Lawsikho

What is the CIPP exam?

The CIPP exam is the exam for a certification i.e. Certified Information Privacy Professional offered by the International Association of Privacy Professionals (IAPP).

The International Association of Privacy Professionals (IAPP) is a not-for-profit organization and is the largest and most comprehensive global information privacy community.

The IAPP offers four concentrations for this certification, based on different regions:

CIPP/A - covering Asia
CIPP/E - covering Europe
CIPP/US - covering the United States, and
CIPP/C - covering Canada

All four certifications have different exams of their own, different syllabus and different study resources.

Who is eligible to appear for it? Who should appear for it?

The CIPP is a certification. It is not a degree. There is therefore no eligibility criteria for attempting the exam, except that you need to purchase the exam from the website of the IAPP and you need to sign a candidate application statement.

You can find the statement in the last two pages of the handbook here.

Ideally, the following people should appear for this certification exam:

Lawyers and legal and compliance professionals working in companies that have to deal with big data i.e. Healthcare, BFSI, Education, Social Media, E-Commerce etc.
Lawyers looking to move into the field of data protection and privacy laws as a practice area;
Chartered Accountants and Company Secretaries working in or serving clients in data-intensive industries
Young lawyers looking to work in the domain of information technology and data governance and in the data protection departments of companies.

What are the career benefits of cracking the exam? What kind of opportunities can you secure?

The CIPP certification is one of the most recognized certifications by the industry for hiring privacy professionals. Its popularity can be witnessed in the growth of the certifications and membership numbers of the IAPP.

The IAPP hit the numbers of 25000 certifications and 50000 members, both in 2019. While they took 12 years to hit their first 10000 certifications, they increased by 15000 in the next seven years.

While the current numbers are unknown, it is very likely that they will hit their next landmark much faster.

This is not surprising, considering the salary levels of professionals who hold the Certified Information Privacy Professional (CIPP) certification. When the demand for some skills is higher than the supply, this is what happens.

screenshot

The variety of positions that you can secure includes privacy managers, compliance managers, privacy counsel, privacy analyst, data privacy consultant, privacy specialist, data privacy advisor, etc.

Multinational companies and tech startups that are expanding out of the country are highly interested in hiring lawyers who can understand the federal and state data privacy laws and the CIPP certification can go a long way in convincing them that you have knowledge in this area.

The IAPP itself has many jobs listed on its portal in the Career Central area.

Who can be your employers / clients?

Large multinationals which have a privacy and data protection department, looking to hire employees who have a greater understanding of multi-jurisdictional data protection laws;
Startup entities looking to expand to multiple countries which become subject to global data protection regulations but cannot afford to hire large teams to ensure compliance;
Tech law firms around the world which are small or medium-sized, looking to build their capacity at lower cost by outsourcing paralegal work remotely
Small businesses around the world, looking for guidance on compliance with data protection laws for their websites and agreements;

What are the challenges faced by candidates attempting the exam?

Here are some of the issues that the candidates face while attempting this exam:

The first issue that candidates face is that the syllabus isn’t fixed. The body of knowledge available on the IAPP website is basically an outline. It doesn’t mean that those are the only things that will be asked. It is essential for students to buy the textbook which costs USD75 and the textbooks are often not updated to the latest year.
The questions asked are situational. The available resources train people on law, but there’s no guidance on how to apply it to specific situations.
There are not many live classes and sessions available and where they are available, they are concentrated within 2-4 days and are prohibitively expensive.
One of the biggest challenges that candidates face is the unavailability of mentoring and handholding sessions for any doubts that they may have or any gaps that they face in understanding the legal concepts. They do not know whom to reach out to, to get the gaps sorted or doubts cleared. If they do find someone, they aren’t sure the person will guide them correctly.
The laws in this domain are updated fairly frequently. It is very difficult to keep track of the changes in developments and often textbooks do not take care of the changes. There is also a lack of clarity on what can be the correct resources to use, to keep a tab of the changes and a complete lack of a system on how to do this.

How much does CIPP training cost from different providers?

CIPP/E online training from IAPP will cost you from USD 1195 to 2390 (approximately INR 88,000 to 1,78,500).
Pembroke Privacy provides live online training (only for CIPP/E) (see here) and this includes four full day sessions as well as the textbook and course notes (but no sample questions) and is priced at EUR1,295 (approximately INR1,32,500). Again, there are no mentoring and handholding sessions available.
AllNet Law provide live online instructor led sessions for CIPP/E, concentrated over 4 days (14 hours) including the IAPP textbook, one year membership, course notes, sample course exam questions, online mock exam, revision flashcards and free refresher classes, but it is priced at GBP1,395 (approximately INR 1,43,180).

How much preparation does the certification require?

Although IAPP states that the required preparation hours are 30, most candidates find it difficult to grasp the entire syllabus in that much time. If you are totally new to this area, the required time can be almost double for you.

