CIPP/E: Everything you wanted to know about how to take the exam and become a certified Privacy Professional

 

Imagine that on the appointed day and time you come to the office. At the entrance you are asked to leave your smartphone, watches, and … almost any information sources. You enter a special cabin. In front of you there is a clean desk with a computer and a small white board for notes. And nothing else.

You are closely monitored by a video camera, and in the next 2.5 hours you will face a serious challenge. Your heart beats faster than usual, in this unfamiliar environment you are a little worried.

Then you read the rules on the screen, calm down a little and press the “Start the test” button. In 150 minutes, you exit, having completed 90 questions and found out your main answer for the question of whether you receive the Certified International Privacy Professional/Europe (CIPP/E) certificate?

And the story begins a few months earlier when you realize that protecting your clients’ privacy is solid and lasting for you.

Those who have decided to become a certified professional have many questions at once: 

  • What is the CIPP/E certification?
  • How difficult is it to obtain it?
  • What does it take to prepare for the exam?
  • How will the test be passing?
  • How much does it cost?
  • What advantages does the certificate offer?

Now you can learn the answers, as they say, firsthand. We conducted interviews with people who have already successfully passed the CIPP/E exam and received certificates. They shared not only useful information, but also their impressions of the whole exam preparation and the passing process.

In this article you will learn all the details on how to prepare for and pass CIPP/E, including a few life hacks that will help you do it easier and with less stress.

You will also learn what is the difference from Certified Information Privacy Manager (CIPM) and why getting the certificate is not the final point, but only the beginning of your journey.

They talked to us:

Siarhei Varankevich – Co-Founder & CEO of DPO LLC, Data Protection Trainer and Principal Consultant, certified professional, and manager in the field of information privacy (CIPP/E, CIPM, FIP, MBA). He received CIPP/E in 2016, CIPM in 2017.

Сертифицированный консультант no GDPR и директор DPO LLC Сергей Воронкевич CIPP/E, CIPM, MBA

 

Christina Goncharenko is a leading lawyer in international law and an expert in personal data protection at Positive Technologies. Certified Information Privacy Officer (CIPP/E). She also holds certificates of GDPR Data Privacy Protection (DPP), Data Privacy Manager (DPM), Data Privacy Technologist (DPT). She has been engaged in the protection of personal data since the beginning of 2018. Since 2019 she has been a member of IAPP.

Кристина Гончаренко

 

Artem Bystrov, a senior lawyer at Positive Technologies, passed CIPP/E in 2020. He also holds certificates of GDPR Data Privacy Protection (DPP) and he is a member of IAPP.

Артём Быстров

 

What is CIPP/E?

 

Let’s find out what certification is and what it is for.

CIPP/E is one of the three privacy certifications offered by the IAPP. They differ in the level of complexity and specificity of the knowledge and skills to be tested. These certifications are recognized all over the world and show your high professional level.

CIPP/E is a certification that confirms knowledge of the legislation and basic rules in the field of personal data protection. There are also different CIPP certifications in the USA, Canada, and Asia, but the most common is the European one.

CIPP/E certifies that you understand the basic principles of privacy, know the laws and regulations on handling, storage, and transfer of personal data, and know how to apply them. CIPM and CIPT certifications (see below) are also based on the application of these rules and standards, and on your understanding of how the whole system works. However, there is no formal requirement to sit the certification exams to submit for certification in a specific sequence. 

CIPM (Certified International Privacy Manager) usually comes after CIPP. It checks the knowledge and management skills of implementing and maintaining a system of personal data protection in the organization, for example, organizing the work of the privacy team, applying frameworks, changing business processes, communicating with stakeholders, measuring performance, etc. 

 

CIPP/E: Everything you wanted to know about how to take the exam and become a certified Privacy Professional

 

Siarhei Varankevich:

 

“CIPP is a standardized exam that tests your knowledge of the rules. There is only one correct answer to each question. In contrast, the CIPM tests your logic, common sense, and ability to make management decisions. It is more complicated, and here you should also understand the peculiarities of processes in European companies, that are not always obvious to specialists from the CIS”.

