An Update Common to All IAPP Exams (October, 2022)

An Update Common to All IAPP Exams (October, 2022)

The IAPP updates its exam forms every year to reflect the latest changes in the industry. The CIPP/E, CIPP/US and CIPM exam updates for the year 2022 will take effect from October 1.

Upto 10% change in exam material is made every year. The changes rule out the outdated topics and add new ones in an attempt to prepare privacy professionals in accordance with the most recent statutes. Read our detailed blog as we bring to you all the freshly incorporated changes in all IAPP exams.

An Update Common to the CIPP/US, CIPP/E and CIPM Exams

Before we discuss every exam separately, an update that is common to all the exam forms is worth noting. A new topic that relates to the consequences of the European Court of Justice’s Schrems II ruling has been added in the syllabus of all the IAPP exams. This addition was inevitable keeping in mind the developments regarding the ruling out of Privacy Shield on 16 July 2020 (Schrems II). Several shortcomings were observed in the EU-US Privacy Shield, a legal framework designed specifically to regulate data transfers from the EU to the US, which led to it being ruled invalid.

To address the issue, the concerned authorities of  the US and EU are in the process of developing a new and improved data transfer framework called the Trans-Atlantic Data Privacy Framework. The outdated Privacy Shield will soon be replaced by the Trans-Atlantic Data Privacy Framework. This change is sure to make the data transferring system more efficient and secure.

Want to know about Schrems ll in detail? Read this interesting blog where IAPP answers some of the FAQs.

Other Updates in IAPP Exams

All IAPP exams have seen major or minor updates:

CIPP/E Updates

The examination blueprint shows the minimum and the maximum number of questions included in any exam. No change has been observed in the exam blueprint for the current year. The exam will still comprise 3 parts. Take note that the part 2 which deals with the GDPR is the most important one from exam point of view. No major changes have been made other than a few tweaks as the official textbook dates back to 2019. The latest version of the Body of Knowledge shows that 9 Guidelines and a Recommendation have been added in the BoK. Guidelines and Recommendations are basically the documents in which the united European supervisors shed light on how the GDPR is applied.

Below is the summary of the changes made in this year’s body of knowledge for CIPP/E exam:

  • Transparency requirements with regard to data protection notices
  • Important aspects of the 2021 SCCs (scope, approach, new obligations, etc.)
  • Consequences of Schrems 2 judgement on Safe Harbor, Privacy Shield, SCCs, and other transfer mechanisms
  • EDPB guidelines on significant data protection topics (refer to Body of Knowledge for specific guidelines)

Read our detailed blog (link) on all the updates in CIPP/E exam.

CIPP/US Updates

The IAPP has just published the CIPP/US Examination Blueprint. It looks like it will remain the same this year too which means no change in the structure of the exam for the current year. The IAPP has also published a Body of Knowledge for the CIPP/US exam, which gives an overview of the topics to be tested in various sections of the exam. Here are the updates that the document shows:

  • Schrems II decision and its implications on data transfers
  • GLBA exemptions under state laws; Driver’s Privacy Protection Act
  • Automated employment decision tools
  • Colorado Privacy Act (CPA)
  • Nevada Privacy Law (SB260)Requirements of/liability of business associates under HIPAA and HITECH Act
  • State privacy laws for students (esp. SOPPA)
  • Applicability of state privacy laws to HR data

Interested in CIPP/US? Read our blog (link) to all the details on the recent updates in CIPP/US exam.

CIPM Updates

As the exam blueprint for this year came out, it became clear that no changes have been made in the exam blueprint for this year for this IAPP exam too. IAPP has renamed the chapters in the book. The new names give an indication whether it concerns the Privacy Program framework or the Privacy Operational Lifecycle (and stage), thus making it easier to link the chapters to the questions. The updates for the CIPM exam can be summarized as follows:

  • Changes in processes of data sharing and use, including secondary usage, vendor limitations and objections to usage
  • Updates concerning control, risk assessments, and alignment
  • Updates on notification,record keeping, and reporting of privacy incidents
  • Updates regarding internal as well as external policy processes and compliance

Do not forget to go through our blog (link) that discusses the CIPM exam updates for the current year in detail.

IAPP Exams Prep at

At, we offer detailed and comprehensive exam prep courses for the IAPP CIPP/US, CIPP/E and CIPM exams. Our all-inclusive courses include an up-to-date and complete outline of the entire textbook (latest edition), over 300 practice questions, a number of training videos, and for CIPP/US: our State Data Privacy and Security Laws Appendix. Our courses make sure that you go for the exam well prepared and ready to ace it. Register for your desired IAPP exam training course and give your career the boost it deserves.

Flashcards added to our CIPP/E and CIPP/US training courses!