Data Protection: What is behind CIPP / E, CIPM and CIPT?

Data Protection: What is behind CIPP / E, CIPM and CIPT?


Professional qualifications and expertise are central requirements for a data protection officer. These subject-specific certifications are suitable as proof. […]

Internal and external data protection officers play a central role in informing, advising and verifying compliance with data protection obligations for controllers and processors. Depending on the extent, content and complexity of the processing activities, the performance of data protection tasks places high demands on the professional qualifications and expertise of the data protection officer.

Although not expressly required by law, formal proof of qualification and expertise in the form of certification appears to be of considerable advantage and benefit. Numerous private and public institutions offer more or less extensive qualification courses or certifications for data protection officers in German-speaking countries.

Anyone interested in an internationally recognized certification as a data protection officer cannot avoid the certifications of the International Association of Privacy Professionals (IAPP). With more than 50,000 members, the IAPP is the world’s largest community on the subject. The non-profit organization hosts international conferences and provides in-depth studies, training, certifications, and networking events for privacy professionals.

In this area, the IAPP offers various certifications such as CIPP/E, CIPM or CIPT. The individual certifications cover different aspects of data protection:

  • Certified Information Privacy Professional / Europe (CIPP/E) is fully dedicated to the GDPR and ePrivacy Directive;
  • Certified Information Privacy Management (CIPM) focuses on the planning and implementation of a data protection management system in an international context and
  • Certified Information Privacy Technologist (CIPT) focuses on technical aspects of data protection. The curriculum for CIPT was largely renewed in March 2020 and increasingly focused on IT and cybersecurity content. For now, certification and course materials are only available in English.

Preparation courses for individual certifications are offered in Germany and Austria through official training partners. Certification exams can be booked directly through the IAPP website and conducted in over 6,000 training centers worldwide. The organization provides a number of paid training materials, online courses and information in preparation for the certification exam.

The author of the article himself took part in a certification course. The preparation course was organized by Firebrand Training GmbH, based in Rotenburg an der Fulda. According to its own statement, the company has been one of the world’s top 20 IT training companies since 2009 and has already helped more than 76,000 IT professionals to obtain certification.

A look at the Firebrand Course Center in Rotenburg an der Fulda (c) Horst Greifeneder

The participants were confronted by an IAPP expert over two days with the respective department. Individual course days can take twelve hours and require nightly self-study to prepare for the exam. Several years of practical experience and in-depth knowledge of applicable areas of law are a clear advantage, especially for CIPP/E and CIPM.

The final certification exam, in the form of a multiple choice test, is a real challenge for the mind and body. The exam consists of 90 exam questions on different areas of knowledge of the respective certification and lasts 2.5 hours. Offered answer alternatives require extremely detailed knowledge of the respective certification area and the English technical terms to answer correctly.

The required score for the successful completion of a certification is not communicated by the IAPP and the certification partners. From his own experience, the author estimates that in the respective fields of knowledge for a successful certification over 75 percent of the questions are to be answered correctly.

The participants of the preparatory courses mainly include employees of data protection service providers or internationally active controllers or processors. For example, a certification course at Firebrand Training costs just under 3,000 euros, including the exam fee. The course costs include participation in the two-day preparation course, the course materials, accommodation costs in the seminar hotel and the certification exam. Courses take place in cooperation with selected training providers in Germany and Austria.

In connection with the cost, the question of the value of certifications inevitably arises. “The Privacy Professional certifications of the IAPP are accredited according to ANSI/ISO standard and recognized worldwide. Comprehensive content and the exchange of experience between the course participants additionally increase the practical value of the certification. Certified participants not only know what to do, but are able to implement acquired knowledge into existing corporate strategies and management systems,“ says Firebrand instructor Shaab Al-baghdadi, convinced of the practical benefits of the certifications.

In the future, it is expected that certifications will become more important for data protection officers. For internal and external data protection officers, a recognised and continuously renewed certification provides reliable proof of their data protection-specific knowledge. Last but not least, data controllers and processors are also required to check and prove the professional qualifications of their data protection officers. Internationally recognized certifications seem to be well suited for this.

* Horst Greifeneder is the owner of the Office for Data Protection & amp; Data Security and organizer of the annual Upper Austria Data Protection Day. The experienced data protection expert advises, and supports external data protection officer both nationally and internationally active companies in the planning and implementation of practical data protection Management systems, as well as technical and organizational measures to ensure data security in the processing of personal data

Ready to see us in action:

More To Explore
Enable registration in settings - general
Have any project in mind?

Contact us: