CIPP/E Advice

Matthaios55555

DPO_London said:

Hey Team - 

I passed the CIPP/E today with a 400 (89/83/83) and could not have done it without this thread. 

Here's what I did (they are all A MUST): 

1. Read the textbook once but took notes. 
Trying to link the notes (says I haven't been around long enough to post links): drive dot google dot com/file/d/1V75vFax4zBpzdu2zGEBHIeu42wlN0_yJ/view
Credit to to soltiske for these!! I started reading with their notes and edited. 
2. Read the GDPR - Needs to be almost memorised by the end of the study time. Every exception to every right. Every length of time mentioned. Exact definitions. Even into articles 83+.  
3. Read the WP29 opinions (no notes) on Consent, Profiling, Legitimate Interest, Transparency, and Breach Notification (should be listed as required reading as they are literally referenced in the test)

5. Answered the practice questions/test from IAPP and read their explanations. Not as useless as some claim; but yes not as hard as the real test. I got 2 wrong when I did that. One of the quizlets has those questions built in but no explanations. 
6. Had to watch this playlist and several others to understand the terribly-named EU institutions: youtube dot com/playlist?list=PLqNq8AGWK_cmguZHPRMxrO-leUD5H-Dsr

Test impressions -
As others said - slightly poorly written with subjective questions or requests for minute details.  Several questions about who can sue, how they can sue, what damages they could receive. Don't recall that in the book. Questions about the OECD (barely mentioned in book). Yes, scenarios have a ton of extraneous info. Reading the questions beforehand helps slightly. Reviewing all questions again helped as sometimes later questions enlightened previous answer choices. Spent 2 hours on the test and then ~25 min reviewing answers. 

OK that's all I can think of for now. Good luck, friends.

thank you so much for your tips!!! Really appreciated! 

arana

DPO_London said:

arana said:

Thanks so much for this DPO and congrats on passing !! Your tips are super helpful as they give much needed clarity on exactly what needs to be studied - could you pls let me know in terms of actual legislation, other than the GDPR, which other law / directive / guidelines should be read for this test? There are so many of them, and I’m confused if memorising GDPR as mentioned by you and many other posters is sufficient ? My question is specific to legislation only. Would be v helpful for me to know 

No need to actually read the text of other legislation. Info from the textbook will be enough usually to pass, I think. However, my test had two questions referencing the OECD guidelines and there wasn't enough of that in the book so.. Possibly the fringe subjects like LEPD and OECD guidelines could be good to get more info about.. Still don't think you have to read the legislation text though. 

Thank you so much! That's a relief, will generally read whatever extra legislation I can, and focus on the areas already covered in the book. 

arana

newatthis said:

Best advice I can give, having taken the exam twice, is to know the book, GDPR, WP29, and look for the opinions. I wrote a post on this in about April/May outlining the sources I used to finally pass, including where I found these opinions. The opinions do a great job of bringing the regulations to life and bits of wisdom I found there were very big help for the exam questions. There is some luck of the draw in terms of which questions you get as they have many questions in the question bank with varying degrees of quality. Some of them don't make any sense, but I didn't see those ones in my second attempt (and if I had gotten one of them right I wouldn't have needed a second attempt!).

The only needed legislation was GDPR (in terms of going and finding it and reading it), but absolutely anything in the book is fair game for the exam, including prior legislation. Take that literally. The smallest bit that doesn't seem significant in the book could very well be part of a question.

Thank you. Will look for your post, can't seem to search with your name. 

royds7

is it a good idea to take the membership ?

also after you have passed the exam (CIPP/E) - do you need to immediately pay maintenance fees ? if not, when is it due ?

royds7

Canyon said:

Passed CIPP/E last week. Didn't take the training course. Bought the book and the sample exam questions online. I feel the exam is difficult and the sample exam questions are not representative of the questions in the actual exam.

My advice for what it is worth:

1. Prepare a flow chart or diagram that outlines the GDPR decision making process. The flow chart needs to be something that you can sketch out, in a few minutes, from memory, on the scrap paper they give you in the exam. This flow chart is going to be the basis for at least 50% of the questions and will help you think through the steps clearly when faced with the long, and deliberately confusing, fact patterns.

(Having some typed notes on each article of the regulation is like having an engine in a million parts, whereas a flowchart is a working engine. I had the misfortune of trying to put the engine together in the middle of the exam - which made the exam much more difficult than it needed to be.)

