IAPP Certified Information
Privacy Technologist

Book Now

A privacy-focused professional IT certificate from the IAPP that
addresses data protection requirements and controls in technology


The Certified Information Privacy Technologist (CIPT) is an operational-level qualification for IT and data professionals who require comprehensive knowledge about how to incorporate appropriate privacy controls into information and communications technology. Developed by the International Association of Privacy Professionals (IAPP) in 2014 and refreshed in 2020, the CIPT is the leading privacy-focused IT certification. In obtaining the CIPT, award holders demonstrate a greater understanding of the techniques necessary to ensure privacy measures in technology systems are aligned with compliance regulations such as the GDPR. By enhancing the privacy skills of your IT professionals, your organisation will be equipped with competent privacy technologists who are able to build and implement solutions that mitigate risk and increase productivity.


Official IAPP
CIPT textbooks

online sessions



Exam Preparation


1st year
IAPP membership


Code Course Start Duration Location Booking
CIPT IAPP Certified Information Privacy Technologist 04 Mar 24 4 X 4 hour afternoon sessions Online Book now
17 Jun 24 3 X 5 hour sessions Online Book now

IAPP Certified Information Privacy Technologist (CIPT)

Starts: 04 Mar 24

Duration: 4 X 4 hour afternoon sessions

Location: Online

Book now

IAPP Certified Information Privacy Technologist (CIPT)

Starts: 17 Jun 24

Duration: 3 X 5 hour sessions

Location: Online

Book now

CIPT Course Overview

The inherent advantages of the technology we use every day are often in direct conflict with the right to privacy. While on the one hand, consumers actively entrust organisations with information about themselves, their demands for greater privacy, coupled with strong data protection laws such as the GDPR, mean that privacy is becoming an increasingly dominant issue for IT professionals.

As technology advances, so too does the need to collect, process, and transfer higher volumes of personal information. Unfortunately, weak systems with poor privacy controls inevitably lead to data assets being at risk of a breach, which leaves organisations vulnerable to significant fines and damage to their reputation.

Unlike most IT certifications, which only include minimal information about privacy technology policies and implementation, IAPP developed the Certified Information Privacy Technologist (CIPT) programme to provide in-depth knowledge about emerging tools and technologies for this rapidly expanding field.

Those attending the CIPT will develop a general understanding of the data lifecycle, privacy risk models and frameworks, the principles of Privacy by Design, along with the fundamentals of privacy-related technology and their role within the organisation. The CIPT also evaluates the threat landscape and the privacy-enhancing strategies, techniques and technologies that are used to mitigate risks. 

CIPT award holders will acquire the necessary skills and knowledge to protect their organisation's personal data assets at every stage of the data lifecycle using the latest privacy engineering techniques.

The course is delivered online for convenience and for the significant environmental and sustainability benefits it offers. Delegates can gain a recognised operational-level workplace qualification at home or from their desk by attending three consecutive 5-hour live online sessions. This accredited IAPP course prepares participants for the 150-minute multiple-choice IAPP Exam.

CIPT learning outcomes

IAPP Certified Information Privacy Technologists (CIPT) will learn:

  • What consumers expect
  • Privacy concepts, strategies and techniques relating to IT
  • How to build privacy-by-design into every stage of the IT products and services lifecycle
  • How to set up privacy-preserving data collection and transfer processes
  • How to establish privacy-related IT security practices, such as data minimisation, access controls and encryption
  • How to evaluate emerging technologies and how to use them while maintaining data privacy
  • How to audit IT infrastructure
  • How to communicate technical privacy issues to non-IT colleagues and collaborate with them to develop solutions

Organisations that employ IT professionals who hold the CIPT are more able to implement the strategies, policies, processes, and techniques required to manage cybersecurity risks while enabling reasonable personal data use for business purposes.

Piccaso Privacy Awards

Why choose Freevacy for your CIPT training

For the second year running, Freevacy has been shortlisted in the Best Educator category at the PICCASO Privacy Awards. The awards were established to recognise the people making an outstanding contribution to this dynamic and fast-growing sector. The Best Educator award will go to a professor, lecturer, teacher, or training provider who leads by example to inspire and motivate the next generation of privacy professionals.

Who should attend this CIPT course?

Who should attend the Certified Information Privacy Technologist?

