CIPP/E Certification Guide

Last update: May 23, 2020.

I took the CIPP/E exam in April 2018. This article reflects my experience and recommendations. Hope this helps you obtain your certification!


This article is a guide to help you study efficiently and pass your GDPR certification exam. The International Association of Privacy Professionals (IAPP) offers the most up-to-date and sought-after ANSI/ISO-accredited certifications.


The IAPP has three types of GDPR certifications:

  1. Certified Information Privacy Professional (CIPP), the gold standard in the privacy industry.
    • The Certified Information Privacy Professional/Europe (CIPP/E) credential demonstrates a strong foundation in European privacy laws and regulations.
    • The CIPP/US, CIPP/C, CIPP/G and CIPP/A credentials focus on privacy regulation in the US, Canada, U.S. Government and Asia, respectively.
  2. Certified Information Privacy Manager (CIPM) focuses on GDPR operational privacy management such as implementing and maintaining privacy programs.
  3. Certified Information Privacy Technologist (CIPT) is privacy training for IT professionals.


A number of costs are involved in order to get your certification:

Authoritative Textbook$75, $65 for members
Sample Questions$35, $25 for members
First-time Certification Exam$550
Retake Certification Exam$375
Additional Certification Exam, once you passed an exam$375
Bi-Annual Certification Maintenance Fee$250, free for members
Annual IAPP Membership$275, $50 for students

The Certification Maintenance Fee is waived when you are an IAPP member. As an IAPP member, you will receive membership benefits such as members-only content and networking opportunities. 

Tip: you can showcase your IAPP membership on LinkedIn.

There are a few ways in which you may be able to reduce these costs:

  • Sign up for a free IAPP account, which will give you a chance to receive promotional mailings with discounts on sample questions, exams, etc.
  • Become a beta tester. As a beta tester, you take an exam with a new set of questions, for which you will receive a 50% discount, a saving of $275. There seems to be high demand for discounted beta tests and available slots fill quickly. One way to get access to a beta test exam is to receive an IAPP email invitation. Or check if the IAPP website has an active Beta Exam page similar to this CIPT one.



Download all briefing material from the IAPP website:

    • IAPP Privacy Certification Candidate Handbook
    • Study Guide
    • Authoritative Resource List
    • Body of Knowledge  
    • Exam Blueprint
    • Glossary of Privacy Terms

As an option, you can purchase IAPP Sample Questions. This will give you an idea of the type of questions to expect. However, the exam questions are considerably more difficult!

Books by the IAPP

  • Determine which books you will need. The “Authoritative Resource List” contains a paragraph called “Authoritative Texts” that lists several books required for your exam.
      • Tip: In my experience, the first book listed covers almost all of the “Body of Knowledge”. Carefully studying this book should be sufficient in order to pass the exam, depending on your background and prior knowledge.
    • A free book preview is available from the IAPP online store. By clicking on the book’s “Details” link, a new window will open with a link to “Download a Preview” at the bottom.
    • Paper or electronic? Most books are available in paper and electronic versions. I prefer the electronic version because you can bookmark pages, highlight, add notes, search for specific terms and use the electronic dictionary.  
    • Electronic books come in Amazon Kindle and epub formats. After you purchase one type, you get access to both formats.
    • You will have to use the iOS Kindle app on Apple devices since IAPP books will not show up in the macOS Kindle app.

I highly recommend that you acquire the following books:

CertificateIAPP Book
CIPP/EUstaran, Eduardo. European Data Protection: Law and Practice. Portsmouth: IAPP, 2018.
CIPMDensmore, Russel R. Privacy Program Management: Tools for Managing Privacy Within Your Organization. Second Edition. Portsmouth: IAPP, 2019.
CIPTBreaux, Travis. An Introduction to Privacy for Technology Professionals. Portsmouth: IAPP, 2020.


Some books with CIPP/E practice exams, not by IAPP:

Jacobs, Jasper. European Privacy Law Practice Exam. 2018.
Book coverJacobs, Jasper. European Privacy Law Practice Exam – Case Study Edition. 2019.
A Complete CIPP/E Practice Exam: 90 questions, not by IAPP. 2019.



