CIPP/E Advice

145791012

Comments

  • gdprstudentgdprstudent Member Posts: 13 ■■■□□□□□□□
    In my experience (having taken CIPP/e twice), you pick 1 answer from a possible 4. It could be “which is correct?”, or which is “false”, or “which is the least”, or “which is the most” or “abc and 123 are created for what?”

    Hope this helps
  • cope206cope206 Member Posts: 4 ■■□□□□□□□□
    Hello everybody! I took the test today and cleared it with 88/80/83. It was hard but what I'd like to say is that it is quite logical. Maybe helps someone, so I will share my studying routine: I read the book twice paying much attention. No detail is too small!!! Also the GDPR with it's recitals and as an extra effort I read wp29 various opinions and some ICO rulings. I studied for 5 days straight for 10-12 hours a day. I must say that while I was familiar with GDPR, only in the past 5 days I went in depth with it. Anyway, good luck to everyone studying for the test. All the best!
  • Infosec_SamInfosec_Sam Admin Posts: 527 Admin
    cope206 said:
    Hello everybody! I took the test today and cleared it with 88/80/83. It was hard but what I'd like to say is that it is quite logical. Maybe helps someone, so I will share my studying routine: I read the book twice paying much attention. No detail is too small!!! Also the GDPR with it's recitals and as an extra effort I read wp29 various opinions and some ICO rulings. I studied for 5 days straight for 10-12 hours a day. I must say that while I was familiar with GDPR, only in the past 5 days I went in depth with it. Anyway, good luck to everyone studying for the test. All the best!
    Congratulations on the pass!! You should post that in its own thread! That's quite the studying routine - you must be ready for a break. Thank you for sharing your experience!
    Community Manager at Infosec!
    Who we are | What we do
  • jasrichjasrich Member Posts: 1 ■■□□□□□□□□
    cope206 said:
    Hello everybody! I took the test today and cleared it with 88/80/83. It was hard but what I'd like to say is that it is quite logical. Maybe helps someone, so I will share my studying routine: I read the book twice paying much attention. No detail is too small!!! Also the GDPR with it's recitals and as an extra effort I read wp29 various opinions and some ICO rulings. I studied for 5 days straight for 10-12 hours a day. I must say that while I was familiar with GDPR, only in the past 5 days I went in depth with it. Anyway, good luck to everyone studying for the test. All the best!
    Sorry, which book, exactly. People refer to the IAPP Handbook, but there are several.

    Thanks.
  • cope206cope206 Member Posts: 4 ■■□□□□□□□□
    jasrich said:
    cope206 said:
    Hello everybody! I took the test today and cleared it with 88/80/83. It was hard but what I'd like to say is that it is quite logical. Maybe helps someone, so I will share my studying routine: I read the book twice paying much attention. No detail is too small!!! Also the GDPR with it's recitals and as an extra effort I read wp29 various opinions and some ICO rulings. I studied for 5 days straight for 10-12 hours a day. I must say that while I was familiar with GDPR, only in the past 5 days I went in depth with it. Anyway, good luck to everyone studying for the test. All the best!
    Sorry, which book, exactly. People refer to the IAPP Handbook, but there are several.

    Thanks.
    Hi. We are talking about the book European Data Protection Law and Practice by Eduardo Ustaran. You can find it on IAPP store. It is the 2018 edition. The body of knowledge follows this book. Good luck!
  • one2threeone2three Member Posts: 7 ■■□□□□□□□□
    I'm looking to get next month the CIPP/E and CIPM exams, maybe both on the same day.
    I know you don't pass an exam without studying but I'm not keen on spending that amount of money on the book+courses+sample questions and other stuff.
    I am working in Privacy full time for about 2 years with a lot of projects under the belt (financial, health, gaming, you name it) and I am currently a full time DPO for a pretty big company, so this GDPR and ePrivacy is very familiar to me. I just want to have some insight from people who took the exam:
    1. Is the IAPP book worth spending money on it when I already have tons of privacy material and even Maastricht University courses and guides;
    2. Do the question have any specific challenge (sentencing, very ambiguous answers)? Is it worth to buy the samples?
    3. Will it be ok to take both exams on the same day or there is a very high risk of burnout for the second exam? 
    4. Will I need to invest so much time in studying? I mean 60 hours is close to what I put in my master's degree
    5. Are the tech questions really tech or just refer to security principles or concepts?

