The Updated CIPP/E Body of Knowledge: What Has Changed

The IAPP’s CIPP/E certification covers key privacy terminology, and the practical considerations relating to personal data protection and data flows in Europe. This area of law is developing rapidly as European privacy authorities dole out significant fines for GDPR breaches. As a result, the CIPP/E Body of Knowledge has been updated to reflect the practical challenges and changes in privacy in Europe. These changes in the updated CIPP/E body of knowledge come into effect on 3 October 2022. Here’s what will change once the updated CIPP/E Body of Knowledge comes into effect: 

What Changed in the 2022 CIPP/E Body of Knowledge Update? 

CIPP/E Domain I – Introduction to European Data Protection 

Domain I has only undergone minor changes – as you’d expect, considering the content mostly covers the history of Europe’s data protection law and its legal framework.  

Part A section 3 of Domain I has had two sub-sections added to the curriculum. It now reads:  

3. Early laws and regulations: 
4. OECD Guidelines and the Council of Europe
5. Convention 108

 This addition helps to clarify exactly what test takers need to know about the early development of European privacy and data protection law.  

The Court of Justice of the European Union has been removed from the list of European Union Institutions covered in Part B of Domain I.  

No changes have been made to Part C of Domain I.  

CIPP/E Domain II Body of Knowledge Update – European Data Protection Law and Regulation 

Domain II has been updated to include references to a number of Guidelines that have been published by the European Data Protection Board (EDPB) since the prior update. The guidelines specifically referred to in Domain II are:  

• Guidelines 07/2020 on the concepts of controller and processor in the GDPR, which has been added to Part A Data Protection Concepts, section 6 – Processor.  

• Guidelines 3/2018 on the territorial scope of the GDPR which has been added to Part B Territorial and Material Scope of the GDPR section 2 – Non-establishment in the EU.  
• Guidelines 5/2019 on the criteria of the Right to Be Forgotten in the search engines cases under the GDPR, which has been added to Part F Data Subjects’ Rights, section 3 – Erasure and the right to be forgotten.  
• Guideline 10/2020 on restrictions under Article 23 GDPR, which has been added to Part F, section 8 – Restrictions.  
• Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR, which has been added to Part I International Data Transfers, section 1 – Rationale for prohibition.  
• Guidelines 04/2021 on codes of conduct as tools for transfers, which has been added to Part I, section 6 – Codes of Conduct and Certifications.  

• Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679, which has been added to Part I, section 7 – derogations.  
• Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, which has been added to Part I, section 8 – Transfer impact assessments.  

CIPP/E Domain III Body of Knowledge Update – Compliance with European Data Protection Law and Regulation 

This domain has also been updated to include specific references to certain EDPB guidelines, namely:  

• Guidelines 3/2019 on processing of personal data through video devices, which has been added to Part B Surveillance Activities, section 3 – CCTV.  

• Guidelines 8/2020 on the targeting of social media users, which has been added to Part C Direct Marketing, section 3 – Online behavioral targeting.  

Updated CIPP/E Body of Knowledge Resources 

Other than the updated CIPP/E Body of Knowledge, you may also wish to:  

• Review our guide the CIPP/E exam. 
• Read our 5 Tips on Preparing for the CIPP/E exam.

• Explore our guide to Domain 1 in the CIPP/E certification. 
• Review our privacy glossary for the CIPP/E. 
• Find out what you need to know about the history of data privacy for your CIPP/E exam. 
• Take a CIPP/E exam preparation course. 

We have updated our CIPP/E exam preparation course to reflect the significant additions to the body of knowledge. The training classes will run for three days to cover the added content.  

For more information about our CIPP/E courses, contact us!

Privacy 108

At Privacy 108, we are passionate about privacy and data protection. We work with organisations to ensure they collect, use and secure all information in a way that is both compliant and meets community expectations. Privacy 108 is a law firm. Our team of lawyers can provide specialist legal advice on privacy and security issues.