2. Learn the GDPR article numbers (1-50). Many questions reference the article number only and then ask a question such as "in light of what it states in article X" pick the best answer below. 

3. Read the questions very carefully - especially the short ones where it is just one sentence. I caught myself picking the wrong answer a few times as I had misread a word. 

4. Focus in greater depth on the subject areas that have the most questions - as detailed on the exam blueprint. Some subject areas have 13 questions whereas others have 3. Don't give each subject area equal study time. 

5. The UK ICO is a great source of information on GDPR and has good examples of how the Regulation applies to real life fact patterns.

Canyon - may be it's too late, but could you please share any diagram that you may have for the betterment of all the test takers ?

arana

arana said:

newatthis said:

Best advice I can give, having taken the exam twice, is to know the book, GDPR, WP29, and look for the opinions. I wrote a post on this in about April/May outlining the sources I used to finally pass, including where I found these opinions. The opinions do a great job of bringing the regulations to life and bits of wisdom I found there were very big help for the exam questions. There is some luck of the draw in terms of which questions you get as they have many questions in the question bank with varying degrees of quality. Some of them don't make any sense, but I didn't see those ones in my second attempt (and if I had gotten one of them right I wouldn't have needed a second attempt!).

The only needed legislation was GDPR (in terms of going and finding it and reading it), but absolutely anything in the book is fair game for the exam, including prior legislation. Take that literally. The smallest bit that doesn't seem significant in the book could very well be part of a question.

Thank you. Will look for your post, can't seem to search with your name. 

Hi @newatthis - I'm unable to find this post of yours. Is it possible for you to share it, I want to make sure I don't miss out on any WP29 opinions and guidance .. 

newatthis

I scrolled up to page 7 and found what I wrote, hope this helps:

I just passed the exam on my second attempt, 89/76/75, 364. Such a huge relief. I studied the book again in more detail and read a number of the WP29 opinions on the IAPP website. I looked for any scenarios I could find about privacy topics like how supervisory authorities work, when the GDPR applies to companies not based in the EU, DPIAs and DPOs, consent, ePrivacy, pretty much anything I could find where they applied the GDPR to scenarios. There's quite a bit in the resources on the IAPP site, grouped by category, and then more again on the EDPB site (the IAPP also has a page with links to all of the EDPB/WP29 opinions). Basically, every single detail in that book is fair game! (in detail, no less!)

arana

newatthis said:

I scrolled up to page 7 and found what I wrote, hope this helps:

I just passed the exam on my second attempt, 89/76/75, 364. Such a huge relief. I studied the book again in more detail and read a number of the WP29 opinions on the IAPP website. I looked for any scenarios I could find about privacy topics like how supervisory authorities work, when the GDPR applies to companies not based in the EU, DPIAs and DPOs, consent, ePrivacy, pretty much anything I could find where they applied the GDPR to scenarios. There's quite a bit in the resources on the IAPP site, grouped by category, and then more again on the EDPB site (the IAPP also has a page with links to all of the EDPB/WP29 opinions). Basically, every single detail in that book is fair game! (in detail, no less!)

arana

arana said:

newatthis said:

I scrolled up to page 7 and found what I wrote, hope this helps:

I just passed the exam on my second attempt, 89/76/75, 364. Such a huge relief. I studied the book again in more detail and read a number of the WP29 opinions on the IAPP website. I looked for any scenarios I could find about privacy topics like how supervisory authorities work, when the GDPR applies to companies not based in the EU, DPIAs and DPOs, consent, ePrivacy, pretty much anything I could find where they applied the GDPR to scenarios. There's quite a bit in the resources on the IAPP site, grouped by category, and then more again on the EDPB site (the IAPP also has a page with links to all of the EDPB/WP29 opinions). Basically, every single detail in that book is fair game! (in detail, no less!)

Thank you! Wasn't sure if it was this one, thanks for taking the effort to go back and find it. 

M89

Hello, 

I took the exam last Thursday for the first time and passed it with the following score: 
448
I. Introduction to European Data Protection: 100%
II. European Data Protection Law and Regulation 93%
III. Compliance with European Data Protection Law and Regulation 83%

I must say that when I found this discussion threat and read it, I started panicking. I thought the exam was going to be super difficult with lots of tricky questions. I think it was not that hard. There were many straight forward questions. I completed the exam in 1h 20 min. I then spent 30 min going through all the questions again. Plus 15 more minutes focusing just on the questions I had flagged. 