________________

 

Certified International Privacy Technologist (CIPT) presents you as a specialist who knows how to apply privacy rules of designing, developing, deploying and auditing products and services, embed privacy in systems and technologies, integrate it with information security.

As you can see, it’s easier to start with CIPP/E, your knowledge base. And, perhaps, it is the “easiest” of three exams.

 

Why do you need this certification? 

In fact, no one is forcing you to take the exam. This is completely your voluntary decision. At the time of writing this article (June 2020), there is still no mechanism for mandatory certification of privacy professionals for the GDPR. 

However, EU supervisors are already developing a certification system for internal DPOs that will take into account your education, work experience, and all additional courses and certifications for privacy protection.

In any case, obtaining a CIPP/E certificate gives you many benefits and advantages that will easily compensate all your costs in preparing and passing the test.

 

Siarhei Varankevich

 

“Different people need certifications for different purposes. Thus, some people have an ambitious goal to have a beautiful signature and many titles.

AAlso the certificate, confirming your competence, plays an important role in the employment process. For example, if you work in consulting or want to obtain a DPO position, according to Art. 37 of GDPR you need to show your expertise in the protection of personal data.

In general, passing such certification gives an external, official confirmation that you know the information, and it adds you more confidence and comfort. It is a certain image, status in the eyes of the business community, and it increases your value as a specialist.

Also, taking the test is very stimulating for people, such as me, who do care about plans and deadlines. I can put off some studies for a long time, if it is not urgent. But when you have paid a lot of money and a clear date for taking the test has been appointed, there is nowhere else to go: you have to read a book, complete the course, study the necessary documents. The exam creates an environment in which you can’t help but develop”.

 _____________

 

Artem Bystrov:

 

“My motivation for taking this exam could be divided into two parts: I needed it for work and for my professional competence.

It started with the fact that we in Russia very much lacked high-quality knowledge in GDPR. When in 2018 the Regulation came into force, there was a lot of discussion about it, but the articles in Russian were short and incomprehensible. We began to sort it out on our own. And the more we plunged into it, the more we understood that it would be good to pass the certification. Because, besides the certification itself, we would also get good deep systematic knowledge in the process, including different cases, guides, and everything else that is around the Regulation.

Besides, when you pass the certification, the attitude to you changes. Colleagues start listening to you more attentively, especially those who understand how difficult and important this examination is. That is, it strengthens your credibility. It is a confirmation of my knowledge and competence in the eyes of the employer.

And Kristina and I are also planning to make presentations, and this certificate will make the audience understand that I am not just a lawyer, but also a specialist in privacy. It greatly enhances the reliability of my words and me”.

 

______

 

Christina Goncharenko:

 

“For me, obtaining CIPP/E certification was a true professional evolution. When the Regulation came into force, there was very disparate data in Russia about what it is and what needs to be done. The first professional who appeared on the market in CIS was Siarhei Varankevich. We took all his courses and he gave us a very good base. Already after his DPP course, we had an understanding of where to go with the Regulation, what to do in the company, a concrete plan of action.

And when we started implementing this plan in the company, we realized that we still needed to go deeper, because when you start dealing with data protection according to GDPR, you see that you need to constantly improve your knowledge, stay updated, and get additional information.

GDPR is a very progressive law that is constantly evolving. There are new trends, practices and all this has to be constantly monitored. You cannot help but develop in this area. There are many complicated cases, where there is no clear understanding of how to act, especially on the issue of fines. We have realized that we need to move more deeply. And the certificate is the result of our professional growth and development in this field.

And, of course, it raises our professional status, as well as any additional education”.

 

How does the CIPP/E exam take place?

 

Let’s start with the fact that people of all professions can take the exam, not necessarily lawyers. They can be IT specialists, risk managers, specialists of the marketing department, HR, entrepreneurs, and, in fact, anyone.

The exam itself is a computer test, which consists of 90 questions and lasts 150 minutes. 

It is impossible to sit it online. Thus, to take it, you need to sign up and come at the nearest Pearson VUE testing center. This company has more than 6000 centers around the world and in all major cities of the CIS. They provide services of taking many other standardized exams, such as TOEFL.

