Upcoming Changes to the CIPM Exam in 2023: A Comprehensive Overview

Upcoming Changes to the CIPM Exam in 2023: A Comprehensive Overview

For years, we’ve monitored and integrated updates from IAPP CIPP/E, CIPP/US, and CIPM exams. However, this year’s CIPM exam seems to harbor an anomaly. In this blog post, we will uncover these alterations, analyze their potential impact on your exam readiness, and guide you through this evolving scenario.

Blueprint Consistency, Yet an Unconventional Twist

The examination blueprint outlines the range of items within major domains and topics covered in the CIPM exam. Normally, IAPP releases a new document detailing these changes, but this year, that’s absent. Thus, the exam’s structure seems to align with the previous year’s. At this point, all appears to be status quo.

Evolution in the Body of Knowledge

IAPP annually publishes a Body of Knowledge (BoK) for its exams, outlining the knowledge and competencies assessed in the certification exam. This document typically elaborates on the topics outlined in the examination blueprint, incorporating new subjects and current developments.

Body of Knowledge Merging with Examination Blueprint

IAPP’s announcement regarding the 2023 CIPM exam update reveals:

“Domain I Developing a Privacy Program and Domain II The Privacy Program Framework were combined into a single domain; Domain I Developing a Framework

A new Domain II was added; Domain II: Establishing Program Governance”
please see: https://iapp.org/certify/cippe-cippus-cipm-cipt-beta-exams/

What raises eyebrows is that this year’s BoK includes the number of exam questions (a detail traditionally found only in the Examination Blueprint).

While consolidating these documents is not inherently problematic, the discrepancy between them is puzzling. The table below provides a side-by-side comparison:

Domain Min no questions 2022 Max no questions 2022 Min 2023 Max 2023
I. Privacy Program: Developing a Framework 13 17 14 18
II. Privacy Program: Establishing Program Governance 9 11 12 16
III. Privacy Program Operational Life Cycle: Assessing Data 13 17 12 16
IV. Privacy Program Operational Life Cycle: Protecting Personal Data 12 16 9 13
V. Privacy Program Operational Life Cycle: Sustaining Program


5 7 7 9
VI. Privacy Program Operational Life Cycle: Responding to Requests and


9 11 10 14

Domain II exhibits the most significant deviation from the previous year, notably emerging as a ‘new’ domain.

Content Changes(?): In-depth Exploration

Comparing the Examination Blueprint with both the old and new Body of Knowledge, the following insights emerge:

  • The new Body of Knowledge doesn’t introduce new topics. Rather, it entails mainly topic realignments.
  • Minor shifts are noticeable in domains III through VI, with slightly more pronounced shifts in domains I and II.

Impact on Your Exam Preparation

Your preparation can proceed using the same resources. The most recent textbook edition is the 2022 third edition (refer to our update post from last year for further details: https://cipptraining.com/cipm-exam-annual-update-october-1-2022/)

Due to alterations in the number of exam questions per topic, focusing on the following chapters of the textbook is advised:

2 – Privacy Program Framework: Privacy Governance
3 – Privacy Program Framework: Applicable Privacy Laws and Regulations
6 – Privacy Operational Life Cycle: Protect: Policies

Additionally, these two chapters hold significance:

4 – Privacy Operational Life Cycle: Assess: Data Assessments
5 – Privacy Operational Life Cycle: Protect: Protecting Personal Information

Overview most important topics

Below is a list of the topics and sections that receive the most questions on the exam.
Source: IAPP Body of Knowledge 4.0.0

Domain I

Domain II

Domain III

Domain IV

Domain V

Domain VI

Flashcards added to our CIPP/E and CIPP/US training courses!