What I did to prepare the exam:

- I studied the book (Eduardo Ustaran's) very well. I highlighted it, took notes and read it completely for 3-4 times. TIP: while you read the book, compare the text with the GDPR. Sometimes there are things missing or that cannot be understood correctly without the text of the GDPR. 

- I studied the GDPR. I knew very well articles 1-50 (including all exceptions, timing), articles regarding cooperation procedure, consistency mechanism and administrative fines (know which fine corresponds to each article - there was a question on this). Also, even if you don't know by heart the powers of supervisory authorities, you should read them couple of times (I had a question on this and I could identify which was the power corresponding to the SA because I read it before and sounded familiar). 

- I also read some of the WP29 guidelines but I would only recommend doing this if there are concepts that are still not very clear to you. The questions I got regarding WP29 were examples they mentioned in their guidelines. Honestly, after reading a 30 page guidelines I cannot remember all the examples in there. 

Good luck!

PrivyProf

Hi All,

Before posting anything, I would like to take a moment and thank to all of you who has posted about their experiences over here. It helps a lot.

Last week I passed my CIPP/E exam with a score of 343 (Domain 1 - 63%, Domain 2 - 78% and Domain 3 - 75%).

I must say passing this exam is not at all a walk in the park; but also it's not super hard. If you prepare well GDPR Regulation Text and Book by Eduardo Ustaran, that will be sufficient. But make sure you understand each and every point within them.

I would also suggest you to go through some of the guidelines published by WP29 which would help you to under certain concepts in details and which would help you to answer the questions during exam. WP29 has explained with examples so it becomes easy to understand the concept and practical application of the Regulation.

In a nutshell, if you understand the concept you can pass the exam easily. Prepare to understand the concept and not to clear the exam. If you understand you will definitely clear your exam.

Best of Luck and Thanks once again !!

PrivyProf

Hi All, 

I am planning to prepare and take exam of CIPM in a month or two. How should I prepare, what all things should be considered while preparing?

Is official book available from IAPP store sufficient to clear the exam or any other resources which has to be referred? How much time is required to prepare for CIPM? Is it difficult than CIPP/E?

Any suggestions would be appreciated.

THANKS IN ADVANCE !!! 

lizette1121622

Hi All! Does anyone have a CIPM outline?

lizette1121622

All you need for the exam is the GDPR text and the outlines. I completed the exam with 60 minutes remaining and used the remaining time to review. Understand the regulation thoroughly. There were a couple of WP 29 questions. I guessed since I did not focus on the opinions and still passed.

MissW

I have the exam soon and have heard all kinds of horror stories about the scenario / questions. Any advice? I've read the guides / BoK etc, and taken the quizlet practice exams but apparently they aren't like the actual exam.

Does anyone have any examples of the types of questions / scenarios to better prepare myself?

Matthaios55555

 A quick question: consent coupled with a discount is not freely given?

AD12345

Correct, in GDPR consent must be freely given and not tied to anything (which is why employee/employer consent is so tricky, there is a lack of balance in that relationship).

Art 7 of the GDPR, section 4 states:

When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.

Think of the discount code as a contract. Consent for data processing cannot be free when required for a contract, so C is the correct answer here.

My question to you is, where did you get this question from? I am always looking for more resources.

AD12345

So this is actually a really tricky question. I found this paragraph in the Handbook on European data protection law

This does not mean, however, that consent can never be valid in circumstances where
not consenting would have some negative consequences. For instance, if not consenting
to having a supermarket’s customer card only results in not receiving a small
reduction in the price of certain goods, consent could be a valid legal basis for processing
the personal data of those customers who consented to having such a card. There
is no subordination between company and customer and the consequences of not
consenting are not serious enough to prevent the data subject’s free choice (provided
that the price reduction is small enough not to affect their free choice).

I guess in order to properly answer the question posed, two other questions need to be answered.

1. If the customer withdraws consent for using the survey data, will they lose the discount?

2. What is the survey data?

IPcoast

Could someone share Lizette's outline for the CIPP E? It is no longer available at the original dropbox link...

JoeBlack99

IPcoast said:

Could someone share Lizette's outline for the CIPP E? It is no longer available at the original dropbox link...

You can find one in the CIPP prepartion group on Linkedin..

JoeBlack99

Or here: studycippe[dot]com/wp-content/uploads/2019/10/European-Data-Protection-Basic-Outline.pdf

IPcoast

Thanks JoeBlack99 but the outlines/ training are paid and not at all cheap there. @lizette1121622, would it be possible to share your outline again? 

