CIPP/E Advice
Comments
-
TightTeeShirt Member Posts: 11 ■■■□□□□□□□LAWYER2 said:I haven't taken the CIPP/E but have been preparing for the US, sitting next week. I've been playing close attention to the Exam Blueprint and trying NOT to devote to many mental resourcs on areas that won't carry much weight. To me, it's akin to extensively studying the 'Rule against Perpetutities' in property law for those who sat for the bar exam. Just not worth the effort to devote the extra mental resources to something unlikely to be tested heavily.
This is exactly how you should be doing it too. I had a rough week of being sick so I didn't get that "final week of intense review" like i wanted. However, the section i spent the majority of my "relaxed passive study" on was Section 2 of the exam because according to the Exam BluePrint that is where the majority of the questions came from, and it saved my butt tremendously.
The one caveat I would add to that is that I noticed the exam was very much linear to the exam blueprint. That is to say, I was expecting a mixed bag of questions to come from any topic at any time but that was not the case. The questions seemed to come in order of the topics listed on the exam blueprint. Since i only passively studied for the first Secrtion (low weight), I started the exam off with a lot of uncertainty and that's a really shitty feeling. So I would offset that somehow by giving a tad more effort in the front end -
ipiyali Member Posts: 6 ■■■□□□□□□□advice needed on the portion relating to Member State Guidance and derogation...Did you all study those too...It is all relating to various in-state GDPR developements adopted individually...is it relevant for the CIPP/E exam
-
TightTeeShirt Member Posts: 11 ■■■□□□□□□□TightTeeShirt said:gdprstudent said:How did you find the CIPT? I was thinking of doing this to get the hat trick but haven’t seen huge demand on the jobs boards for this certification (whereas CIPP/e and CIPM is mentioned quite often whenever roles are advertised).
From a tech standpoint, I found it profoundly rudimentary, and lacking any useful depth. I suppose it'd impress somebody though if it helps you achieve IAPP's "FIP" stamp *shoulder shrug*
Anyways, I received an email that the current exams and stuff would be in place through the end of the year but starting January 2020 they're adding 50% New Topic Content. This is pretty huge when you consider their update to the CIPP/E only added 10% new content, but to be completely honest the CIPT was in desperate need of this update because as a Cyber Security Professional with 7+ years experience, i found the existing CIPT information all but useless.
That said, the new sections definitely appear to have some genuine value that I will be interested in reading up on. From what I'm seeing on the new exam blueprint they're:
Privacy Threats and ViolationsDuring Data CollectionDuring UseDuring DisseminationIntrusion, Decisional Interference and Self RepresentationSoftware Security
Technical Measures and Privacy Enhancing Technologies
Data Oriented Strategies
Techniques
Process Oriented Strategies -
TightTeeShirt Member Posts: 11 ■■■□□□□□□□ipiyali said:advice needed on the portion relating to Member State Guidance and derogation...Did you all study those too...It is all relating to various in-state GDPR developements adopted individually...is it relevant for the CIPP/E exam
-
arana Member Posts: 12 ■■■□□□□□□□Hi, I’m so thankful for this thread! I’m giving the CIPP E this year, and was planning on just winging it by reading whatever I could, before I came across this thread and realise it’s apparently a tough exam lol. I’m giving it in September, but am concerned about updates to the course blueprint. Does anyone know when we will have more information, and if I should I wait for new version of the book, more clarity to come in, before I sit for the exam in September? So far people have relied on sources like WP29, the book but wont this be outdated with the new changes ?
-
LAWYER2 Member Posts: 37 ■■■□□□□□□□I'm not entirely sure about the CIPP/E but I know they IAPP specifically states the exam will change after Sept 1 for the US version. I would just give them a call and inquire. They've been pretty helpful whenever I called. Emailing will take days to get a response though. I'm sitting for the US version next week and decided to do it before the end of the August for this very reason.
-
TightTeeShirt Member Posts: 11 ■■■□□□□□□□arana said:Hi, I’m so thankful for this thread! I’m giving the CIPP E this year, and was planning on just winging it by reading whatever I could, before I came across this thread and realise it’s apparently a tough exam lol.
