepts:
• Personal data • Special categories of personal data • Pseudonymous and anonymous data • Processing • Controllers & Processors • Data subjects |
| Territorial and Material Scope of the General Data Protection Regulation
|
|
| Data Processing Principles:
• Fairness and lawfulness • Purpose limitation • Proportionality • Accuracy • Storage limitation (retention) • Integrity and confidentiality |
|
| Lawful Processing Criteria
|
|
| Information Provision Obligations
|
|
| Data Subjects' Rights
|
|
| Security of Personal Data
• Appropriate technical and organisational measures • Breach notification • Vendor Management • Data sharing |
|
| Accountability Requirements
• Responsibility of controllers and processors • Data protection by design and by default • Documentation and cooperation with regulators • Data protection impact assessment (DPIA) • Mandatory data protection officers (DPOs) • Auditing of privacy programmes |
|
| International Data Transfers
• Rationale for prohibition • Adequate jurisdictions • EU-US transfer mechanisms (Safe Harbor, Privacy Shield, and the EU-US Data Privacy Framework (DPF)) - Implications of Schrems decisions • Standard Contractual Clauses (SCCs) • Binding Corporate Rules (BCRs) • Codes of Conduct and Certifications • Derogations • Transfer impact assessments (TIAs) |
|
| Supervision and enforcement
• Supervisory authorities and their powers • European Data Protection Board (EDPB) • European Data Protection Supervisor (EDPS) |
|
| Consequences for GDPR violations
• Process and procedures • Infringements and fines • Class actions • Data subject compensation |
|
|
Part 3:
Compliance with European Data Protection Law and Regulation
|
Employment Relationship
• Legal basis for processing of employee data • Storage of personnel records • Workplace monitoring and data loss prevention • EU Works councils • Whistleblowing systems • Bring your own device (BYOD) programmes |
| Surveillance Activities
• Surveillance by public authorities • Interception of communications • Closed-circuit television (CCTV) • Geolocation • Biometrics & facial recognition |
|
| Direct Marketing
• Telemarketing • Direct marketing • Online behavioural targeting |
|
| Internet Technology and Communications
• Cloud computing • Web cookies • Search engine marketing (SEM) • Social media platforms - Dark patterns • Artificial Intelligence (AI) - Machine learning (ML) - Ethical considerations |
Once the training aspect of your CIPP/E course is complete, our trainers make themselves available throughout the self-study period leading up to the exam. We achieve this through email exchanges, one-to-one coaching sessions, and group online exam preparation days.
The topics covered in this CIPP/E exam preparation session include:
Following the examination prep day, the instructor will offer guidance for further study areas.
IAPP exams have gained a reputation for being difficult to pass. Both Freevacy and the IAPP strongly recommend careful preparation, even for experienced professionals.
The following information about the CIPP/E examination is an extract from documentation provided to delegates by the IAPP. For the full details please review the IAPP Privacy Certification Candidate Handbook 2023 and the CIPP/E Examination Blueprint.
IAPP certification programmes are designed to differentiate between candidates who do and who do not possess the knowledge required to be considered minimally qualified privacy professionals. All questions are multiple choice with some relating to scenarios. Each question has only one correct answer. Each item (question) consists of a clearly written question (stem), a correct or best response (key) that should be apparent to minimally qualified candidates and three incorrect responses (distractors) that will be plausible to not-minimally qualified candidates. Note that it is each candidate’s responsibility to be prepared for exams by being familiar with all elements of the Bodies of Knowledge.
Candidates are advised to read each question carefully. The stem may be in the form of an actual question or an incomplete statement. An exam question may require the candidate to choose the most appropriate answer based on a qualifier, such as MOST likely or BEST.
| Total number of questions | 90 |
| Scored questions | 75 |
| Exam duration | 2 hours 30 minutes |
| Passing score | 300 out of 500 |
On all IAPP certification exams, each item has equal value and is scored as correct or incorrect. Unanswered items are considered incorrect, and there is no additional penalty for incorrect answers.
It is the policy of the IAPP to provide testing accommodations to candidates with qualifying disabilities to ensure each candidate a comparable opportunity for success on exams. We require 30 days notice in order to arrange special accommodations. Please do not schedule an exam until the IAPP approves your request. After exam purchase, submit your request and supporting documentation using the forms provided on the IAPP website.
All IAPP examinations are administered in English. In addition, the CIPP/E exam is available in French and German.
Get this IAPP Certified Information Privacy Professional Europe (CIPP/E) training course:
£1,750+VAT
10% OFF
Sign-up for our Privacy Newsfeed weekly newsletter to get your discount code. Receive additional offers by selecting training announcements option. Please choose your desired subscription option and then enter your details to subscribe.
Julie is an information and data governance specialist with over 15 years experience, including 7 years as a data protection officer at a law enforcement agency.
As an IAPP instructor, Julie delivers our CIPP/E and CIPM courses. Her expertise covers data protection law, privacy programme management, and implementing privacy-enhancing technologies. Julie's practical and informal approach to data protection training helps delegates to analyse and interpret legislative requirements before applying day-to-day practices.
Read Julie's full bio for more information about her qualifications and experience.
Freevacy has been shortlisted in the Best Educator category. The PICCASO Privacy Awards recognise the people making an outstanding contribution to this dynamic and fast-growing sector.