Test time is limited. It is impossible to cheat because at the entrance you will be asked to leave all electronics, watches, telephone, as well as books and other information sources. You only have a desk with a computer and a small plastic board with a marker for notes. There is a video camera that captures you during the exam near all workplaces. The video is then stored for a while and in case of a dispute you can pick it up and check it out.

The CIPP exam is available in English, French, and German. But mostly in English. And it is challenging to pass the exam because the required level of language proficiency is above average.

 

Siarhei Varankevich:

 

“This is a computer test, in which you need to choose the right option for every question from several suggested ones. The questions are quite tricky, made very professionally, but with proper preparation, you can easily pass it.

What helps is that this is a very standardized exam, where all the rules are well described and clearly understandable. There is only one correct answer to one question, that you will determine immediately, knowing the rules and standards.

___________

 

Christina Goncharenko:

 

“Everything did not turn out as we expected. At first, there is a little anxiety, and this is normal. When I entered the exam room, I was worried that it would be unclear how to use the program. But everything turned out to be extremely clear. You sit down, you read the rules, that explain everything in detail: how to answer, how to return to the previous questions, how to check the box that at the end of the general list of all questions will appear and you can return to the market. And when you’ve read and studied everything, you can move on to the questions.

TEST-HACK: Do not go straight to answering the questions. You can sit for a few minutes, calm down, read the rules, gather your thoughts. The test time will only start when you click the “Go to the questions” button.

There are two types of questions in the test: the answer options and the cases. The cases suddenly turned out to be very large, and it took me a long time to read them. I thought they would be for a couple of paragraphs, and there the case would be for the page of a printed text. For each case a few questions are given. On each question you have approximately 1,5 minutes, and during this period it is necessary to read the case and answer questions. In total, there were about 8-9 cases.

In principle, there is enough time to answer all the questions. But you have to be ready for the fact that in the second half of the test it becomes more difficult to acquire information. Still, it is in English, and the questions go one after another, so you gradually get tired and lose attention. Some questions have to be re-read several times to understand their essence. “

 

Artem Bystrov:

 

“I was most worried about my English, that was at the intermediate level. So, when we started to prepare for the CIPP/E exam, I spent all these 4 months additionally studying with an English tutor. The language of the test is not legal, nor colloquial. I would say that it is written in a professional language, like the GDPR or a textbook. In general, I was able to easily understand the general meaning of questions and cases.

The interesting thing about cases was that the case itself can be huge. But to answer the questions only 2 sentences from this case are enough. So, after a couple of cases I stopped reading, and began to look out for specific information necessary for answers.

TEST-HACK: It is not necessary to read into the texts of cases too carefully and waste time. First, read the case questions, and then look for specific information in the text to answer them.

While passing the test, you can click the checkboxes of the questions you want to return to and think about later if you can’t answer them right away. But my time somehow started running out quickly, so I tried to answer all the questions in order.

 

______________ 

 

How are the results assessed?

 

All questions in the test are divided into three blocks:

  • European Union institutions, GDPR history and general concepts of legislation;
  • GDPR rules;
  • The practice of GDPR application in different areas: marketing, monitoring, HR;

Each section is evaluated differently, depending on the importance and complexity of the topic. For the first block you get fewer points because the questions are less important. The second and third blocks are valued more.

The passing score is between 60 and 75 percent, but no one knows what logic determines your success. You can get 500 points in total for a test, but you must score a minimum of 300 points to pass it. No one knows how many points are awarded and for which questions.

Moreover, there are different questions for everyone who passes the exam. so there is no point in trying to find out from those who have already received the certification what questions were on the test. Most likely, during the exam you will be asked questions that differ from those that your colleagues have answered.

You receive the certificate of passing the examination in electronic form. It is emailed to you in about a month after the exam. The certificate itself is posted on a special website, and, for instance, you can share the link to it on your website.

 

Step-by-step algorithm of preparation for the CIPP/E certification

 

Step 1.

Go to the CIPP/E site and register there.

Step 2.

Pay for exam and schedule the date at the nearest Pearson VUE center. Remember that you will have to come there in person, so choose time when you are not busy at work.

Step 3.