My assumption is that they would be great for IT Managers that have no idea about GDPR and want to get a thorough briefing and run down of what is in scope, what to implement, and what to ignore. However, based on the amount of studying i put in to barely pass I don't think there's anyway in hell one could pass off an IAPP conference bootcamp alone. -
gdprstudent Member Posts: 13 ■■■□□□□□□□Great news that CIPT is being revised. Maybe CIPM will go through a similar revision too? On another note I have to say that even though I have both CIPP/e and CIPM (as well as CISMP and prince2), it is really tough to find work in the field of data protection/privacy/information security. IAPP claim that the arrival of the GDPR will create the need for 75k DPO’s and encourage people to take their courses but I’m starting to have doubts... anyone else with similar experience?
-
LAWYER2 Member Posts: 37 ■■■□□□□□□□gdprstudent said:Great news that CIPT is being revised. Maybe CIPM will go through a similar revision too? On another note I have to say that even though I have both CIPP/e and CIPM (as well as CISMP and prince2), it is really tough to find work in the field of data protection/privacy/information security. IAPP claim that the arrival of the GDPR will create the need for 75k DPO’s and encourage people to take their courses but I’m starting to have doubts... anyone else with similar experience?
-
gdprstudent Member Posts: 13 ■■■□□□□□□□I’m in the UK. Apparently GDPR roles are more suited to lawyers rather than those who have the IAPP qualifications and a little experience in actual data protection.
-
LAWYER2 Member Posts: 37 ■■■□□□□□□□Aw I see. Have you looked at business/data analyst roles? I work for a large bank who's data privacy intitiates consists of many, many analyst. Oftentimes, these DP jobs aren't really titled as data privacy professinals.
-
gdprstudent Member Posts: 13 ■■■□□□□□□□Yes where there have been relevant vacancies I’ve applied and I always follow up to speak to the recruiter - when they actually pick up the phone(!). Usually recruiters don’t reply back or they come out with the usual “lack experience compared to others we’ve seen.” One even said that they’d found someone with 5yrs GDPR experience for a role advertised last year.
-
LAWYER2 Member Posts: 37 ■■■□□□□□□□I feel you. I know it can be frustrating. I was in a similar boat trying to "break into" the industry until I began holding myself out there as a "subject matter expert" on LinkedIn. Since then, I've had recruiters reach out to me. If you aren't already, I'd highly reccomend utilizing LI as much as possible. There are recruiters specifically dedicated to data privacy. Look up www.lawrenceharvey.com I recently connected with a couple didfferent DP recruiters based in the UK
-
vjvj Member Posts: 3 ■■□□□□□□□□I couldn't make it 75/65/58. Couldn't give time for scenario based questions on thorough understanding. In my view one should complete straight forward questions first within 30 mins and flag scenario based questions do it later. My preparation was 10days reading of cipp e book . Only one question on article number so may be remembering article numbers is not imp. Don't spend much to me on dates of history. One question on ICO . Plan to retake.
-
AlwaysStudying Member Posts: 43 ■■■□□□□□□□gdprstudent said:Yes where there have been relevant vacancies I’ve applied and I always follow up to speak to the recruiter - when they actually pick up the phone(!). Usually recruiters don’t reply back or they come out with the usual “lack experience compared to others we’ve seen.” One even said that they’d found someone with 5yrs GDPR experience for a role advertised last year.
I spoke to a recruiter, I lost out on a contract because recruiter said chap client picked had 5 years GDPR experience..
I got another very good paying contract at a bank, implementing the GDPR, I think Lawyers\legal department definetly have a place, i.e. drawing up and challenging vendor contracts, legal basis per processing tasks, however, how many lawyers can (and want to) do data inventory, mapping, design DSAR logs, etc.
I've been looking for my next GDPR\DPA2018 contract since February, agents tell me on average they recieve 200-300 applications per role, whose going look through all of those?
What is required over here is more fines by the ICO and clarity over the Brexit nonsense.
Oh....and recruiters returning calls or answering the phone... -
LAWYER2 Member Posts: 37 ■■■□□□□□□□AlwaysStudying said:gdprstudent said:Yes where there have been relevant vacancies I’ve applied and I always follow up to speak to the recruiter - when they actually pick up the phone(!). Usually recruiters don’t reply back or they come out with the usual “lack experience compared to others we’ve seen.” One even said that they’d found someone with 5yrs GDPR experience for a role advertised last year.
I spoke to a recruiter, I lost out on a contract because recruiter said chap client picked had 5 years GDPR experience..
