IAPP_CIPP_UPDATE

CIPP/E and CIPP/US annual update (September 1, 2019)

From 1 September 2019 the IAPP CIPP/US and CIPP/E exams undergo a small annual update. Approximately 10% of the body of knowledge and the exam are adjusted accordingly. If we look closely at the exam blueprints, the adjustment is actually minimal.

CIPP/E
The exam blueprint has two additions:
– Storage limitation retention, under II, C;
– Consent (and withdrawal of), under II, F.

The changes are marked (yellow) on the official IAPP CIPP/E exam blueprint that you can download here.

We recommend reading the following two articles from the IAPP:

Further updated content consists of:

1. Data subject consent, including the right of withdrawal
2. Organizational data protection mechanisms
3. Risk reporting requirements
4. Data sharing and associated security implications
5. Joint data controllers
6. DPIAs and established criteria for conducting them

Please note that we actually only see the first topic (data subject consent and withdrawal) in the new exam blueprint. It is possible that the changes have not been made visible and simply fall under the topics that are already in the blueprint. For example, that the joint controller (5) is now dealt with under II, A.

In view of the above, we also recommend reading:

CIPP/US

The exam blueprint has the following additions:
– Data flow mapping, under I, C;
– Added ‘APEC’ to other key considerations for U.S.-based multinational companies, under I, C.
– Future of federal enforcement, under II, A;
– Elements of, key differences among states, recent development, under V, E. (This seems more like a textual clarification because this was already requested in the exam. Now it has been made clear that people can expect this too.)

The changes are marked (yellow) on the official IAPP CIPP/US exam blueprint that you can download here.

We recommend reading the following articles from the IAPP:

Further updated content consists of:

1. The role of new cyber threats in incident response programs
2. Cloud issues related to vendor management
3. The role of the APEC privacy framework for U.S.-based global multinational companies
4. Emerging areas of federal enforcement (data brokers, big data, IoT, AI, unregulated data)
5. State data security developments such as the CCPA

Please note that we actually only see the third and fourth subject in the new exam blueprint. It is possible that the changes have not been made visible and simply fall under the topics that are already in the blueprint.

In view of the above, we also recommend reading:

The official textbooks have not yet been updated with the above changes. So it seems wise to read the IAPP articles on these topics well.

Leave a Reply

Your email address will not be published. Required fields are marked *