Introduction

The Certified Information Privacy Professional/Europe (CIPP/E) certification is one of several certifications offered by the International Association of Privacy Professionals (IAPP), a not-for-profit organization dedicated to education about data privacy.

IAPP is one of the longest-running, privacy-dedicated organizations in the world. It hosts regular conferences on privacy issues and offers a variety of certifications with a privacy focus. The CIPP/E is a variant of the popular CIPP exam with a focus on European privacy.

The European Union has a track record of protecting its citizens’ privacy, and in May 2018 a new set of stricter data protection and privacy rules was enacted known as the General Data Protection Regulation (GDPR). The implementation of GDPR has led to a surge in the number of individuals pursuing a CIPP/E certification.

What is the CIPP/E certification?

The CIPP/E is a privacy certification that has been developed in collaboration with a number of high-profile law firms that specialize in privacy. CIPP/E certification is viewed as the global standard in privacy qualifications. The certification is focused on EU-wide and EU nation state privacy laws and regulations. It also focuses on the practical application of those regulations.

The CIPP/E exam has been accredited by the American National Standards Institute (ANSI) under the International Organization for Standardization (ISO) standard 17024:2012. This establishes the certification as being of a high enough quality to be recognized globally.

Holders of the CIPP/E certification are able to demonstrate their knowledge and expertise in the often complex and nuanced privacy regulations of the EU and in particular the GDPR. The certification also focuses on cross-jurisdiction of privacy, such as the US-EU data transfer regulation “Privacy Shield.” The CIPP/E certification is seen as a globally important certification, especially as the GDPR will affect companies across the world, not just in Europe.

How do I maintain a CIPP/E certification?

The certification itself lasts for two years from the day the exam is passed.

Once you have achieved CIPP/E certification, you are required to perform 20 hours of continuing privacy education (CPE) over the two years the exam remains valid. You also have to pay an annual certification maintenance fee (included in your IAPP membership fees). The IAPP Continuing Education Policy explains in detail what is required to maintain your certification status.

Once you have a CIPP/E certification and three years of privacy experience, with references, you can apply to be a fellow of information privacy (FIP).

The CIPP/E is available in the French and German languages, as well as English.

Who should earn the CIPP/E?

Privacy is becoming an integral part of an organization’s overall data security strategy. The GDPR is one of the main drivers of this, but consumer awareness of privacy is also pushing the expectations of how a company handles personal data. Consultants and employees who hold a privacy certification like CIPP/E are very attractive to firms across industries. A CIPP/E certification can help you become an attractive employee and candidate when looking for a role in a privacy, data security or compliance areas.

In general, those who can gain most from being CIPP/E certified are those who deal with personal data, both from a technical and legal perspective, including:

  • Chief privacy officers
  • Information security professionals
  • Data protection officers
  • Compliance officers
  • Human resource officials
  • Data protection officers
  • Security professionals wishing to expand their privacy knowledge
  • Those with a legal background wishing to focus on privacy law

What experience do you need?

There are no formal requirements needed to sit the CIPP/E exam. However, the IAPP “strongly recommend careful preparation” before taking the exam. Working knowledge of the EU’s GDPR and other privacy regulations such as the EU-US “Privacy Shield” are important topics in this exam. The CIPP/E consists of stand-alone assessments that require a degree of professional experience and working knowledge of data privacy practices.

The IAPP provides a blueprint for a CIPP/E exam.

Is the CIPP/E certification important for US-based companies?

The CIPP/E certificate is important because the GDPR has a far-reaching impact that overrides geographic location. If your organization collects or processes personal data that belongs to anyone with EU citizenship, you have to abide by EU GDPR principles. This includes companies based in the U.S.

In addition, the CIPP/E exam demonstrates your knowledge in the area of the complex and nuanced EU-US Privacy Shield framework, which has a number of areas that require a deep understanding of trans-Atlantic data security and privacy in order to ensure compliance.

How does the CIPP/E compare to other privacy certs?

IAPP privacy certifications have broad appeal. Unlike some counterparts, such as ISACA and (ISC)2 , IAPP certifications are suitable for a non-technical audience, such as managers and lawyers. The CIPP/E certification is specific to EU privacy laws and those affected by GDPR; however, a variety of other IAPP certifications are available, including:

  • Certified Information Privacy Professional/United States Private-Sector (CIPP/US)
  • Certified Information Privacy Professional/Government (CIPP/G)
  • Certified Information Privacy Manager (CIPM)
  • Certified Information Privacy Technologist (CIPT)

What is the best way to train for the CIPP/E?

The CIPP/E exam itself is a series of multiple-choice questions over a two-and-a-half-hour period. To prepare for the exam:

  • Consider taking a dedicated CIPP/E training boot camp, such as the one offered by Infosec Institute
  • Read up on the “body of knowledge,” which is a list of all topics that are covered in the exam
  • Get to know the exam format and use the exam blueprint to prepare test questions and sample answers
  • Read books on subjects covered in the CIPP/E exam

Sources

IAPP continuing education policy, https://iapp.org/certify/cpe-policy/

CIPP/E exam blueprint, https://iapp.org/media/pdf/certification/CIPP_E_EBP_2.1.0.pdf

CIPP/E body of knowledge, https://iapp.org/media/pdf/certification/CIPP_E_BoK_1.2.0.pdf

Privacy Shield, https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en