I got another very good paying contract at a bank, implementing the GDPR, I think Lawyers\legal department definetly have a place, i.e. drawing up and challenging vendor contracts, legal basis per processing tasks, however, how many lawyers can (and want to) do data inventory, mapping, design DSAR logs, etc.
I've been looking for my next GDPR\DPA2018 contract since February, agents tell me on average they recieve 200-300 applications per role, whose going look through all of those?
What is required over here is more fines by the ICO and clarity over the Brexit nonsense.
Oh....and recruiters returning calls or answering the phone...I definitely agree. The Data inventorying, mapping, definitions etc tasks,I see the other analyst workig on, I have no desire, nor clue how to do what they're doing. The DP space is definitely multi-disciplined.
-
Campbell Registered Users Posts: 9 ■■□□□□□□□□arana said:Hi, I’m so thankful for this thread! I’m giving the CIPP E this year, and was planning on just winging it by reading whatever I could, before I came across this thread and realise it’s apparently a tough exam lol. I’m giving it in September, but am concerned about updates to the course blueprint. Does anyone know when we will have more information, and if I should I wait for new version of the book, more clarity to come in, before I sit for the exam in September? So far people have relied on sources like WP29, the book but wont this be outdated with the new changes ?Maybe this is useful: cipptraining.com/cipp-e-and-cipp-us-annual-update-september-1-2019/
-
humaiz Member Posts: 2 ■■□□□□□□□□Hi, I have been reading all the comments here, and it has been very useful to gauge on what i could expect from the exam.
I am a young infosec consultant. I'm from Sri Lanka so GDPR isn't much impacting here except for some of the companies. However, in another 2 years SL also will be publishing a Data Protection Act which is going to be a major turnover for all the companies. So to prepare I was thinking of doing a CIPP certification.
If anyone could help me out on how much the whole thing would cost, could greatly help with my plans. As far as i know, the book costs $75 (would electronic or physical be better?) and the exam $500. I would like to know is any other cost, like should iapp membership mandatory to be taken before - and how much, is there any yearly payment to be paid etc.
-
arana Member Posts: 12 ■■■□□□□□□□can anyone pls tell me if it’s necessary to read and be familiar with the Directives - of April 27 for processing of new personal data for crimes , and PNR? On the website they precede the GDPR directive.
-
arana Member Posts: 12 ■■■□□□□□□□Sorry about the multiple posts, and I've started preparing and noted that in addition to the GDPR, there are various directives / conventions mentioned in the course material. While I plan to read the book after the GDPR text, can anyone guide me on where I can access all the additional legislative material required to prepare for this exam? Is there some place where all of it is listed, as its a nightmare to collect them individually, and I'm conscious of whether I've missed any.
Some of them seem to be repealed - so is it enough to rely on the book or should I go through all this additional material as well? I'm finding it challenging to collate the relevant material, hence any leads on best sources where collated links are available would be most helpful. I'm already a lawyer working in this space, so do have background info, but the level of prep done my others has made me rethink my studying strategy so being extra careful. -
Matthaios55555 Member Posts: 5 ■■□□□□□□□□Canyon said:Passed CIPP/E last week. Didn't take the training course. Bought the book and the sample exam questions online. I feel the exam is difficult and the sample exam questions are not representative of the questions in the actual exam.
My advice for what it is worth:
1. Prepare a flow chart or diagram that outlines the GDPR decision making process. The flow chart needs to be something that you can sketch out, in a few minutes, from memory, on the scrap paper they give you in the exam. This flow chart is going to be the basis for at least 50% of the questions and will help you think through the steps clearly when faced with the long, and deliberately confusing, fact patterns.
(Having some typed notes on each article of the regulation is like having an engine in a million parts, whereas a flowchart is a working engine. I had the misfortune of trying to put the engine together in the middle of the exam - which made the exam much more difficult than it needed to be.)
2. Learn the GDPR article numbers (1-50). Many questions reference the article number only and then ask a question such as "in light of what it states in article X" pick the best answer below.
3. Read the questions very carefully - especially the short ones where it is just one sentence. I caught myself picking the wrong answer a few times as I had misread a word.
4. Focus in greater depth on the subject areas that have the most questions - as detailed on the exam blueprint. Some subject areas have 13 questions whereas others have 3. Don't give each subject area equal study time.
