IAPP Certification Programs:
Overview
02.01.2019

About IAPP
• https://iapp.org
• The International Association of Privacy Professionals (IAPP) is the
largest and most comprehensive global information privacy
community and resource, helping practitioners develop and advance
their careers and organizations manage and protect their data.
• Founded in 2000
2

Type and cost:
• Professional – 275$
• Student – 50$
• Non-For-Profit / Retired / Government / Higher Education – 100$
3

IAPP Certification Programs
• Asia (CIPP/A)
• Canada (CIPP/C)
• Europe (CIPP/E)
• U.S. private-sector (CIPP/US)
• Government (CIPP/G)
CIPP/E + CIMP = GDPR Ready Bundle
4

5
The CIPP shows that you
understand the laws,
regulations and standards of
privacy in your jurisdiction or
discipline.
The CIPP is for you if you’re
responsible for:
• Legal
• Compliance
• Information management
• Data governance
• Human Resources
The CIPM says that you
understand how to use
process and technology to
manage privacy in an
organization—regardless of
the industry or jurisdiction.
The CIPM is for you if you’re
responsible for:
• Risk management
• Privacy operations
• Accountability
• Audit
• Privacy analytics
The CIPT shows that you
know how to manage and
build privacy requirements
and controls into technology.
The CIPT is for you if you’re
responsible for:
• Information technology
• Information security
• Software engineering
• Privacy by Design

Price and Questions
The IAPP’s CIPP/E, CIPP/US, CIPM and CIPT credentials are accredited by the American
National Standards Institute (ANSI) under the International Organization for
Standardization (ISO) standard 17024:2012.
6

About testing
• The IAPP offers two distinct testing modes—event-based paper-pencil
testing at our major conferences and test center computer-based testing.
Exam content is identical regardless of mode. Computer-based exams can be
purchased at any time through the IAPP Store. Event paper-pencil exams can
only be purchased through the registration process of the conference with a
fixed testing date and time and do not need to be scheduled.
• All IAPP examinations are administered in English. In addition, the CIPP/E
exam is available in French and German.
• Certification is a two-year term starting the day a candidate passes their
exam. During this term, certificants are expected to maintain certification by
submitting Continuing Privacy Education credits (CPE’s) -
https://iapp.org/certify/cpe-policy (min 20 credit hours of CPE)
7

Code of Professional Conduct (IAPP)
All IAPP certified individuals must agree to comply with the Certificant Code of
Professional Conduct as outlined below. Accordingly, by signing below you hereby
represent, warrant and covenant to the IAPP as follows:
• You will at all times conduct your business and/or professional activities with
courtesy, honesty and integrity.
• You will at all times represent your IAPP related certifications and qualifications
honestly and agree to only undertake those activities that you can reasonably
expect to complete with the necessary skills, knowledge and competence.
• You will not represent any IAPP certification in a misleading way or use an IAPP
certification in a manner that would bring the IAPP disrepute.
• You will strive to maintain and improve your professional knowledge and
competence through regular self-assessments and continuing education or
training.
• You will follow all certification policies, procedures, guidelines and requirements
of the IAPP that are made available to you by the IAPP, as the same may be
amended from time to time.
8

CIPP/E - Certified Information Privacy Professional
Developed in collaboration with the law firms, Bird and Bird, Field
Fisher, Wilson/Sonsini and Covington and Burling, the CIPP/E
encompasses pan-European and national data protection laws, key
privacy terminology and practical concepts concerning the protection
of personal data and trans-border data flows.
WHAT YOU'LL LEARN
• Introduction to European Data Protection
• European Regulatory Institutions
• Legislative Framework
• Compliance with European Data Protection Law
and Regulation
• International Data Transfers
9

I. Introduction to European Data
Protection
A. Origins and Historical Context of Data
Protection Law
B. European Union Institutions
C. Legislative Framework
III.Compliance with European Data
Protection Law and Regulation
A. Employment Relationship
B. Surveillance Activities
C. Direct Marketing
D. Internet Technology and
Communications
II. European Data Protection Law and
Regulation
A. Data Protection Concepts
B. Territorial and Material Scope of the
General Data Protection Regulation
C. Data Processing Principles
D. Lawful Processing Criteria
E. Information Provision Obligations
F. Data Subjects’ Rights
G. Security of Personal Data
H. Accountability Requirements
I. International Data Transfers
J. Supervision and enforcement
K. Consequences for GDPR
violations
CIPP/E Domains
10