    Any insight would be great
  • newatthisnewatthis Member Posts: 10 ■■■□□□□□□□
    I can only confirm that the sample questions are a waste of resources as they are far too easy. The rest of your questions are difficult for me to answer without knowing your knowledge. I read the book twice, read the GDPR, did an online GDPR course through one of the MOOCs, and spent a good 30 hours studying and missed by one question. The questions are not normal. They are tricky. In some cases none of the options make any sense whatsoever, in other cases two of the "right" answers look identical but one is the double negative of the other. 
    Some of the questions related to prior legal structures which I dismissed when studying because why does law no longer in effect matter?
    I am now studying for my second attempt. This time I will pay more attention to the roles of data supervisors, penalties, and the process of reporting a breach as I realized I was a bit light in that area. 
    It is certainly possible to have a good understanding of privacy law based on experience in order to be able to navigate the questions, but this is not a normal exam. I have three university degrees and this is the toughest test I have come across.
    I think they have a very large question bank so there is some luck of the draw as to which questions are set on your exam and my experience next time might be completely different. I would say that 90% of the questions covered material found in the book. Maybe a bit more? 
    If you have a good knowledge base I would say there's no issue with 2 exams on the same day, but that one is totally up to your ability to absorb knowledge. The exam wasn't draining, it was just baffling. Multiple choice isn't draining in the same way that an exam with only one or two questions for 3 hours can be.
  • one2threeone2three Member Posts: 7 ■■□□□□□□□□
    Thanks for the info!
    As an advice on approach, all GDPR principles are based on logic and, believe it or not, common sense. So if you have dobts on questions just follow that.
    The former legislation is a must. Why? If you check art 44-46 GDPR on third country data transfers you will se that the requirements from 2001 and 2004 EU Commision legal view on standard contractual clauses still apply, and they were never made obsolette by the GDPR. Also check the ePrivacy requirements on consent and some ICO view on soft consent. You will be ready for any trap question on these issues (even a lot of privacy practitioners fall for those). 
    Also know very well the principles, legal basis and data subject rights. A lot of what you will do will be based on those requirements (art.4-22 GDPR).
    For art. 26-39 GDPR it's limited info there. The real comprehension of those things you will get from the art.29 WP guidelines ( op.1/2010 on controller/processor, opinion on consent, on DPO and on DPIA) Also check the guidelines on data portability and employee consent(deemed not valid). It has some points there to take you out of the fog.(I'm still restricted to post the links)
    And if you want to go for advanced stuff there is a very good framework for DPIA on french authority's website (CNIL) and a great "privacy by design guide" on from the Norwegian one.
    Hope I can help with right directions to ace the next test.
  • pmcvpmcv Registered Users Posts: 2 ■■□□□□□□□□
    I just passed the exam with 428. I think the best way is to study the Regulation itself in depth. Lots of the questions related to ART.29 WP Guidelines/Opinions, so you should know that as well. The glossary you can find in the IAPP was helpful for me to. The questions are kind of tricky but lots of options can be eliminated using logic. As for the exam itself there is plenty of time to complete and review it. 
  • gdprnewbie30gdprnewbie30 Member Posts: 1 ■■□□□□□□□□
    Hi Guys,

    I am passed the CIPP/E yesterday on my 2nd attempt, score is 88/77/67.

    I do not have any prior experience in Privacy. For anyone who wants to take the exam, read the regulation (GDPR) thoroughly and understand it. Also, they are some guidance notes on WP29's website on various areas for example, processing employee data processing, profiling and mutual assistance between supervisory authorities. I found the notes very useful because they had scenario examples that explained the GDPR concepts.

    Also, time yourself as it is easy to spend time on one question most especially the scenario questions. 