5. The UK ICO is a great source of information on GDPR and has good examples of how the Regulation applies to real life fact patterns. -
Matthaios55555 Member Posts: 5 ■■□□□□□□□□Thank you everybody for the helpful pieces of advice and for devoting some of your time in giving us valuable guidelines. I have some further questions to ask regarding the reading material and the exam itself. I would really appreciate your feedback:
Legislative Framework (Domain 1): do we need to learn by hard the old legislation provisions and what they have introduced in detail? Or generally their impact and their implementation purpose?
European Union Institutions: What kind of questions are for this section? Regarding their powers? their role? and composition? Do we need to get technical and know by hard for example the three procedures may apply to the legislative process of the Parliament? (ordinary, consultation and consent?) I assume not, since there is only 1 question, therefore only basic info will be requested.
I do not know where to give emphasis and how much time should I dedicate on parts that have 1-3 questions only. Do the questions of such parts tend to get into detail? For example only two questions will be asked about Legislative Framework (Domain 1). Do I have to go deep and learn for example wath is mere conduit or hosting or caching under Directive 200/31/EC? Or just know what they mean as an idea?
Domain 2: European Data Protection Law and Regulation: Point G: Security of Personal Data -> data sharing. I cannot find any material regarding this. Also they declare that there will be 8 whole questions in the exam. It seems too much for this section. What kind of questions? Maybe about breach and notifications?
Are controllers accountable for their processors, and if yes, to what extent? Does the same applies to the relationship between processors and sub-processors? I have read that controllers are the only ones to be careful about processing lawful bases and principles. Other than that?
In the Book I cannot find any info regarding the European Data Protection Supervisor except from the fact that it is one of the components of the EDPB.
The same applies for data subject compensation.
Thanks! -
TightTeeShirt Member Posts: 11 ■■■□□□□□□□
Matthaios55555 said:
I do not know where to give emphasis and how much time should I dedicate on parts that have 1-3 questions only. Do the questions of such parts tend to get into detail? For example only two questions will be asked about Legislative Framework (Domain 1). Do I have to go deep and learn for example wath is mere conduit or hosting or caching under Directive 200/31/EC? Or just know what they mean as an idea?
Are controllers accountable for their processors, and if yes, to what extent? Does the same applies to the relationship between processors and sub-processors? I have read that controllers are the only ones to be careful about processing lawful bases and principles. Other than that?
Thanks!
"Are controllers accountable for processors, if yes, to what extent". This question was a bit triggering. This information is given not only in the IAPP course videos, but also the book, and then yet again in the WP guidelines for this question.
I encourage you to review the Exam Blueprint (https://iapp.org/media/pdf/certification/CIPP_E_EBP_2.1.0.pdf) look at all the individual topics identified there and get as absolutely familiar with them as you can. If you don't fully understand the concepts the Scenarios are going to be your undoing. I just don't want you to fall victim to being one of those guys that spends all his time "studying how to study" and then never actually studies the material.
Lastly I think as of September 1st IAPP is changing 10% of the CIPP/E exam so i would check on that first. Cheers -
Matthaios55555 Member Posts: 5 ■■□□□□□□□□TightTeeShirt said:
Matthaios55555 said:
I do not know where to give emphasis and how much time should I dedicate on parts that have 1-3 questions only. Do the questions of such parts tend to get into detail? For example only two questions will be asked about Legislative Framework (Domain 1). Do I have to go deep and learn for example wath is mere conduit or hosting or caching under Directive 200/31/EC? Or just know what they mean as an idea?
Are controllers accountable for their processors, and if yes, to what extent? Does the same applies to the relationship between processors and sub-processors? I have read that controllers are the only ones to be careful about processing lawful bases and principles. Other than that?
Thanks!
"Are controllers accountable for processors, if yes, to what extent". This question was a bit triggering. This information is given not only in the IAPP course videos, but also the book, and then yet again in the WP guidelines for this question.
I encourage you to review the Exam Blueprint look at all the individual topics identified there and get as absolutely familiar with them as you can. If you don't fully understand the concepts the Scenarios are going to be your undoing. I just don't want you to fall victim to being one of those guys that spends all his time "studying how to study" and then never actually studies the material.
Lastly I think as of September 1st IAPP is changing 10% of the CIPP/E exam so i would check on that first. Cheers
I have read the book multiple times, consulted the outlines posted in this blog and made my own summary notes. Do not worry I am not one of those guys. :-) The reason I was asking is that I don't know what to learn by hard and what to know as a general conception. Knowing in detail the three Parliament processes is a little far-fetched for me, given the high volume of the reading material. That's why I was asking. I have already passed the EXIN exams on GDPR partitioning and details like these were not requested.
