CIPM Exam Annual Update (September 1, 2021)

CIPM Exam Annual Update (September 1, 2021)

Every year the CIPM exam undergoes an update. This year the changes will take effect from September 1st. In this blog post, we will discuss the update and all you need to need to pass the updated CIPM exam.

(Interested in CIPP/US? See this blog post about the latest update of the CIPP/US exam.)
(Interested in CIPP/E? See this blog post about the latest update of the CIPP/E exam.)

IAPP: “No changes to the CIPM Examination Blueprint…”

The 2021 official press release emphasizes that there were no changes to the examination blueprint or to the number of exam questions (per subject).

This means that the exam still consists of the following six parts. Below you can also see how many questions you can expect on average per part.

Part Average number of questions
I. Developing a Privacy Program 15
II. Privacy Program Framework 10
III. Privacy Operational Lifecycle: Assess 15
IV. Privacy Operational Lifecycle: Protect 14
V. Privacy Operational Lifecycle: Sustain 6
VI. Privacy Operational Lifecycle: Respond 10


IAPP: “… additions to the CIPM body of knowledge”

The IAPP does make minor changes to the Body of Knowledge. As of September 1, the IAPP adds three new topics to the exam:

Right of erasure.
Right to be informed.
Control over use of data.

These topics are added to part 6 (“Respond”):

These topics are not really new: Chapter 6 of the official textbook focuses on this. With this addition to the body of knowledge, the IAPP probably wants to emphasize how important data subject rights are. In Europe, these are laid down in the GDPR. In the US, several states have recently enacted Data Privacy Laws, which clearly enshrine these rights. The latest developments are – of course – not included in the 2019 textbook.

Consequences for your CIPM exam (preparation)

The latest version of the textbook, Privacy Program Management – Tools for Managing Privacy Within Your Organization (2019) has not yet been updated with the above changes and latest developments. We therefore recommend that you familiarize yourself with recent US State Data Privacy And Security Laws (regarding to data subject rights). These include:

  • California Consumer Privacy Act (CCPA)
  • California Privacy Rights Act (CPRA)
  • Virginia Consumer Data Protection Act (VCDPA)
  • and the Colorado Privacy Act

CIPM Online Training Course (and CIPP/US & CIPP/E)

We offer a great IAPP CIPM exam prep course including an up-to-date and detailed outline of the entire textbook (latest edition), additional material on, for example, the latest state legislation, IAPP style practice questions and various training videos. This combination ensures optimum preparation for the exam and a high chance of excelling at your first try. Learn more? en

Flashcards added to our CIPP/E and CIPP/US training courses!