An internationally renowned practitioner certificate from the IAPP
for data protection professionals covering the GDPR and European privacy law

About this Course

The Certified Information Privacy Professional Europe (CIPP/E) is an independent qualification developed by the International Association of Privacy Professionals (IAPP). First launched in 2004, the CIPP/E demonstrates your understanding of European privacy laws and regulations such as the General Data Protection Regulation (GDPR). Holding the award will enhance your career prospects by joining a highly decorated group of globally recognised data protection professionals. Through consultation with its global community of information privacy practitioners and lawyers, the IAPP ensures its CIPP/E curriculum is always relevant and up to date.

What's included

  • Official
  • Day online
  • Flexible live
    interactive training
  • Examination
  • 1st year
    IAPP membership

Course Contents

This 2-day accredited CIPP/E training course provides data protection officers (DPOs) and other professionals involved in compliance or privacy based roles with comprehensive knowledge of the European legislative framework. It includes the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications Regulation (PECR), and related legislation. The course covers key terminology and practical concepts concerning the protection of personal data and trans-border data flows, such as the EU-US Privacy Shield.

IAPP CIPP/E Course Contents

This 2 day course is broken into eleven modules includes:

Module 1: Data Protection Laws

Introduces key European data protection laws and regulatory bodies, describing the evolution toward a Harmonised European Legislative Framework.

Module 2: Personal Data

Defines and differentiates between types of data-including personal, anonymous, pseudo-anonymous and special categories.

Module 3: Controllers and Processors

Describes the roles and relationships of controllers and processors.

Module 4: Processing Personal Data

Defines data processing and GDPR processing principles, Explains the application of the GDPR and outlines the legitimate bases for processing personal data.

Module 5: Information provision

Explains controller obligations for providing information about data processing activities to data subjects and Supervisory Authorities.

Module 6: Data Subjects 'Rights

Describes data subjects' rights, applications of rights and obligations controller and processor.

Module 7: Security or Processing

Discusses considerations and duties of controllers and processors for Ensuring security of personal data and providing notification of data breaches.

Module 8: Accountability

Investigates accountability requirements, data protection management systems, data protection impact assessments, privacy policies and the role of the data protection officer.

Module 9: International Data Transfers

Outlines options and obligations for transferring data outside the European Economic Area, Decisions adequacy and appropriateness safeguards and derogations.

Module 10: Super Visions and Enforcement

Describes the role, powers and procedures or Supervisory Authorities; the composition and tasks of the European Data Protection Board; the role of the European Data Protection Supervisor; and remedies, liabilities and penalties for non-compliance.

Module 11: Compliance

Discusses the applications of European data protection law, legal bases and compliance requirements for processing personal data in practice, employers-including processing employee data, surveillance, direct marketing, Internet technology and communications and outsourcing.

The CIPP/E program was developed by the International Association of Privacy Professionals (IAPP), which is the world’s largest comprehensive global information privacy community and resource.

The CIPP/E certification holds accreditation under ISO 17024: 2012.

Who should attend?

Who should attend?

  • Data Protection Officers
  • Data Protection Professionals
  • Data Protection Lawyers
  • Compliance Professionals
  • Information Managers
  • Records Managers
  • Human Resources Managers
  • Marketing Managers
  • Security Managers
  • Anyone involved with data protection processes and programmes

What you will learn

  • Introduction to European Data Protection
  • Legislative Framework
  • Compliance with European Data Protection Law and Regulation
  • The role of the Data Protection Officer
  • Legal basis for processing
  • International Data Transfers


IAPP CIPP/E Exam information

IAPP exams have gained a reputation for being difficult to pass. Both Freevacy and the IAPP strongly recommend careful preparation, even for experienced professionals.

The following information about the CIPP/E examination is an extract from documentation provided to delegates by the IAPP. For the full details please review the IAPP Privacy Certification Candidate Handbook 2018 and the CIPP/E Examination Blueprint.

Exam Information

IAPP certification programs are designed to differentiate between candidates who do and who do not possess the knowledge required to be considered minimally qualified privacy professionals. All questions are multiple choice with some relating to scenarios. Each question has only one correct answer. Each item (question) consists of a clearly written question (stem), a correct or best response (key) that should be apparent to minimally qualified candidates and three incorrect responses (distractors) that will be plausible to not-minimally qualified candidates. Note that it is each candidate’s responsibility to be prepared for exams by being familiar with all elements of the Bodies of Knowledge.

The candidate is encouraged to read each question carefully. The stem may be in the form of an actual question or an incomplete statement. An exam question may require the candidate to choose the most appropriate answer based on a qualifier, such as MOST likely or BEST.

