CIPP/E and CIPP/US study and exam guide
This CIPP study guide is written for those preparing for CIPP/E or CIPP/US exams. The guide contains everything you need to know about the exam. This CIPP study guide also contains useful tips that will aid your preparation for the IAPP exam.
IAPP – CIPP, CIPM, CIPT
The International Association of Privacy Professionals (IAPP) offers international certifications in the field of privacy. The certificates are ANSI/ISO accredited. These certifications are widely recognized, and it is considered as the standard benchmark for professionals in the privacy industry. The IAPP issues the following certificates:
- CIPM (privacy operations);
- CIPT (technology);
- CIPP (laws and regulations).
The CIPM certificate is intended for managers and is becoming increasingly popular among professionals in various industries. It’s about privacy management. It is for professionals who implement privacy programs. The CIPT certificate is intended for I.T. professionals. This certificate is the least popular and will soon be completely redesigned. The last variant, the Certified Information Privacy Professional (CIPP) certification, is the most popular among the IAPP certifications.
CIPP has various variants, and the two most popular certifications are:
- CIPP/E – this is about privacy in Europe. The GDPR plays a central role in this. This certification is of a legal nature. You will learn everything about the most important privacy legislation.
- CIPP/US – This is about privacy in the United States. You should note that there is no uniform privacy law in the United States, so this certification focuses on various privacy laws, such as HIPAA in the field of privacy in healthcare.
Other less known variants are CIPP/C for Canadian professionals and CIPP/A for privacy professionals in Asia. The certificate for U.S. government professionals (CIPP/G) is currently inactive. Various major law firms are behind the CIPP certifications, and this contributes to the success of this certification.
An alternative to the IAPP certifications is the Certified Information Systems Security Professional (CISSP). This certificate is issued by the International Information System Security Certification Consortium. This consortium is also known as (ISC)².
IAPP Study Materials for CIPP/E and CIPP/US
You can download various documents on the IAPP website to prepare for the exam (https://iapp.org/certify/). The most interesting documents are the Body of Knowledge and the Exam Blueprint. The Body of Knowledge highlights the list of subjects that you must cover in preparation for the exam. The Exam Blueprint is more interesting; it states how important each component is in the exam. Each subject in the IAPP material carries different scores, so it is vital that you acquaint yourself with the exam blueprint to understand the sections that are most important.
Aside from these documents, you will also find other valuable materials on the IAPP site. These include the CIPP Study Guide, Authoritative Resource List, and Glossary of Privacy Terms. You can download these documents, but note that they are of little importance compared to the Body of Knowledge and the Exam Blueprint. You can search through the IAPP settings where you can follow classroom training. This takes around two days. Furthermore, you can follow online preparation materials that are available on the IAPP site. (Note: This is not a complete guide for preparing for your IAPP test.
- Before you start studying, download both documents and study them carefully! Please note that the material changes by approximately 10% every 1st of September.
- Also, buy a copy of the IAPP sample questions. These practice questions will give you a preview of what the exam looks like. However, it is generally noted that the level of these practice questions is considerably lower than the questions in the real exam. If you register in advance for an IAPP account, the chances are that you will receive a coupon code with which you can download the practice exam for free.
Official Textbooks for the CIPP/US and CIPP/E Program
Although it is not clearly stated on the IAPP website; the official CIPP study guides are:
- CIPP/E – European Data Protection: Law and Practice. Ustaran, Eduardo. IAPP, 2018. Please note – the book does not contain the changes made in September 2019.
- CIPP/US – U.S. Private-Sector Privacy, Second Edition. Peter P. Swire and DeBrae Kennedy-Mayo. IAPP, 2018. Please note – this book has not been updated to reflect the changes made in September 2019.
These books cost $75 and are included in the official IAPP courses (online or in class). You can also order them from IAPP online store. The books do not contain all the materials you will need for the exam. However, it contains all the basic course material.
- If you want to order the book, we advise that you go for the e-book version, which is easy to navigate or search while you are studying.
- For CIPP/E: the European Union has made a free e-book available to aid your preparation for the IAPP test. Download the e-book here.
Studying for the CIPP/E and CIPP/US Exams?
Here are some tips and advice that will aid your preparation for the CIPP exams.
- The CIPP exam is a tough one. You will need to prepare thoroughly for the exam. According to the IAPP, 30 hours of study time should be sufficient, but most people say they need over 60 hours to prepare adequately.
- Many questions are asked in the exams that you can literally extract from the book. Therefore you should read the CIPP study guide thoroughly.
- Make sure that you know the most important articles and that you also know, for example, what is stated in article 15 of the GDPR. Take a good look at the articles of the law that are most important in the examination (Exam Blueprint).
- There are few practice questions on the internet. You can also download the practice questions on the IAPP website. For any additional questions, follow an (online) training or take a look at Amazon. You can find here, for example, the book of Real CIPP/E Prep: An American’s Guide to European Data Protection Law and the General Data Protection Regulation (GDPR) by Gorden Yu or Full CIPP/US Practice Exam by Jasper Jacobs.
- Don’t be fooled by the lack of practice questions. The majority of the questions come directly from the manuals, and the other part consists of scenario questions.
- For CIPP/E: search the internet for flashcards, with which you quickly learn the most important concepts. Check here.
- For CIPP/E: always keep the GDPR close at hand and read the articles. If you want an extra explanation, you can also read the recitals. They introduce the GDPR. Check here for more useful info.
- Ask yourself regular questions like what do I know about the information obligations under the GDPR or what do I know about HIPAA and what does or does not fall within the scope of HIPAA etc.
The CIPP Exam
You can request and schedule the exam via the IAPP website. To do this, you must first register and purchase an exam voucher ($550). Afterward, you can register for the exam at any test center near you.
After completing your registration, you will be required to take a seat behind a computer. You are not allowed to bring any items into the exam room. You will be given 150 minutes for both the test. You are required to answer 90 multiple-choice questions. Please note that once you start, you cannot pause the time. If you decide to use the restroom, it will be at the expense of your time.
Often, the 150 minutes duration is sufficient for the exam. Most candidates experience some time stress when they start the exam. However, you will be able to complete the multiple-choice questions in no time, while the scenario questions may take you more time.
- If you are in doubt about a question, flag it and answer it later.
- Remember that you do not have to answer all the questions correctly. There are several simple multiple-choice questions that you can answer correctly by only studying the CIPP study guide. You will need to study wide to answer most of the scenario questions. Also, some of the questions are experimental and will not be added to your overall score.
- Don’t be fooled by the scenario questions. These are questions that outline a long case. There is a lot of information in the scenario that you do not need at all when answering your question.
If you have not had enough time to prepare adequately, reschedule the exam. This must be done at least two days before the exam date. Good luck!