CIPP/E and CIPP/US study and exam guide
This guide is written for anyone who is planning for CIPP/E and CIPP/US certification. The guide contains everything you need to know, but this guide also contains useful tips for studying.
IAPP – CIPP, CIPM, CIPT
The International Association of Privacy Professionals (IAPP) offers international certifications in the field of privacy. The certificates are ANSI/ISO credited. These certifications are widely recognized and more and more privacy professionals are demonstrating their knowledge with IAPP certificates. The IAPP issues the following certificates:
- CIPM (about privacy operations);
- CIPT (technology);
- CIPP (laws and regulations).
The CIPM certificate is intended for managers and is becoming increasingly popular. It’s about privacy management. You can think of implementing privacy programs. The CIPT certificate is intended for IT professionals. This certificate is the least popular and will soon be completely redesigned.
The last variant, the CIPP certificate, is the best known of the various certifications. CIPP stands for Certified Information Privacy Professional (or CIPP). You have different variants in it. The best known two are:
• CIPP/E; this is about privacy in Europe. The GDPR plays a central role in this. This certification is of a legal nature. You learn in particular everything about the most important legislation.
• CIPP/US; This is about privacy in the United States. In the United States there is not yet a uniform privacy law, so this certification focuses on various privacy laws, such as HIPAA in the field of privacy in healthcare.
Less known are: CIPP/C for Canadian professionals and CIPP/A for privacy professionals in Asia. The certificate for US government professionals (CIPP/G) is currently inactive. Various major law firms are behind the CIPP certifications. This contributes to the success of this certification.
An alternative to the IAPP certifications is the Certified Information Systems Security Professional (CISSP). This certificate is issued by the International Information System Security Certification Consortium. This consortium is also known as (ISC)².
Study material IAPP for CIPP/E and CIPP/US
You can download various documents on the IAPP website to prepare for the exam (https://iapp.org/certify/). The most interesting documents are the Body of Knowledge and the Exam Blueprint. The Body of Knowledge states which subjects are all part of the exam. The Exam Blueprint may be even more interesting, it also states how important each component is in the exam. Not every part of the material weighs the same as the final score.
In addition to these documents, you will find more documents on the IAPP site. These are the: Study Guide, Authoritative Resource List and Glossary of Privacy Terms. You can download these documents, but these are of little importance compared to the Body of Knowledge and the Exam Blueprint.
You can search through the IAPP settings where you can follow a classroom training. This takes around 2 days. You can also follow an online preparation (that is not a complete exam preparation).
- Before you start studying, download both documents and study them carefully! Please note that as of 1 September of each year the material changes by approximately 10%.
- Also buy a copy of the IAPP sample questions. These practice questions give you a good impression of what the exam looks like. However, it is generally noted that the level of these practice questions is considerably lower than the questions on the exam. If you register in advance for an IAPP account, chances are that you will receive a coupon code with which you can download the practice exam for free.
Official textbooks for the CIPP/US and CIPP/E program
It is not stated very clear on the IAPP website, but the official study books are:
- CIPP/E – European Data Protection: Law and Practice. Ustaran, Eduardo. IAPP, 2018. Please note – there is no update available for the changes in September 2019.
- CIPP/US – U.S. Private-Sector Privacy, Second Edition. Peter P. Swire and DeBrae Kennedy-Mayo. IAPP, 2018. Please note – also for this book there is no update available of the changes in September 2019.
These books cost $ 75 dollars and are included in the official IAPP courses (online or in class). You can also order them in the online store of the IAPP.
The books do not contain all the material that is asked for the exam, but it does contain all the basic course material.
- If you order the book, choose the e-book. It is easy to search the book while studying.
- For CIPP/E: the European Union has made a free e-book available that can be very useful when learning for the CIPP/E Exam. That book can be downloaded here.
Studying CIPP/E and CIPP/US
Hereby some thoughts and advice that you could take into account:
- The CIPP/E and CIPP/US exams are not easy. Thorough preparation is required. According to the IAPP, 30 hours of study time should be sufficient, but most people say they need double the amount of time.
- Many questions are asked in the exams that you can literally extract from the book. Therefore study the book or a good summary in detail.
- Make sure that you know the most important articles and that you also know, for example, what is stated in article 15 of the GDPR. Take a good look at the articles of the law that are most important in the examination (Exam Blueprint).
- There are few practice questions on the internet. Therefore always download the practice questions from the IAPP. For any additional questions, follow an (online) training or take a look at Amazon. You can find here for example the book of Real CIPP/E Prep: An American’s Guide to European Data Protection Law and the General Data Protection Regulation (GDPR) by Gorden Yu or Full CIPP/US Practice Exam by Jasper Jacobs.
- Don’t be fooled by the lack of practice questions. The majority of the questions come directly from the manuals and the other part consists of scenario questions. You cannot prepare them differently by learning the most important concepts.
- For CIPP/E: search the internet for flashcards, with which you quickly learn the most important concepts. An example is this website.
- For CIPP/E: always keep the GDPR close at hand and read the articles. If you want extra explanation, you can also read the recitals. They introduce the GDPR. This site is useful for that.
- Ask yourself regularly questions such as: what can I tell about the information obligations under the GDPR. Or what do I know about HIPAA? Whoever maintains, what does or does not fall within the scope of HIPAA etc.
The CIPP/US and CIPP/E exam
You can request and schedule the exam via the IAPP. To do this, you must first register and purchase an exam voucher. If you have purchased the voucher ($ 550), you can register for the exam at a test center near you.
After registration you have to take a seat behind a computer. You are not allowed to bring any items into the exam room. You get 150 minutes for both the CIPP/E and the CIPP/US exam. In those 150 minutes you have to answer 90 multiple choice questions. Once you have started, you cannot pause. You can go to the restroom, but this is at the expense of your time.
In itself, the 150 minutes are sufficient to take the exam. Most candidates experience some time stress when they start the exam. However, you will see that the multiple choice answers are fast. The scenario questions take a little longer to answer because you have to read a lot of text.
Some best practices:
- are you in doubt about a question? Then flag it and look at it again later.
- remember that you do not have to have all the questions correct. There are plenty of simple multiple choice questions that you can score with only learning the material. You may be wrong about the instants in the scenario questions. Also know that some of the questions are experimental and do not count at all in the result.
- don’t be fooled by the scenario questions. These are questions that first outline a long case. There is a lot of information in the scenario that you do not need at all when answering your question.
- you can reschedule the exam up to two days in advance. If you have not had enough time to learn well, reschedule the exam.