Buy an exam preparation book on the IAPP website and read it. You can also buy a special online exam preparation course or study with a personal coach.

Step 4:

Come to the exam on the appointed day and time. You will receive your result immediately after the test. It will appear on the screen as soon as you press the “Submit test” button. And when you leave the test center, the employee will give you a printout with your answers and the points you received for them.

 

Siarhei Varankevich:

 

“It is recommended to schedule at least 30 hours to work through all the materials in preparation for the exam. But I think this is not enough. Rather, it will take 2-3 times more time to read and study everything properly.

However, if you prepare quickly and thoroughly, I think that you can prepare from scratch in 3 weeks. CIPP/E tests mainly knowledge, and much less intuition, decision-making, and logic. You should logically choose the answer options and correctly interpret some GDPR norms. But it can be easily developed, read, understood, worked out on test questions, discussed with a teacher on the course or a coach.

We provide people who are preparing for CIPP/E with an opportunity to call our consultant, who has already passed this certification and has extensive practical experience working with the GDPR, several times a week. During these sessions, clients can ask questions, receive homework, and test their knowledge. All of this is in English and has a lot of examples from practice.

Many people need a schedule for training that will discipline them. For example, they are more productive if there is a scheduled meeting with a coach, by the time of which certain material has to be read and the tasks must be completed. 

Our coaching is usually done by Olga Zavalniuk. She has CIPP certificates in Europe and the USA. She very attentively guides people through all topics of the certification. She even wrote her own tests that are close to what will be at the exam in terms of complexity.

Sometimes I also coach. And the most valuable thing that I tell from my experience of passing standardized tests is the plan of how to allocate time on the exam, how many seconds to give for each question, and in what sequence to take. I don’t remember who developed this method, but I took many tests using it. And I have never had such a thing that I do not have enough time.

Coaching is individual for each person. For someone 5-10 hours of preparation together with coach is enough. Someone wants to get maximum information and practice in order to be guaranteed to pass the certification and not to feel ashamed for failing. He/she needs more time. Most often they take 20-30 hours of coaching, which is enough to pass and complete work the whole CIPP/E program.

Of course, we cannot give a 100% guarantee that you will pass the certification. But we do guarantee that you will get the full amount of knowledge. With good English proficiency, perseverance, and faithful completion of all your homework, 99% that you will succeed. Although there’s always the chance that something unexpected will happen. But of those we have prepared they have passed everything, and we are very proud of it.

 _______________

 

Christina Goncharenko:

 

“It took us about 4 months to prepare for the exam.

And everything started at the Data Privacy Professional course of Siarhei Varankevich. At the end of the training he gives a test, in which the questions are similar to those in the CIPP test, but there are fewer questions in the tests of Siarhei. Even at that time we had some understanding of the complexity of the questions.

Siarhei on the course gives a powerful base. He has analyzed and structured the Rules, and has presented them to the participants in accessible schemes. These schemes are very helpful in further work and in passing the exam. They are as if photographed in memory, and you begin to apply them immediately to the workflow of data processing.

And then we worked with a personal coach, Olga Zavalnyuk. Olga has prepared us perfectly, and we are very grateful to her. We had 2 sessions a week. They were held according to the textbook that is required to pass the exam. There were homework assignments we prepared for each lesson, and at the lessons, we discussed and revised the reading material.

After the textbook was finished, Olga prepared a test exam for us. Her questions were quite complex and challenging, at the level of those given on certification. After passing the test exam with Olga, we repeated all the material for about three weeks. And then we went to take the test.

 

 ______________

 

Artem Bystrov:

“The preparation kit contains a list of 30 questions, similar to those on the exam. But it happened so that we were curious, and we did these questions immediately after the DPP course with Siarhei. And, by the way, we completed them successfully. Therefore, Olga prepared her author’s test for us at the end of working with her.

If you just take the DPP and immediately take the exam, it will probably be difficult. You should read the textbook, because everything in the textbook will be on the exam. For example, there is a lot of information on the history of the appearance of the GDPR that  we did not have in the DPP course and is not in the Regulation itself.

