Resources To Help You Prepare For The CIPPE Certification

The CIPP/E certification is becoming increasingly popular.  It is a great way to demonstrate your knowledge of the GDPR (plus other EU data protection laws) – which has become the globally privacy benchmark.

But the exam is hard and expensive – so it is good to pass the first time if you can …

Here are some CIPP/E exam resources to help you prepare.

Resources for CIPP/E Exam Prep

IAPP Body of Knowledge

The IAPP CIPP/E Body of Knowledge is by far the most important resource in your exam prep. It should be you bible in assessing whether or not you are ready to take the exam.  Once you can look at all the content of the BoK and say “Yes, I know what that’s about” – you’re ready to go.

BEWARE! The CIPP/E Body of Knowledge is changing in SEPTEMBER 2024.  

• If you are testing before 2 September 2024: CIPP/E Body of Knowledge ((Version 1.3.1)
• If you are testing on or after 2 September 2024: CIPP/E Body of Knowledge (Version 1.3.2)

EDPB Guidelines

Read as many EDPB Guidelines are you can – especially those called out specifically in the BoK.  Most of the guidelines are relevant, easy to understand and often include scenarios as examples of their application which are replicated in the CIPP/E Exam.

 You don’t need to read them all, but the following are probably essential-ish:

Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) – version adopted after public consultation

Guidelines 3/2019 on processing of personal data through video devices

Guidelines 4/2019 on Article 25 Data Protection by Design and by Default

Guidelines 5/2019 on the criteria of the Right to be Forgotten in the search engines cases under the GDPR (part 1)

Guidelines 07/2020 on the concepts of controller and processor in the GDPR

Guidelines 10/2020 on restrictions under Article 23 GDPR

Guidelines 01/2021 on Examples regarding Personal Data Breach Notification

Guidelines 03/2021 on the application of Article 65(1)(a) GDPR

Guidelines 04/2021 on Codes of Conduct as tools for transfers

Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR

Guidelines 01/2022 on data subject rights – Right of access

Guidelines 03/2022 on deceptive design patterns in social media platform interfaces: how to recognise and avoid them

Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement

Guidelines 07/2022 on certification as a tool for transfers

Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority

Guidelines 9/2022 on personal data breach notification under GDPR

You can access all EDPB Guidance here.

Council of Europe: European Data Protection Handbook

This resource is a bit old (from 2018), but it still provides an easily accessible account of the development of data protection law in Europe (Convention 108, etc.) and the EU. And it’s free!

The handbook gives a brief description of the two different systems established by the ECHR (Council of Europe) and EU law (which applies -not surprisingly to EU member states) (Chapter 1). Chapters 2 to 10 cover the following topics in more detail:

• data protection terminology;
• key principles of European data protection law; 
• rules of European data protection law;
• independent supervision;
• data subjects’ rights and their enforcement;
• cross-border transfers and flows of personal data;
• data protection in the context of police and criminal justice;
• other European data protection rules in specific areas;
• modern challenges in personal data protection.

Handbook on European data protection law – Publications Office of the EU (europa.eu)

Privacy 108 Blog Posts:

We’ve put together a few blog posts that might assist you – with a bit of a focus on Domain 1.  For non-European, Domain I can be the most challenging.  There’s no easy way around this one other than by just committing it to memory for long enough to sit the exam.

Here are some of our blog posts:

• Domain 1 overview
• Domain II overview
• History of data privacy in Europe
• Data protection cases you should know
• 5 Tips on preparing for the CIPP/E exam
• CIPP/E Privacy Glossary plus a free quiz.

Exam Prep Questions

Doing practice exam questions is the best way to prepare for the exam (once you’ve done your study of course).  There is a bit of an art of multiple-choice (like working out which is the least wrong or the most right out of the available options).