Thank you for the link, I have already studied the blueprint and based my notes on it. I have also been informed about the new 10% material and I have studied the recommended articles.
What other pieces of advice can you give me from your experience. I have read your post and how your exam day was. 67/67/67 - thats precise hehe
-
DPO_London Member Posts: 10 ■■■□□□□□□□Hey Team -
I passed the CIPP/E today with a 400 (89/83/83) and could not have done it without this thread.
Here's what I did (they are all A MUST):
1. Read the textbook once but took notes.
Trying to link the notes (says I haven't been around long enough to post links): drive dot google dot com/file/d/1V75vFax4zBpzdu2zGEBHIeu42wlN0_yJ/view
Credit to soltiske for these!! I started reading with their notes and edited (heavily).
2. Read the GDPR - Needs to be almost memorised by the end of the study time. Every exception to every right. Every length of time mentioned. Exact definitions. Even into articles 83+.
3. Read the WP29 opinions (no notes) on Consent, Profiling, Legitimate Interest, Transparency, and Breach Notification (should be listed as required reading as they are literally referenced in the test)
4. Three quizlets: quizlet dot com/305337775/cippe-flash-cards/; quizlet dot com/418215096/cippe-iapp-practice-questions-flash-cards/; quizlet dot com/416186258/cipp-e-flash-cards/
5. Answered the practice questions/test from IAPP and read their explanations. Not as useless as some claim; but yes not as hard as the real test. I got 2 wrong when I did that. One of the quizlets has those questions built in but no explanations.
6. Had to watch this playlist and several others to understand the terribly-named EU institutions: youtube dot com/playlist?list=PLqNq8AGWK_cmguZHPRMxrO-leUD5H-Dsr
Test impressions -
As others said - slightly poorly written with subjective questions or requests for minute details. Several questions about who can sue, how they can sue, what damages they could receive. Don't recall that in the book. Questions about the OECD (barely mentioned in book). Yes, scenarios have a ton of extraneous info. Reading the questions beforehand helps slightly. Reviewing all questions again helped as sometimes later questions enlightened previous answer choices. Spent 2 hours on the test and then ~25 min reviewing answers.
OK that's all I can think of for now. Good luck, friends.
-
arana Member Posts: 12 ■■■□□□□□□□Thanks so much for this DPO and congrats on passing !! Your tips are super helpful as they give much needed clarity on exactly what needs to be studied - could you pls let me know in terms of actual legislation, other than the GDPR, which other law / directive / guidelines should be read for this test? There are so many of them, and I’m confused if memorising GDPR as mentioned by you and many other posters is sufficient ? My question is specific to legislation only. Would be v helpful for me to know
-
privacyconsultant Member Posts: 1 ■□□□□□□□□□Hi All, I am taking the CIPP/E this week, was just wondering how difficult are questions based on the scenarios?
I ve gone through the online course, the book, the DPO handbook, GDPR and WP Art 29. Hope these will be enough to pass it! -
newatthis Member Posts: 10 ■■■□□□□□□□Best advice I can give, having taken the exam twice, is to know the book, GDPR, WP29, and look for the opinions. I wrote a post on this in about April/May outlining the sources I used to finally pass, including where I found these opinions. The opinions do a great job of bringing the regulations to life and bits of wisdom I found there were very big help for the exam questions. There is some luck of the draw in terms of which questions you get as they have many questions in the question bank with varying degrees of quality. Some of them don't make any sense, but I didn't see those ones in my second attempt (and if I had gotten one of them right I wouldn't have needed a second attempt!).
The only needed legislation was GDPR (in terms of going and finding it and reading it), but absolutely anything in the book is fair game for the exam, including prior legislation. Take that literally. The smallest bit that doesn't seem significant in the book could very well be part of a question. -
DPO_London Member Posts: 10 ■■■□□□□□□□arana said:Thanks so much for this DPO and congrats on passing !! Your tips are super helpful as they give much needed clarity on exactly what needs to be studied - could you pls let me know in terms of actual legislation, other than the GDPR, which other law / directive / guidelines should be read for this test? There are so many of them, and I’m confused if memorising GDPR as mentioned by you and many other posters is sufficient ? My question is specific to legislation only. Would be v helpful for me to know