You can read everything yourself. But when there is a coach, it is very calming and helpful. You can talk, ask, get detailed answers, and discuss different cases. The coach can explain some details , technologies, and give some other cases.

Olga is an amazing person. We have established good contact with her. It even seems to me that she was more worried about us before the exam than we ourselves. “

 

 ___________

 

Which amount is involved? 

 

The exam itself costs 550 dollars (versions in French and German are included in the price).

In addition, you can pay 250 dollars for an IAPP membership that must be renewed every 2 years. This gives you access to additional materials, and discounts on many products of the organization.

You can also purchase:

  • A booklet with sample test questions – 35 USD.
  • The booklet for preparation – 75 USD.
  • If you decide to buy an online preparation course, the book and booklet with questions are already included in the price – 1195 USD.

The most advantageous option is GDPR Prep Online Bundle (CIPP/E) for 1495 USD. It already includes everything you need: online training, all books, the cost of passing the exam and membership in the IAPP for 1 year.

If you don’t pass the exam at the first try, it is cheaper to take it again – 375 USD. You can take the exam as many times as you want, but you will have to wait at least 1 month between the exams.

 

Why is CIPP/E just the beginning?

First, CIPP/E is only the first certification out of three. Most people who have got it, sooner or later want to get another certificate.

And, secondly, this certification is not eternal, it is issued for 2 years and then requires regular confirmation.

 

___________

 

Artem Bystrov:

 

“During the preparation and taking of the exam, we realized that this is also the motivation for further development. The certificate is not issued forever. In 2 years it will last automatically if during these years you continue your training and have collected 20 points for listening to webinars, attending conferences, etc. Or you will have to take the exam again since the certificate will expire. So it’s not just a matter of paying money and taking the exam once. Then you have to constantly take additional seminars, webinars, and conferences and gain points”.

 

__________

 

Christina Goncharenko:

 

“To extend the validity of the certificate, you should constantly attend events, both in person and online, webinars, and conferences. Participation in these events gives a different number of points that depend on the hours of training. There are paid and free events. But the saddest thing is that at the moment in the CIS there are no such events in person. We will have to go to Europe. And it should be taken into account if you plan to sit the certification and to invest your budget and time in this. 

For example, participation in the European conference gives all the necessary points for 2 years, but its cost for 1 person is 4000 euros, except the flight and accommodation. But you can take part in webinars that are free and held online, so you don’t have to go anywhere. However, they give fewer points, so in order to get the required number of points you need to visit the webinars more often than offline events. In general, this is not a problem and it is quite real to gain points”.

 

 Conclusion 

CIPP/E certification requires a lot of resources, but it also gives you many benefits and advantages.

It is real to prepare for the exam in a fairly short time especially if you read a book, work with the coach, and faithfully perform all tasks.

After passing this exam, you can be sure that you already have enough knowledge to implement GDPR in your company. The only other things you will need are manpower and authority.

____________

 

Christina Goncharenko:

 

“Of course, it depends on the size of the company. But you have to understand that the implementation of GDPR involves changes in certain business processes, and this will require the involvement of employees from other departments.

For example, we have created in our company a project group of 20 people from different departments that relate to the processing of personal data. Efforts of only a few people who have got the certification are not enough here. We need the desire, enthusiasm of all team members and, of course, time”.

 

P.S.

At the end of the interview, we asked what inner changes our interviewees had undergone due to this exam.

 

____________

 

Artem Bystrov:

 

“After this test, I became even more aware of the fact that I would not want to work for a company that violates privacy. Knowing GDPR, communicating with such great specialists as Siarhei and Olga, you understand that it is very essential and that you do not want to work in a company that uses personal data of its clients detrimentally”.

____________

 

Christina Goncharenko:

 

“The very fact of passing the exam gives you more confidence in yourself and your knowledge, you feel like an expert. And certain perspectives change the angle of view in general. When you start participating in foreign workshops, you see the level of their specialists, you realize how far we are from them here, in the CIS. This is a completely different level of doing business that we have yet to learn”.

 

_____________ 

 

We are very grateful to Christina, Artem, Siarhei and everyone who helped us in creating this article. And we wish our colleagues success in their future journey with GDPR!

The course is loading, wait a few seconds