    Hope this helps.
  • newatthisnewatthis Member Posts: 10 ■■■□□□□□□□
    I just passed the exam on my second attempt, 89/76/75, 364. Such a huge relief. I studied the book again in more detail and read a number of the WP29 opinions on the IAPP website. I looked for any scenarios I could find about privacy topics like how supervisory authorities work, when the GDPR applies to companies not based in the EU, DPIAs and DPOs, consent, ePrivacy, pretty much anything I could find where they applied the GDPR to scenarios. There's quite a bit in the resources on the IAPP site, grouped by category, and then more again on the EDPB site (the IAPP also has a page with links to all of the EDPB/WP29 opinions). Basically, every single detail in that book is fair game! (in detail, no less!)
  • one2threeone2three Member Posts: 7 ■■□□□□□□□□
    I just passed my exam today with 366 on the first try. It helped me a lot working in the field and I must confess I tried to partially wing it. As my experience goes this is the advice:
    - study the GDPR, know the GDPR and also have insight of the ePR directive;
    - find and document the court cases and especially the recent DPA's fines and the reasoning (except the Polish fine this year, it has some conflictual reasoning) - don't need to learn it, need to understand the why, always the way, so you can solve the cases;
    - study the WP 29 opinions for also understanding the principles especially for employment, sensitive data, consent, controller-processor (also to understand the reasoning);
    - don't learn the book by heart, it will help you to a point and that's it but will not make you pass the exam if you don't understand it;
    - if you are new to the field make flashcards with the analysis flow ( process/case-> basic principles -> data subject rights-> special category processing;
    - have an idea about how the EU authorities work (it goes on the same principle as all government institutions - checked by the other 2 powers of a democratic system);
    - all of privacy is based on logic and common sense - yes it's that simple;
    - once you've finished just review the questions that you have incomplete, don't go over the others, the exam is made in a way that if you are not sure it will sc**w you up, trust your first rational thinking;
    - take your time with the cases, you have lots of time at hand ( I finished my exam in 75 mins), all the info is there, you need to spot the tweaks, once you do answer will resume to logic.
    Hope it was helpfull.

  • PTnomadPTnomad Member Posts: 5 ■■□□□□□□□□
    Canyon said:
    Passed CIPP/E last week. Didn't take the training course. Bought the book and the sample exam questions online. I feel the exam is difficult and the sample exam questions are not representative of the questions in the actual exam.

    My advice for what it is worth:

    1. Prepare a flow chart or diagram that outlines the GDPR decision making process. The flow chart needs to be something that you can sketch out, in a few minutes, from memory, on the scrap paper they give you in the exam. This flow chart is going to be the basis for at least 50% of the questions and will help you think through the steps clearly when faced with the long, and deliberately confusing, fact patterns.

    (Having some typed notes on each article of the regulation is like having an engine in a million parts, whereas a flowchart is a working engine. I had the misfortune of trying to put the engine together in the middle of the exam - which made the exam much more difficult than it needed to be.)

    2. Learn the GDPR article numbers (1-50). Many questions reference the article number only and then ask a question such as "in light of what it states in article X" pick the best answer below. 

    3. Read the questions very carefully - especially the short ones where it is just one sentence. I caught myself picking the wrong answer a few times as I had misread a word. 

    4. Focus in greater depth on the subject areas that have the most questions - as detailed on the exam blueprint. Some subject areas have 13 questions whereas others have 3. Don't give each subject area equal study time. 

    5. The UK ICO is a great source of information on GDPR and has good examples of how the Regulation applies to real life fact patterns.




    I am a US Privacy Manager and work with GLBA Reg P notices and I failed the first try. I have years of privacy program working experience. I scored 100% on the IAPP practice test and all the Quizzes contained in the IAPP's GDPR Online training. In my opinion, the online "training", and practice test sold by the IAPP will give you the impression that the test focus is good conceptual knowledge. The questions introduce almost right answers so you need to know the most correct answer. The scenarios are lengthy and written to pop smoke on real issues. Very few T/F

    I am using these additional resources: 
    I downloaded this book and also ordered the paperback from them it took about 5 weeks to arrive. 
    fra.europa.eu/en/publication/2018/handbook-European-data-protection-law
    Alston Bird - alstongdprtracker.com/resources-webinars/ also has a lot of handy material like this "Pocket Guide" it's in Flash
    files.alston.com/files/docs/GDPRPocketEditionFB/HTML/60-61/index.html
    The European Data Protection Supervisor  - edps.europa.eu/