  • Data Protection Officers
  • Privacy Engineers, Developers
  • Director of Information Systems, Technology
  • IT Managers
  • Data Scientists, Analysts, Architects
  • Systems Administrators, Developers, Engineers
  • Software Engineers, Designers
  • Programmers
  • Test Managers & QA Engineers
  • Information Security Managers, Professionals
  • IT & Infosec Auditors
  • Ethical Hackers & Forensics Investigators
  • Business Continuity Managers
  • Risk Managers
  • Website Developers & UX/UI Designers
  • Digital SEO & SEM Managers
  • Game Developers
  • Project Managers
  • Product Managers
  • Service Support Desk Technicians
  • Records Managers
  • Anyone who works in technology acquisition, risk management and compliance

The IAPP have mapped the skills and competencies gained on the CIPT programme to the above roles and more:

Due to its singular focus on privacy technology, the CIPT is complementary to other recognised industry IT qualifications, including those offered by, (ISC2), ISACA, Microsoft, Cisco, CompTIA, GIAC, EC-Council, ITIL IT Service Management, Prince II, Project Management Institute.

CIPT Body of Knowledge

This accredited CIPT training course is delivered online over 3 consecutive morning sessions (or 2 full days when provided in-company). 

The IAPP ensures the CIPT Body of Knowledge (BoK) is always relevant and up to date through consultation with its global community of information privacy practitioners and lawyers.

The CIPP/E is certified by the ANSI National Accreditation Board (ANAB) under ISO17024: 2012.

The following is extracted from the CIPP/E BoK version 3.2.0: 

Module 1: 
Foundational Principles
General Understanding of Privacy Risk Models and Frameworks and their Roles in Laws and Guidance:
   • Fair Information Practice Principles (FIPPs) and OECD Principles
   • Privacy frameworks (e.g., NIST/NICE, ISO/IEC 27701 and BS100112 Privacy Information Management System (PIMS))
   • Nissenbaum’s Contextual Integrity
   • Calo’s Harms Dimensions
   • FAIR (Factor Analysis in Information Risk)
General Understanding of Privacy by Design Principles:
   • Full Life Cycle Protection
   • Embedded into Design
   • Full Functionality
   • Visibility and Transparency
   • Proactive not Reactive
   • Privacy by Default
   • Respect for Users
General Understanding of Privacy-related Technology Fundamentals:
   • Risk concepts (e.g., threats, vulnerability)
   • Data/security incidents vs. personal data/privacy breaches
   • Privacy and security practices within an organisation
   • Understanding how technology supports information governance in an organisation
   • External Data Protection and Privacy notices
   • Internal Data Protection and Privacy guidelines, policies and procedures
   • Third-party contracts and agreements
   • Data inventories, classification and records of processing
   • Enterprise architecture and data flows, including cross-border transfers
   • Data Protection and Privacy impact assessments (DPIA/PIAs)
   • Privacy-related Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs)
General Understanding of the Data Life Cycle:
   • Collection
   • Use
   • Disclosure
   • Transfer
   • Retention
   • Destruction
Module 2: 
Privacy technologist’s role in the organisation
General responsibilities:
   • Understanding various roles within the privacy team (e.g., DPO, CPO, legal compliance, security
   • Implementing industry Privacy Standards and Frameworks
   • Translating legal and regulatory requirements into practical technical and/or operational solutions
   • Consulting on internal privacy notices and external privacy policies
   • Consulting on contractual and regulatory requirements
Technical Responsibilities:
   • Advising on technology elements of privacy and security practices
   • Advising on the privacy implications of new and emerging technologies
   • Implementing privacy and security technical measures
   • Implementing and developing privacy-enhancing technologies and tools
   • Advising on the effective selection and implementation during the acquisition of privacy-impacting products
   • Advising on privacy by design and data protection impact assessments in systems development
   • Handling individuals’ rights requests (e.g., access, deletion)
   • Supporting records of processing activities (RoPA), automation of inventory and data flow mapping
   • Reviewing security incidents/investigations and advising on breach notification
   • Performing and supporting IT privacy oversights and audits, including 3rd party assessment
   • Developing, compiling and reporting Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs)
Part 3: 
Privacy Risks, Threats and Violations
Data Ethics:
   • Legal versus Ethical (e.g., when working with countries that lack privacy laws)
   • Moral issues (e.g., accessing personal information through illegal means and using it for personal advantage)
   • Societal issues (e.g., manipulating societal conversations and attitudes on controversial topics)
   • Bias/discrimination (e.g., incorporating personal preference into data decisions)
During Data Collection:
   • Asking individuals to reveal personal information
   • Tracking and surveillance (e.g., geo-tagging, geo-social patterns)
   • Lack of informed consent
   • Automatic collection
   • Inaccuracies
   • Extracting from publicly available sources
   • Jurisdictional implications (e.g., localisation, government access)
During Data Use:
   • Insecurity
   • Identification and re-identification
   • Aggregation
   • Secondary Use
   • Exclusion
   • Profiling
During Data Dissemination:
   • Disclosure
   • Distortion
   • Exposure
   • Breach of Confidentiality (personal data breaches)
   • Increased accessibility
   • Blackmail
   • Appropriation
Intrusion, Decisional Interference and Self-Representation:
   • Behavioral advertising
   • Cyberbullying
   • Social engineering
   • Blackmail
   • Dark patterns
Software Security:
   • Vulnerability management
   • Intrusion detection and prevention
   • Change management (e.g., patches, upgrades)
   • Open-source vs Closed-source
   • Possible violations by service providers   
Part 4: 
Privacy-Enhancing Strategies, Techniques and Technologies
Data-Oriented Strategies:
   • Separate
   • Minimise
   • Abstract
   • Hide
Process-Oriented Strategies:
   • Informing the Individual
   • User Control
   • Policy and Process Enforcement
   • Demonstrate Compliance
   • Aggregation
   • De-identification
   • Anonymisation
   • Pseudonymisation
   • Encryption
   • Identity and access management
   • Authentication
   • Technology implications of Privacy Regulations and Techniques needed for:
     - Processing/verification of Individual Rights Request (IRR)
     - Ability for record processing activities related to customer data
     - Notice and Consent; obligations management
     - Retention Requirements
     - Privacy Incident Reporting
Part 5: 
Privacy Engineering
The Privacy Engineering role in the organisation:
   • Effective Implementation
   • Technological Controls
   • Protecting Privacy during the Development Lifecycle
Privacy Engineering Objectives:
   • Predictability
   • Manageability
   • Disassociability
Privacy Design Patterns
   • Design patterns to emulate
   • Dark patterns to avoid
Privacy Risks in Software
   • Controls and countermeasures
Part 6: 
Privacy by Design Methodology