Total number of questions 90
Scored questions 75
Exam duration 2 hours 30 minutes
Passing score 300 out of 500

Examination Blueprint

The examination blueprint indicates the minimum and maximum number of items that are included on the CIPP/E examination from the major areas of the Body of Knowledge. Questions may be asked from any of the listed topics under each area.

Part 1

Introduction to European Data Protection




Origins and Historical Context of Data Protection Law

Rationale for data protection, human rights laws, early laws and regulations, the need for a harmonised European approach, the Treaty of Lisbon; a modernised framework.




European Union Institutions

Council of Europe, European Court of Human Rights, European Parliament, European Commission, European Council, European Court of Justice




Legislative Framework

The Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data of 1981 (the CoE Convention), the EU Data Protection Directive (95/46/EC), the EU Directive on Privacy and Electronic Communications (2000/31/EC), European data retention regimes, The General Data Protection Regulation (GDPR) and related legislation



Part 2

European Data Protection Law and Regulation




Data Protection Concepts

Personal data, sensitive personal data, pseudonymous and anonymous data, processing, controller, processor, data subject




Territorial and Material Scope of the GDPR

Establishment in the EU, non-establishment in the EU




Data Processing Principles

Fairness and lawfulness, purpose limitation, proportionality, accuracy, storage limitation, integrity and confidentiality




Lawful Processing Criteria

Consent, contractual necessity, legal obligation, vital interests and public interest, legitimate interests, special categories of processing




Information Provision Obligations

Transparency principle, privacy notices, layered notices




Data Subjects’ Rights

Access, rectification, erasure and the right to be forgotten, restriction and objection, automated decision making, including profiling, data portability, restrictions




Security of Personal Data

Appropriate technical and organisational measures, breach notification, vendor management




Accountability Requirements

Responsibility of controllers and processors, data protection by design and by default, documentation and cooperation with regulators, data protection impact assessments, mandatory data protection officers




International Data Transfers

Rationale for prohibition, safe jurisdictions, Safe Harbor and Privacy Shield, model contracts, Binding Corporate Rules (BCRs), codes of conduct and certifications, derogations




Supervision and Enforcement

Supervisory authorities and their powers, the European Data Protection Board, role of the European Data Protection Supervisor (EDPS)




Consequences for GDPR Violations

Process and procedures, infringement and fines, data subject compensation



Part 3

Compliance with European Data Protection Law and Regulation




Employment Relationships

Legal basis for processing of employee data, storage of personnel records, workplace monitoring and data loss prevention, EU Works councils, whistleblowing systems, ‘Bring your own device’ (BYOD) programs




Surveillance Activities

Surveillance by public authorities, interception of communications, closed-circuit television (CCTV), geolocation




Direct Marketing

Telemarketing, direct marketing, online behavioural targeting




Internet Technologies and Communications

Cloud computing, web cookies, search engine marketing (SEM), social networking services




On all IAPP certification exams, each item has equal value and is scored as correct or incorrect. Unanswered items are considered incorrect, and there is no additional penalty for incorrect answers.

Special Accommodations

It is the policy of the IAPP to provide testing accommodations to candidates with qualifying disabilities to ensure each candidate a comparable opportunity for success on exams. We require 30 days notice in order to arrange special accommodations. Please do not schedule an exam until the IAPP approves your request. After exam purchase, submit your request and supporting documentation using the forms provided on the IAPP website.

Exam Languages

All IAPP examinations are administered in English. In addition, the CIPP/E exam is available in French and German.

Course Cost

Get this IAPP Certified Information Privacy Professional Europe (CIPP/E) training course:

  • Receive a 5% online discount for multiple bookings onto public courses
  • If you have a team of 4 or more, we can deliver the training at your location - ask about an onsite course
Package includes:
  • 2-day IAPP accredited GDPR training course
  • Authorised IAPP instructors
  • IAPP CIPP/E examination voucher
  • 1st year IAPP professional membership
  • Official CIPP/E courseware
  • Sample exam questions

You will also receive access to our free professional advisory service, potentially reducing the need for legal advice or consultation fees by supplying the right advice when you need it most.


View our privacy information

Course dates

Code Course Start Duration Location Booking
IPPE-DP IAPP Certified Information Privacy Professional Europe 28 Sep 20 2 Days Online Book now

IAPP Certified Information Privacy Professional Europe (IPPE-DP)

Starts: 28 Sep 20

Duration: 2 Days

Location: Online

Book now

Freevacy work hard to secure our IT systems and your data against cyber attack. We have been awarded Cyber Essentials certification by The National Cyber Security Centre, part of GCHQ and have signed up to the ICO's "Your Data Matters" campaign.