  • IAPP recommends that you plan for a minimum of 30 hours of study time prior to your exam date. I suggest that you spend most of that time studying the book.
  • I recommend that you make your own diagrams and summaries of key topics in order to better understand and remember the important concepts.
  • I also recommend spending some time on the Glossary of Privacy Terms in order to become familiar with the terminology.
  • CIPP/E-specific:
    • Understand the overall GDPR structure and the numbers of important GDPR articles, along with the main topic covered by each article.
    • Focus on the first 50 articles of the GDPR.
    • This site is useful for studying the GDPR structure and articles, as well as the “recitals” that provide further background about the GDPR articles.
    • Tip: There are several GDPR apps available free of charge that you can use as a reference in order to quickly access the GDPR text, without having to search through PDF files. My favourite app is the Explore GDPR by DLA Piper.
    • Tip: Check out tips from other people taking the exam at the CIPP/E Advice Forum on I found this post most helpful.    

CIPP/E exam questions

The CIPP/E exam has many case studies. The cases require a fair amount of time in order to read and properly understand the situation. Be aware that you can easily run out of time if you spend too much time on one case.

Other types of questions are also difficult. There is often not just one correct answer, but IAPP will ask which answer is the most correct or which situation would create the fewest problems. In other words, you must go beyond memorising facts and be able to assess the situation.

Taking the exam

Reserve your exam time and location through the IAPP website. Most exams allow 150 minutes for completion and consist of 90 multiple choice questions. Many people found the level of the exams to be very difficult and felt that they did not have enough time.

  • The exam is online.
  • You cannot bring electronic devices like a phone or electronic watch into the exam room.
  • Non-native English speakers can bring one English-to-alternative-language dictionary.
  • You are provided with a few sheets of paper and a pen in order to take notes.
  • A countdown timer displays on your screen.
  • Each question is pulled from the server, which can take several  seconds. The timer stops each time until you see the next question, giving you an opportunity to recuperate and collect your thoughts.
  • Passing scores generally range between 65 and 80% correct, depending on the program. The IAPP does not provide any more specific information, but at least you get an idea.
  • You may mark questions on the screen to review before handing in your answers.
  • You receive your results immediately. Unless you are a beta tester, in which case the results will available in about four weeks.


IAPP uses Accredible, a digital credential service, to issue its certificates. Accredible provides you with a professional, interactive certificate that can be verified, downloaded, added to LinkedIn, etc. You should receive your certificate about a week after the exam, unless you are a beta tester, in which case it could take a few additional weeks.

Staying certified

In order to maintain your CIPP certification, you will have to complete at least 20 hours of continuing privacy education (CPE) every two years. You obtain credits for studying and for being active in the privacy community, such as participating in online seminars, conferences, volunteer work or writing an article. You self report your credits in your IAPP online environment.

Free online resources


Did you take the CIPP/E exam? How was it? Leave a Comment!

8 thoughts on “CIPP/E Certification Guide”

  1. I fully agree with most of the remarks in the article especially the ones in regard to “Taking the exam” as the time allotted for the 90 questions in 2,5 hours seems sufficient but turns out to be quite the opposite.
    Also mastering all Chapters of the book written by Eduardo Ustaran is key to pass the CIPP/E exam, I must have read it at least 8 times and made my own summary of all the facts related to the history of Data Protection Law and the European Union Institutions.

  2. The Article does describe the required preparation very realistically.
    The book from Ustaran is key and needs a very thorough study. It took me even more than 30 hours to study and prepare for the exam.

    Next to that the exam blueprint does not represent the CIPP/Exam, as the questions from the exam are much more complex and hold a lot of details.
    In my experience the most challenging part of the exam is the available time of 2,5 hour. As the questions need thorough reading and interpretation, you run into time constraints very easily.