The Privacy by Design Process:
   • Goal Setting
   • Documenting Requirements
   • Understanding quality attributes
   • Identify information needs
   • Privacy risk assessment and analysis
   • High-level design
   • Low-level design and implementation
   • Impose controls
     - Architect
     - Secure
     - Supervise
     - Balance
   • Testing and validation
Privacy Interfaces and User Experience:
   • Design Effects on User Behaviour
   • UX Design and Usability of privacy-related functions
   • Privacy Notices, Setting and Consent Management
   • Usability Testing
Value Sensitive Design:
   • How Design Affects Users
   • Strategies for Skillful Practice
Ongoing Vigilance:
   • Privacy audits and IT control reviews
   • Code reviews
   • Code audits
   • Runtime behavior monitoring
   • Software evolution
   • Data cleansing in production and non-production environments
Part 7: 
Evolving or Emerging Technologies in Privacy
Robotics and the Internet of Things (IoT):
   • Mobile phones
   • Wearable devices
   • Edge Computing
   • Smart homes and cities (e.g., CCTV and tracking/surveillance)
   • Robots
   • Drones
   • Adtech
   • Cookies and other web-tracking technologies
   • Alerts and notifications
   • Location tracking
   • Chatbots
   • Online/mobile payments
   • Facial recognition
   • Speech recognition
   • Fingerprint ID
   • Behavioral profiling
Corporate IT Services:
   • Shared Data centers
   • Cloud-based infrastructure
   • Third-party vendor IT solutions
   • Remote working
   • Video calls and conferencing
Advanced Computing:
   • Data Management and Analytics
   • Artificial Intelligence
   • Quantum computing
   • Blockchain
   • Cryptocurrencies
   • Non-fungible tokens (NFTs)
   • Machine and Deep Learning
Social Networks:
   • Social media
   • Messaging and video calling
   • Virtual/Augmented reality

Unlimited 1-2-1 coaching & support

Once the training aspect of your CIPP/E course is complete, our trainers make themselves available throughout the self-study period leading up to the exam. We achieve this through email exchanges, one-to-one coaching sessions, and group online exam preparation days.