CIPM - Certified Information Privacy Manager
The CIPM is the world’s first and only certification in privacy program
management. When you earn a CIPM, it shows that you don’t just
know privacy regulations—you know how to make it work for your
organization. In other words, you’re the go-to person for day-to-day
operations when it comes to privacy.
WHAT YOU'LL LEARN
• How to create a company vision
• How to structure the privacy team
• How to develop and implement a privacy program framework
• How to communicate to stakeholders
• How to measure performance
• The privacy program operational lifecycle
11

I. Privacy Program Governance
A. Organization Level
• a. Create a company vision
• b. Establish a privacy program
• c. Structure the privacy team
B. Develop the Privacy Program Framework
• a. Develop organizational privacy policies,
standards and/or guidelines
• b. Define privacy program activities
C. Implement the Privacy Policy Framework
• a. Communicate the framework to internal
and external stakeholders
• b. Ensure continuous alignment to applicable
laws and regulations to support the
• development of an organizational privacy
program framework
D. Metrics
• a. Identify intended audience for metrics
• b. Define reporting resources
• c. Define privacy metrics for oversight and
governance per audience
• d. Identify systems/application collection
points
II. Privacy Operational Life Cycle
A. Assess Your Organization
• a. Document current baseline of your privacy
program
• b. Processors and third-party vendor
assessment
• c. Physical assessments
• d. Mergers, acquisitions and divestitures
• e. Conduct analysis and assessments, as
needed or appropriate
B. Protect
• a. Data life cycle (creation to deletion)
• b. Information security practices
• c. Privacy by Design
C. Sustain
• a. Measure
• b. Align
• c. Audit
• d. Communicate
• e. Monitor
D. Respond
• a. Information requests
• b. Privacy incidents
12

CIPT - Certified Information Privacy Technologist
WHAT YOU'LL LEARN
• Critical privacy concepts and practices that impact IT
• Consumer privacy expectations and responsibility
• How to bake privacy into early stages of IT products and services for
cost control, accuracy and speed-to-market
• How to establish privacy practices for data collection and transfer
• How to preempt privacy issues in the Internet of Things
• How to factor privacy into data classification and emerging tech such
as cloud computing, facial recognition and surveillance
• How to communicate privacy issues with partners such as
management, development, marketing and legal.
13

I. Understanding the need for privacy in the IT
environment
A. Evolving Compliance Requirements
B. Major risks to a company’s IT framework
C. Stakeholder expectations for Privacy
D. Privacy vs. Security
II. Core Privacy Concepts
A. Foundational Elements for Embedding Privacy in IT
B. Common Privacy Principles
III. Privacy Considerations in the Information Life Cycle
A. Disclosure
B. Collection
C. Use
D. Retention
E. Destruction
IV. Privacy in Systems and Applications
A. The Enterprise IT Environment--Common Challenges
B. Identity and Access Management
C. Credit Card Information and Processing
D. Remote Access, Telecommuting, and Bringing Devices
to Work
E. Data Encryption
F. Other Privacy-Enhancing Technologies
G. Customer-Facing Applications
V. Privacy Techniques
A. Authentication Techniques
B. Identifiability
C. Data Protection by Design
VI. Online Privacy Issues
A. Specific Requirements for the Online
Environment
B. Social Media
C. Online Threats
D. Online Advertising
E. Tracking Technologies
F. Web Browser Privacy and Security
G. Web Security Protocols
VII. Technologies with Privacy
Considerations
A. Cloud Computing
B. Wireless IDs
C. Location-based Services
D. Smart Technologies
E. Video/data/audio
surveillance
F. Biometrics
14

IAPP Store: Exam Prep
Sample Questions (electronic version) – 25 $/35 $
GDPR Prep Online Bundle (CIPM) – 1495 $
• Privacy Program Management Online Training (The training
comprises 10 modules, which take a total of approximately 10 hours
to complete (one hour per module).)
• CIPM Certification Exam
• Sample Questions
• Privacy Program Management: Tools for Managing Privacy Within
Your Organization (Electronic Copy)
• 1 year Complimentary IAPP Membership
Privacy Program Management Online Training – 995 $ / 1195 $
15

Free resources
• 2018 Certification Candidate Handbook -
https://iapp.org/media/pdf/certification/IAPP-Privacy-Certification-
Candidate-Handbook3.1.0.pdf
• Glossary of Privacy Terms - https://iapp.org/resources/glossary
16