    Nevertheless, you will be exhausted after taking the exam, but end up with a positive mindset after succeeding the exam.
    Good luck!!

  3. Thank you for your nice overview. I think all the study material is in it. It also gives a clear overview of the costs. In terms of study, it is indeed smart to know the first 50 articles of the GDPR well. Furthermore, I would really recommend to purchase the IAPP sample questions. Although they are easier than the exam, they do give a good idea of the research question. Based on my own study experience and that of others, I have developed There you can follow effective training that is entirely based on the blueprint. You will also receive a detailed summary of the textbook. Finally, various practice questions, including scenario questions, are included.

  4. Nice overview!

    Myself (I am a Finance person with no background in law or data privacy) I read the full book (European Data Protection) very detailed, which is very useful. I had a 2 day event with our DPO with several workshops and presentations. Than I followed a 2 day training from Jeroen Terstegge. After I read some articles from EDPB and the mails I subscribed from the IAPP with the latest updates in the field of Data Privacy. The 2 exam books (Green and Red) I found useful to get used to the type of questions. After I read my summary of the book, visited a day presentations from Onetrust and did the exam. Altogether I spend >200 hours on the topic.

    So I did a lot of effort and my score on the exam was 370 out of 400. I found out that another student had a score 291 out of 400 and also passed. So my conclusion is that if you just want to pass you should learn the book very well and do the practice exams you probably will make it. And if you really want get acquainted with GDPR that you should spend much more to discover the full aspect of Data Privacy.

    1. Thank you for sharing your approach to getting the CIPP/E certification. That’s an impressive effort that you put in and a matching impressive result on the test. Congrats on passing!

  5. Thanks for your efforts to put together this overview. I ‘accidentally’ came across this website, looking for CIPM training material. If you have anything available or know where to get it, please send me links…

    Even after a training and more than 30 hours of self-study, I failed the first time for the CIPP/E exam, but at least it gave me the idea to study by making my own questions (based mostly on the book and the GDPR articles). There are hardly any practice questions available online, and when you find something it’s usually of a poor level; as you mention as well, even the sample questions you can ‘purchase’ from IAPP are not really the same level as in the exam.

    Some material I did find useful (next to the text book), was the Guide by Bird & Bird, which gives a good overview of the differences between the Directive and the GDPR. I found this one for free here:–bird–guide-to-the-general-data-protection-regulation.pdf?la=en

    In the end, I took the effort to develop a full CIPP/E test-exam, including 90 multiple choice questions and 5 case studies, and I developed a software program, imitating the circumstances of the real exam (including the 150 minute countdown and scoring in three domains). You can take the trial exam on my website to test your knowledge and get used to the official circumstances with really difficult (!) questions and long texts. It’s not for free, but very cheap in comparison to a retake.

    I also have some tips for preparation posted on my website and all input is welcome.

  6. A good overview.

    I purchased the online training bundle with exam from the IAPP which allows a year to study in your own time before sitting the exam. Personally I find I focus more under pressure so did cram revision in the 4 or 5 days before my exam. Having an interest in privacy and working in the field does help as you pick things up along the way without realising and you understand how to apply the principle and key points rather then memorising.

    I passed the exam first time with around 20 minutes to spare and scored 100% on two section, only around 70% on the history element which was always my weakness. If you can apply the law to everyday situation you will find the exam much easier. The exam as many have said and is included in this overview is very different to the sample questions so please do not be fooled by them!

    I did not realise the book many others have mentioned was part of my package and only found it the night before the exam. I took the decision not to read the book as I thought it would make me panic – it is possible to pass with the material in the video, although I’d definitely recommend reading it! If I were to offer advice it would be, download the transcripts and put them into your own words, use colours, think about the real world (don’t just memorise apply!!!!) and have a relaxing evening before your exam, it’s just an exam, you can always retake.

    Good luck to anybody planning on taking the exam soon!

    1. Congratulations on passing your exam!
      Thank you for sharing your CIPP/E experience, in particular, letting people know about the IAPP video and the book.

Comments are closed.