CIPT Exam Preparation

The topics covered in this CIPT exam preparation session include:

  • Exam technique
  • Timing
  • IAPP examination format
  • How to set up the exam space for online exams or what to expect if they are going to a test centre
  • How to read and answer IAPP exam questions properly
  • Group discussion covering any topics delegates want to revisit, along with any queries that have come up during revision.
  • Availability of the IAPP Practice exams paper and where to find it on the IAPP website and cost.

Following the examination prep day, the instructor will offer guidance for further study areas.

CIPT Examination

IAPP Certified Information Privacy Manager Exam information

IAPP exams have gained a reputation for being difficult to pass. Both Freevacy and the IAPP strongly recommend careful preparation, even for experienced professionals.

The following information about the CIPT examination is an extract from documentation provided to delegates by the IAPP. For the full details please review the IAPP Privacy Certification Candidate Handbook 2023 and the CIPT Examination Blueprint.

Exam Information

IAPP certification programs are designed to differentiate between candidates who do and who do not possess the knowledge required to be considered minimally qualified privacy professionals. All questions are multiple choice with some relating to scenarios. Each question has only one correct answer. Each item (question) consists of a clearly written question (stem), a correct or best response (key) that should be apparent to minimally qualified candidates and three incorrect responses (distractors) that will be plausible to not-minimally qualified candidates. Note that it is each candidate’s responsibility to be prepared for exams by being familiar with all elements of the Bodies of Knowledge.

Candidates are advised to read each question carefully. The stem may be in the form of a question or an incomplete statement. An exam question may require the candidate to choose the most appropriate answer based on a qualifier, such as MOST likely or BEST.

Total number of questions 90
Scored questions 75
Exam duration 2 hours 30 minutes
Passing score 300 out of 500


On all IAPP certification exams, each item has equal value and is scored as correct or incorrect. Unanswered items are considered incorrect, and there is no additional penalty for incorrect answers.

Special Accommodations

It is the policy of the IAPP to provide testing accommodations to candidates with qualifying disabilities to ensure each candidate a comparable opportunity for success on exams. We require 30 days notice in order to arrange special accommodations. Please do not schedule an exam until the IAPP approves your request. After exam purchase, submit your request and supporting documentation using the forms provided on the IAPP website.

Exam Languages

All IAPP examinations are administered in English.

Course Cost

Get this IAPP Certified Information Privacy Technologist (CIPT) training course:


  • Sign up for our Privacy Newsfeed weekly newsletter and save 10% - subscription details below.
  • Book a second IAPP course and save up to £650.00 + VAT - contact for more information.
  • Multiple course booking discounts are only available for single delegates; both exams must be taken in a 12-month period.
Package includes:
  • 3 x 5-hour live online sessions across 3-days, or
  • 2-days for a traditional classroom setting
  • Authorised IAPP instructors
  • IAPP CIPT examination voucher
  • 1st year IAPP professional membership (existing members, membership will be extended by 12 months)
  • Official CIPT courseware
  • Sample exam questions
  • 1-2-1 coaching and support

10% OFF


Sign-up for our Privacy Newsfeed weekly newsletter to get your discount code. Receive additional offers by selecting training announcements option. Please choose your desired subscription option and then enter your details to subscribe.


Code Course Start Duration Location Booking
CIPT IAPP Certified Information Privacy Technologist 04 Mar 24 4 X 4 hour afternoon sessions Online Book now
17 Jun 24 3 X 5 hour sessions Online Book now

IAPP Certified Information Privacy Technologist (CIPT)

Starts: 04 Mar 24

Duration: 4 X 4 hour afternoon sessions

Location: Online

Book now

IAPP Certified Information Privacy Technologist (CIPT)

Starts: 17 Jun 24

Duration: 3 X 5 hour sessions

Location: Online

Book now

Freevacy has been shortlisted in the Best Educator category.
The PICCASO Privacy Awards recognise the people making an outstanding contribution to this dynamic and fast-growing sector.