AD12345

AD12345 said:

So this is actually a really tricky question. I found this paragraph in the Handbook on European data protection law

This does not mean, however, that consent can never be valid in circumstances where
not consenting would have some negative consequences. For instance, if not consenting
to having a supermarket’s customer card only results in not receiving a small
reduction in the price of certain goods, consent could be a valid legal basis for processing
the personal data of those customers who consented to having such a card. There
is no subordination between company and customer and the consequences of not
consenting are not serious enough to prevent the data subject’s free choice (provided
that the price reduction is small enough not to affect their free choice).

I guess in order to properly answer the question posed, two other questions need to be answered.

1. If the customer withdraws consent for using the survey data, will they lose the discount?

2. What is the survey data?

I went to the WP 29 opinions for an answer and found this:

Article 7(4) GDPR indicates that, inter alia, the situation of “bundling” consent with acceptance of terms or conditions, or “tying” the provision of a contract or a service to a request for consent to process personal data that are not necessary for the performance of that contract or service, is considered highly undesirable. Consistent with what I said earlier.

iapp.org/media/pdf/resource_center/20180416_Article29WPGuidelinesonConsent_publishpdf.pdf

AD12345

Failed my exam after almost 100 hours of studying, this test is a bad joke. Like what many other people experienced here, poor quality questions with either multiple or no correct answers, questions asking you specifically how a directive applies by name only (e.g. how does Directive 93/42/EEC apply?) Excessive questions on gray areas. Overall, unless you have a good reason to take this, avoid this joke of an exam.

butlertran

What is the name of the GDPR book by Eduardo Ustaran?

AlwaysStudying

butlertran said:

What is the name of the GDPR book by Eduardo Ustaran?

European Data Protection -Law and Practice..
Private Message me, if you want brand new at a special price...

butlertran

Any mention of GDPR Recitals on the CIPP/E exam?

one2three

Matthaios55555 said:

 A quick question: consent coupled with a discount is not freely given?

It's the same case as having an online lottery for a prize:

1. Any prize campaigns, lotteries or competition, before you start it, as a company, you need to register the rules, regulation, period and terms of the event to the authorities (commercial ones, not privacy ones). Those documents have the same legal value as any T&C

2. When you agree with the T&Cs of an app, software, platform or even worse (google fonts or "free" third party libraries) you enter a legally binding contract. So read all of them carefully, especially website developers (lots of tracking there you cannot control). It's the same with discounts, lotteries and/or competitions.

3. This case goes on the same category: it's art. 6(1)(b) of the GDPR - performance of a contract. You will need specific privacy notice for this and also, depending what you plan to do with that survey data, a DPIA might be mandatory. At the same time you need to comply with all the art.5 GDPR principles and provide individuals with a easy mean to exercise their rights.

And there are also the EDPB guidelines on processing of personal data  in the context of the provision of online services to data subjects: edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines-art_6-1-b-adopted_after_public_consultation_en.pdf

As I said, IAPP questions have a lot of idiotic US lawyer logic in it and the A answer logic could be somehow based on PECB.

But trying to apply their logic I can bet their choice is C

one2three

AD12345 said:

Failed my exam after almost 100 hours of studying, this test is a bad joke. Like what many other people experienced here, poor quality questions with either multiple or no correct answers, questions asking you specifically how a directive applies by name only (e.g. how does Directive 93/42/EEC apply?) Excessive questions on gray areas. Overall, unless you have a good reason to take this, avoid this joke of an exam.

A lot might argue that the Directive is the one that set the principles of processing, but at the end of the GDPR it says it will be null starting may 2018.

On a more on point approach art.45 and 46 GDPR (the ones regarding international data transfers) refer to art. 25 and 26 of the Directive that will still apply until a EC express decision on them.

Hope that solves your questions

one2three

PrivyProf said:

Hi All, 

I am planning to prepare and take exam of CIPM in a month or two. How should I prepare, what all things should be considered while preparing?

Is official book available from IAPP store sufficient to clear the exam or any other resources which has to be referred? How much time is required to prepare for CIPM? Is it difficult than CIPP/E?

Any suggestions would be appreciated.

THANKS IN ADVANCE !!! 

The CIPM book from IAPP is more than enough. If you are familiar to keeping and creating compliance programs, project management and metrics/KPIs for projects you know more than half of the book.

I will personally not go for another IAPP certification unless it will be somehow mandatory to do my job because they're only fancy badges and that's all.

Good luck on the exam!