    Best regards to all.
  • AlwaysStudyingAlwaysStudying Member Posts: 43 ■■■□□□□□□□
    Try Quizlet, in addition and WP29 notices........
  • PTnomadPTnomad Member Posts: 5 ■■□□□□□□□□
    I took your suggestions about the WP29 opinions and also re-read the IAPP book in addition to the books from the EU. I also purchased - 

    Real CIPP/E Prep: An American’s Guide to European Data Protection Law And the General Data Protection Regulation (GDPR) by Gordon Yu 

    It was somewhat helpful.  I passed the second time after a 6 week break between the first and second test. I am reading for the CIPM now and hope to schedule that in 2-3 weeks. I don't think it will be as hard.
  • AlwaysStudyingAlwaysStudying Member Posts: 43 ■■■□□□□□□□
    You would think so - because only 2 domains......
    don't underestimate it,it is just as challenging....... :o
  • MarinadMarinad Member Posts: 11 ■■□□□□□□□□
    such valuable advice
  • MarinadMarinad Member Posts: 11 ■■□□□□□□□□
    thank you so much, you help me a lot!
  • AlwaysStudyingAlwaysStudying Member Posts: 43 ■■■□□□□□□□
    Hi All...
    If you are studying for the CIPP/E and want
    The European Data Protection book by Eduardo Ustarian & European Data Protection Participant Guide (from IAPP), both new for a great price, PM me. 
  • TightTeeShirtTightTeeShirt Member Posts: 11 ■■■□□□□□□□
    edited July 2019
    senwar said:\

    Unfortunately, I failed a resit of the above on Friday. My scores across the 3 Domain's were 83/59/83 and a score of 274.

    I'm trying to find out how close I was, 1, 2, more questions? Obviously domain 2 is what has done me. But I'm a bit stumped.
    I passed the CIPT last month and I've been studying for the CIPP/E the last two or so weeks largely with some of the "lessons learned" in this thread.

    That said, I've noticed a few posts like the quoted one above where people think they're super close, or wondering why they passed on a second attempt even if they did worse on the first module the second time around. PLEASE see the CIPP/E Examination Blueprint that IAPP has on their website. I'm not allowed to post links but if you google "CIPP_E_EBP_2.1.0.pdf" you'll find it.

    It actually lays out quite blatantly what to expect for the exam in terms of how the material is weighted. Basically what you're looking at is: 4 to 10 questions from Module 1, 40 to 66 questions from Module 2, 12 to 25 from Module 3.

    It's just a bit funny because there were a few instances of people thinking IAPP was trying to scam people out of money or whatever due to frustration but I didn't see the "examination blueprint" pdf mentioned once, and it breaks down the number of questions to expect not just by module but topic...
  • gdprstudentgdprstudent Member Posts: 13 ■■■□□□□□□□
    How did you find the CIPT? I was thinking of doing this to get the hat trick but haven’t seen huge demand on the jobs boards for this certification (whereas CIPP/e and CIPM is mentioned quite often whenever roles are advertised).



  • TightTeeShirtTightTeeShirt Member Posts: 11 ■■■□□□□□□□
    How did you find the CIPT? I was thinking of doing this to get the hat trick but haven’t seen huge demand on the jobs boards for this certification (whereas CIPP/e and CIPM is mentioned quite often whenever roles are advertised).



    From a privacy standpoint it will teach you nothing more than the CIPP/E exam (obviously)