The IAPP’s set of practice exam questions is well worth the US$55 investment: CIPP/E Practice Exam Digital – IAPP Store

But be careful. There are quite a few CIPP/E Practice Exams from unofficial sources that are not great and sometimes even wrong (which is terrible because you then start second-guessing yourself and chasing your tail trying to work out what the right answer is).

There are other exam books you can buy.  These are the ones we’ve looked at:

• A Collection of Practice Exams on European Data Protection Law – Majid Hatamian 2023: 180 questions divided into two 90 practice exams of 90 questions each.  The questions are (informally) organised by topic so you start off with Domain I questions which is good if you want to test yourself in a particular area. The answer sheets at the end provide details on why the incorrect choices were wrong which is helpful.  It might be a little out of date (from 2023) but still a good resource.
• Three CIPP/E Practice Exams: 270 questions not by the IAPP – Franklin Philips: The introduction says if you score 80% you should be set for the exam.  This one may be out of date but a 2024 exam has been released. There is an answer key and explanation for the answers at the end of each exam which is good.  The questions weren’t as well drafted as in the Collection book (above) and the scenario questions weren’t as great. Not as good a resource as the Collection of Practice Exams.
• Three CIPP/E practice exams: 270 questions, not by the IAPP : Philips, Franklin: Amazon.com.au: Books
• Certified Information Privacy Professional Europe (CIPP-E) – Laboosh Certifications: I think it was free, 45 questions in total. Lots of scenarios.  Not sure of some of the questions or the answers so not our favourite.

Note: If you’re using your Kindle with any of the above books – don’t forget to turn off the highlights or otherwise you’ll have a pretty good idea of the answer. How to turn off highlights.

Videos

Sometimes, watching a video can be helpful, particularly for the Domain 1 stuff which is hard to get your head around.

These are some we’ve looked at:

EU Institutions: This 15-minute YouTube video covers (in excruciating detail) how the EU works (with perhaps the most boring narrative voice in history), but it’s very informative …

EU Institutions Related to the GDPR for Studying for the CIPP/e (youtube.com)

Council of Europe – Convention 108+: Convention 108 is the ‘mother’ of the GDPR. 

The Council of Europe’s Modernised Convention 108 on Data Protection (youtube.com)

GDPR Dispute Resolution (Art 65 and EDPB Guideline 03/2021): Covers the process for sorting out disagreements between Supervisory Authorities and the role of the EDPB in harmonising decision making  … definitely narrated by an AI voice but might be an easy way to get your head around how  the different regulators sort out disagreements.

EDPB Guidelines 03/2021 on GDPR Dispute Resolution: Article 65(1)(a) Explained (youtube.com)

Conducting a DPIA: From Fieldfisher Data & Privacy Team.  A bit long but they are lawyers …There are lots of other good resources from Fieldfisher if you like this one.

Conducting a DPIA – YouTube

Some of the other Fieldfisher resources:

• Transfer Impact Assessments: Part 3 – How to Document your Data Protection Compliance – Transfer Impact Assessments (youtube.com)
• EU AI Act: Debunking the EU AI Act: an overview of the new legal framework (youtube.com)

Data Subject Rights:  The content is good but you get the same boring male English male narrator… Fortunately only 7 minutes long if you can bear it:

GDPR Training by Aim – Module 6: Data Subject Rights (youtube.com)

From OneTrust – the narrator is not an AI voice which is a relief:

Getting started with GDPR compliance: Data subject rights requests (youtube.com)

Wrap-up

To pass the CIPP/E you have to:

• Be really familiar with Articles 3 – 49 GDPR, at the very least
• Have read the important EDPB Guidelines
• Be familiar with the major cases that have influenced the development of data protection law in Europe and the EU
• Know how the EU works 
• Know the history of the EU (all those Treaties …)
• Appreciate the connection between human rights law, the right to privacy and the development of data protection law. 

An IAPP-authorised CIPP/E course can help you prepare for the certification, while increasing your real-world knowledge and skills in privacy. Privacy 108 is an authorised provider of this training. You can learn more about our online CIPP/E course.