2023 Annual Updates

CIPP/E, CIPP/US, CIPM and CIPT—Test on our new forms and save!

Each year, the IAPP updates exam forms to reflect changes in the industry and to retire older questions. Before we deliver these forms to the broader public, we must collect exam data to verify the new form meets our gold standard through a beta test. We would like you to help us test the new CIPP/E, CIPP/US, CIPM or CIPT exam forms and save significantly on your exam fees. In fact, we’d like to offer you up to 50% off your exam fee—that’s a $275.00 savings on a full price exam!

Please note; if your exam was purchased by your employer, you may not be eligible for this credit.

But first, let’s answer a few questions you might have.

Where and when can I take the exams?

The tests will be available at our nearly 6,000 computer-based testing centers around the world, or from the privacy of your own home or office with remote proctoring but please note that there are limited windows for testing. Here’s the schedule:

  • CIPP/E & CIPM: 24 July- 5 August
    Registration is open and closes 4 August
  • CIPP/US and CIPT: 7-19 August
    Registration is open and closes 18 August

Are these new IAPP tests?
No. These tests are not new IAPP exams—rather they are new forms of our existing certification exams. Think of forms as separate versions of a specific test. The IAPP’s CIPM exam, for example, may have a Form 1, Form 2, Form 3, etc.

Some exam questions repeat across different forms and some are unique to each.

However, all exams cover the same general content in a designation, regardless of the particular questions that appear on each form.

Why is it necessary to have multiple new forms?
The reason for creating different forms is partly due to security. If ever a form were leaked and a number of exam questions ended up on the Internet, the IAPP would be able to quickly and easily retire that form and still have several others to safely administer.

Offering multiple forms is also desirable because of our retake option: a test-taker who does not pass an exam the first time around will not see the exact same questions when he or she takes the exam again.

How are the new forms different from the exam forms currently in use?
Candidates testing on the new forms should prepare for questions on the topics listed below. There are new versions of the body of knowledge here under “Certification - Free Resources.” Please allow up to 4 weeks after the testing window closes to receive your scores.

The CIPP/E, CIPP/US, CIPM and CIPT tests for the new forms all have 90 questions and the same time limit (2.5 hours).

The following represents updated content you can expect on the exams:

CIPP/E Updates

  • Convention 108+
  • Brexit
  • NIS Directive / NIS 2 Directive
  • EU Artificial Intelligence Act
  • GDPR’s relationship to other laws (Payment Services Directive 2, Data Governance Act, Regulation (EU) 2018/1725, etc.
  • Special categories of personal data
  • Guidelines 01/2022 on data subject rights - Right of access
  • Guidelines 9/2022 on personal data breach notification under GDPR
  • Guidelines 01/2021 on Examples regarding Personal Data Breach Notification
  • Schrems decisions
  • Transatlantic Data Privacy Framework
  • Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority
  • Privacy by design: requirements set down by ISO 31700:2023
  • Cookie Banner Transparency Standards
  • Dark patterns in social media platforms

CIPP/US Updates

  • EU-US Data Privacy Framework
  • FTC Health Breach Notification Rule
  • Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates
  • Post-Dobbs v. Jackson Women's Health Organization, healthcare privacy ramifications
  • California Age-Appropriate Design Code Act
  • Illinois Biometric Information Privacy Act
  • Connecticut and Utah data privacy statutes
  • Facial recognition use restrictions
  • California Privacy Protection Agency (CPPA)

CIPM Updates

  • Domain I Developing a Privacy Program and Domain II The Privacy Program Framework were combined into a single domain; Domain I Developing a Framework
  • A new Domain II was added; Domain II: Establishing Program Governance

CIPT Updates

  • Foundational Principles (e.g., OECD Principles, Privacy frameworks, and Privacy related Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs)
  • Privacy-related Technology Fundamentals (e.g., Data/security incidents vs. personal data/privacy breaches, privacy and security practices within an organization)
  • General responsibilities and technical responsibilities of the Privacy Technologist in the context of the organization
  • Data Ethics (legal vs. ethical, moral and societal issues, bias/discrimination) during data collection
  • Lack of informed consent, inaccuracies, and jurisdictional implications during data collection
  • Intrusion, Decisional Interference and Self-Representation (Blackmail, Dark patterns)
  • Software Security (Possible violations by service providers, change management, intrusion detection and prevention
  • Technology implications of Privacy Regulations and Techniques (Processing/verification of Individual Rights Request (IRR), retention requirements, privacy incident reporting
  • Privacy Interfaces and User Experience (Design effects on user behavior, UX design and useability of privacy-related functions, privacy notices, setting and consent management, usability testing)
  • Evolving or Emerging Technologies in Privacy (Internet/eCommerce, Biometrics, Corporate IT Services, Advanced Computing, Social Networks)

How do I register?
That’s the easy part. Just purchase your beta exam below and then schedule your examto be taken during the beta testing dates.

Already have a pending exam but want to participate in the beta? Contact us and we’ll help you make the exchange.

Thanks in advance for participating, and good luck with your exam!