    From a tech standpoint, I found it profoundly rudimentary, and lacking any useful depth. I suppose it'd impress somebody though if it helps you achieve IAPP's "FIP" stamp *shoulder shrug*
  • PTnomadPTnomad Member Posts: 5 ■■□□□□□□□□
    You would think so - because only 2 domains......
    don't underestimate it,it is just as challenging....... :o
    I passed the CIPM last week. I went in to take it 3 1/2 weeks ago. I got to question 10 and Pearson Vue had a system failure. I wasn't able to fit it in for rescheduling until last week. I wanted to let you know that it was indeed challenging. Glad I'm done with it and especially the CIPP/E
  • rihangrihang Registered Users Posts: 10 ■■■□□□□□□□
    Cleared the CIPP/E yesterday with 75/78/75, total 352.
    For anyone who needs guidance, I suggest you read the IAPP book by Eduardo Ustaran - European Data Protection Law and Practice thoroughly and carefully, twice, and preferably once immediately before the exam. A bit of an exaggeration, but I feel no amount of practical experience can get you through this exam without reading this book.
  • kttandonkttandon Member Posts: 1 ■■□□□□□□□□
    I cleared CIPP/E today (first attempt) with 88%/89%/100%, total score of 439. I studied the prescribed book and actual GDPR text/recitals (very thoroughly), some WP29 and ICO guidelines. The exam had a number of case-based questions, which consumed a good section of the time, making it extremely important to manage the time well. There were some direct questions from WP29 and ICO guidelines. Some very important sections as noticed were: controller processor responsibilities and breach notification which covered a good section of the exam.
  • TightTeeShirtTightTeeShirt Member Posts: 11 ■■■□□□□□□□
    Sitting for the exam tomorrow. Looking through the CIPP/E Exam Blueprint again. Looking at all the little subsections it provides, reading over them in the provided coursebook(pdf) and reading over the WP29 notices. I really hope i pass first attempt. I am SO freaking tired of looking at this stuff.
  • ipiyaliipiyali Member Posts: 6 ■■■□□□□□□□
    The CIPP/E exam program will experience an annual update that goes into effect September 1, 2019. Anyone has experience whether this is a regular thing and does not impact the much whether we take the exam in august or sept
  • TightTeeShirtTightTeeShirt Member Posts: 11 ■■■□□□□□□□
    edited July 2019
    I am at an absolute loss of words. Taking the exam felt wrong from the start. When I took my CIPT it was around 1300(1PM) in the afternoon. Despite being an early riser, the 0800(8AM) time for my CIPP/E was just a bad idea.

    5 questions in and i was noticing I had to reread questions 3 times because my brain hadn't fully "booted up". I offset this by skipping and ignoring the scenario questions COMPLETELY. I just flagged them, and skipped through till the questions returned to normal format.

    By the time I finished the normal questions, I had 100 minutes remaining and my brain had felt considerably more "locked in" That left me with all that time to go over the 6 to 8 scenario questions I had skipped through. By the time I was done with the scenario questions I had 35minutes left, so i started to click through the entire exam from the start, but by question 40 I was so sick of looking at questions i said "screw it" and skipped to exam submission.

    Keep in mind, I changed TWO of my answers in the first 40 questions I reviewed of the 90 total. Exam submitted and PASS!!!

    Was super happy but played it cool and went to get my personal belongings from the locker while they print out my test score. This is where my mouthed dropped... They brought me my paper and I scored 67/67/67 across all 3 domains with a score of 300... CANT MAKE THIS UP. It appears I legitimately passed by one question. The test gods had mercy on my reckless ass today and I am immensely grateful.
    ipiyali said:
    The CIPP/E exam program will experience an annual update that goes into effect September 1, 2019. Anyone has experience whether this is a regular thing and does not impact the much whether we take the exam in august or sept


    **To answer this question, I don't think it's a regular thing at all. From what I read about the announcement it would not affect July or August tests at all. They just said "10% of the CIPP/E material will change" as I think they're phasing out the WP29 stuff. 
  • anniehgganniehgg Member Posts: 3 ■■□□□□□□□□
    Congrats @TightTeeShirt! What a rollercoaster! 
  • LAWYER2LAWYER2 Member Posts: 37 ■■■□□□□□□□
    I haven't taken the CIPP/E but have been preparing for the US, sitting next week. I've been playing close attention to the Exam Blueprint and trying NOT to devote to many mental resourcs on areas that won't carry much weight. To me, it's akin to extensively studying the 'Rule against Perpetutities' in property law for those who sat for the bar exam. Just not worth the effort to devote the extra mental resources to something unlikely to be tested heavily. 
Sign In or Register to comment.