CIPPE 2023 Update: Here’s What Changed

Things are changing fast in European privacy! We don’t typically see annual updates by the IAPP to exam content, but the CIPP/E Body of Knowledge 2023 Version 1.3.1 has now superseded the 2022 version 1.3. Compared to the recent CIPT update (which was mammoth), the changes are relatively minor.  

However, the IAPP has added several new EU Guidelines to the Body of Knowledge (BoK) which will increase the reading requirements.  So, you may wish to add a few hours to your study plan.  

What’s Changed in the 2023 CIPP/E Body of Knowledge Update?


2023 CIPP/E Updates to Domain I 

The significant changes in the legislative framework within Europe mean that the Domain I changes may make this section of the certification even more challenging (and test-takers already found this domain tricky before the updates).  

Anyone taking the exam will need to understand the regulatory landscape enough to know the content of the laws and how each law impacts others within the EU.  

Additionally, Brexit led to serious regulatory changes in England, and these are now going to be reflected in the IAPP’s CIPP/E scope for testing.  

Additional Resources for the CIPP/E Domain I  

European Parliament’s Convention 108 + Resource 


UK Data Protection Act 

Payment Services Directive 2 

Data Governance Act 

Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data. 

NIS Directive 2016 

NIS2 Directive 

Interplay between GDPR and PSD2 

The EU’s Approach to AI 

The Artificial Intelligence Act Briefing 

2023 CIPP/E Updates to Domain II 

There are three categories of changes made within this domain:  

  1. Special categories of personal data are now specifically outlined in the BoK.  
  2. Schrems I and II are also included in the BoK. These court decisions relate to the previous (now invalidated) transfer mechanisms used to allow the flow of data between the EU and the US.  
  3. Multiple new guidelines have been added to the CIPP/E exam. For the most part, these guidelines resolve previous ambiguities and provide more detail about the operational impact of these laws.  

Additional Resources for the CIPP/E Domain II 

Guidelines 01/22 on data subjects rights – Right of access 

Guidelines 01/2021 on Examples regarding Personal Data Breach Notification 

Guidelines 09/2022 on personal data breach notification under GDPR 

Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority 

The IAPP on Schrems I 

The Schrems I Decision 

The IAPP on Schrems II 

The Schrems II Decision
The EDPB opinion on the Transatlantic Data Privacy Framework

2023 CIPP/E Updates to Domain III 

The updates to this section are relatively minor. The change requires testtakers to delve more deeply into the EU’s concept of dark patterns on social media.  

Additional Resources for the CIPP/E Domain III 

The EU’s 2022 Guidelines on Dark patterns in social media interfaces 

Our coverage of the dark patterns regulation 

More about dark patterns 


CIPP/E Certification Training with Privacy 108 

Our three-day CIPP/E certification training course has already been updated to reflect the changes to the 2023 body of knowledge. We encourage professionals planning to certify and those looking to deepen their European privacy knowledge to attend our course.  

Our training includes:  

  • Course content delivered by Dr Jodie Siganto CISSP, CISM, CIPM, CIPPE, CIPT, one of Australia’s leading privacy experts and experience trainer; 
  • Additional resources, exclusive to Privacy 108 students; 
  • Access to our bank of over 200 CIPP/E practice exam questions. 

Learn more about our CIPP/E certification training, or reach out with any questions: 

  • We collect and handle all personal information in accordance with our Privacy Policy.

  • This field is for validation purposes and should be left unchanged.

Privacy, security and training. Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.