Choose CIPP/US or CIPP/E? Or CIPM?

Choose CIPP/US or CIPP/E? Or CIPM?

Many privacy professionals ask if they should choose CIPP/US or CIPM. Or to choose CIPP/E vs CIPP/US. To help you make the right choice, we’ve written this blog post. We will first discuss CIPP/US vs CIPP/E. Then we will go into CIPP/US (or E) vs CIPM.


Let’s start with CIPP. CIPP stands for Certified Privacy Professional. CIPP has many different variants. CIPP/US covers privacy regulations in the United States.

CIPP/US focuses on the American system of privacy legislation:

CIPP/US first pays attention to the U.S. Legal Framework and Federal and State Regulators, Enforcement of Privacy Law and Data Breach Notification Laws. This concerns the legal system and counts for about 1/3 of the curriculum.

The other 2/3 concerns substantive legislation. Think of medical legislation such as HIPAA, financial privacy legislation such as the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act (FACTA). Privacy in the workplace is also discussed.

The CIPP/E exam is mainly about the GDPR (approximately 70%).

Here, too, it is partly about European treaties and the European union. After that, the entire GDPR will be discussed. You can think of Data Protection Concepts, Territorial and Material Scope of the GDPR, Data Processing Principles, Data Subjects’ Rights, International Data Transfers and Supervision and Enforcement. Not everything is about the GDPR. Subjects that are largely regulated outside the GDPR are: Employment Relationships and Direct Marketing rules.

How to choose?

Many US privacy professionals choose CIPP/US. There are also many professionals in the US who choose CIPP/E to distinguish themselves from other professionals or because their organization does a lot of business in the EU.

CIPP/US and CIPP/E are usually chosen by professionals who wish to familiarize themselves with the applicable legislation. Privacy professionals who have to manage privacy in their organization more often choose CIPM or a combination of CIPM and CIPP/US or CIPP/E.


Above we discussed what CIPP/US is about, namely the substantive privacy rules in the US. At CIPM, the emphasis is on managing privacy. And less on knowledge of the substantive rules.

CIPM is about shaping Privacy program management. Questions that arise are why is a privacy program necessary? How do you manage that?

This involves creating an organizational privacy vision and mission statement, how to select the right Privacy Framework, develop a Privacy Strategy and structure a Privacy Team.

Other topics are:

  • Policies
  • Data Assessments
  • Training and Awareness
  • Data Breach Incident Plans
  • Monitoring and Auditing Program Performance

CIPM does deal with a number of important American and European rules, but the emphasis is much less on them than with CIPP/E and CIPP/US.

Many professionals who choose CIPM must set up a privacy program for their organization or lead a team of (more substantive) privacy professionals.

How to choose? CIPP/US and CIPP/E vs CIPM

The choice for CIPP/US or CIPM is therefore mainly dictated by what you want to learn. Would you like to know more about the substantive rules (choose CIPP/US) or more about how you shape privacy management within your organization (choose CIPM).

CIPP/US and CIPP/E are more similar than CIPM. Where the CIPP variants have the same topic, but differ from region, CIPM really has a different topic. At CIPM, the emphasis is more on privacy management with an emphasis on information management and information security. CIPP is really about the rules themselves.

Looking for a great CIPP/US, CIPM or CIPP/E online course?

Flashcards added to our CIPP/E and CIPP/US training courses!