If you space out your learning over 2 months and put in 8 hours in a week (1.5 hours per day for 5 days + time for mock tests), this will add up to 64 hours, which can be sufficient. This is what we will be doing in this test prep course.

How can LawSikho help?

LawSikho enables you to choose training for any one of the four concentrations - CIPP/E, CIPP/US, CIPP/C or CIPP/A at only INR20,000.

LawSikho is the only organisation providing live online training for all four certifications. We are also the only organisation providing 20 mock tests. Further, we will provide you with the material in hard copy - all other providers will provide you with only a digital textbook and notes.

The live sessions will explain the concepts in a very simplified manner and clear any gaps in understanding that you have.

On top of it, there is constant mentoring and doubt clearing available as required.

Most course providers are charging over INR 1 lakh for one certification, while with LawSikho, the training for one certification can be completed at INR 20,000.

You will have access to the class recordings and the material up to the point when you clear the exams and not just up to the first attempt.

We also provide placement support for people who have cleared the exams, which no other provider does.

No other training provider provides handholding to the extent LawSikho does. At LawSikho, we have your back.

Training Methodology

Online 24/7 access

Access to basic study material through an online learning management system, Android and iOS app. Recordings of all classroom sessions will be available.

Hard Copy Study Material

Hard copy study material modules to be couriered to your address in India.

Mock tests and Practice MCQs

You will be provided 20 mock tests of 25 questions each, for each certification. In total, you will attempt about 500 questions easily before you attempt the exam for each certification

Live Online Classes

There will be a live video-based online class to teach you specific contract negotiation, drafting and enforcement work performed by lawyers. You can ask questions, share your screen, get personal feedback in this class. Every week there will be approx. 1-1.5 hours of class to teach you the work and give you feedback. There will be recordings available in case you miss a class.

Convenient Class timings

Classes are held after regular work hours. Typically classes are kept on Sunday or 8-9 pm on other days.

Live Doubt Clearing

You can ask questions in class, or on the learning management system when you read a chapter. You can also schedule a one-on-one session with evaluators to perform exercises or write articles.

Certification

This course is recognized by the National Skill Development Corporation, a PPP under the Ministry of Skill Development and Entrepreneurship of the Government of India. You will receive a certificate cobranded by NSDC and Skill India on successful completion.

This is how the certificate from NSDC and Skill India will look as per the current applicable format (may change as per the approval authorities):

screenshot

Testimonial

Dear LawSikho team,
I am delighted to inform you that I have passed the CIPP/E exam on 16th February 2022. I am thankful to the faculty and the entire lawsikho team behind the CiPP/E preparation group, which I was part of. I am mostly greatful for the material which was provided for the preparation of the exam.
Thanks,
Vasudha Arora

Vasudha Arora Student

Money back guarantee

If you take this course, follow it diligently for a month, attend all classes and do all the exercises but still do not find value in it, or are not able to understand or follow it or not find it good for any reason, we will refund the entire course fee to you. It is a 100% money-back guarantee with only one condition, you must pursue it properly for a month. If you don’t find it valuable after that, get your entire money back.

View Refund Policy

Client Opportunities & Recruitment Support where required

Many employers, law firms and companies are happy to recruit our high performing students. If you do well in your exercises and classes, we can help you to get jobs, internships and assessment internships in good law firms, with renowned lawyers as well as in various companies.

Our team helps our students in building their profile on LinkedIn and freelancing platforms to increase their reach to potential recruiters or clients.

Our experts guide the students on how to crack any interview.

On-demand, we provide mock interviews for our students looking for jobs.

We share multiple internship/recruitment opportunities every week on our Whatsapp group.

We help our students to get internships not only at law firms and chambers but also with rising startups in diverse sectors.

Our mentorship helps students to avoid running in the rat race behind the regular job openings; rather we help them design their own path based on their personal interests.

We share multiple and diverse client opportunities with our pool of practising advocates on a daily basis. Our references have helped several advocates really scale up their practice. The opportunities range from contract drafting to complex international taxation matters.

Syllabus

EUROPE - (CIPP/E) (July - August 2021)

Introduction to European Data Protection law

Origins and Historical Context of Data Protection Law
- Rationale for data protection
- Human rights laws
- Early laws and regulations
- The need for a harmonized European approach
- The Treaty of Lisbon
- A modernized framework
- EU Member Nations

European Union Institutions
- Council of Europe
- European Court of Human Rights
- European Parliament
- European Commission
- European Council
- Court of Justice of the European Union

Legislative Framework
- The Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data of 1981 (The CoE Convention)
- The EU Data Protection Directive (95/46/EC)
- The EU Directive on Privacy and Electronic Communications (2002/58/EC) (ePrivacy Directive) – as amended
- The EU Directive on Electronic Commerce (2000/31/EC)
- European data retention regimes
- The General Data Protection Regulation (GDPR) (EU) 2016/679 and related legislation
- Data Protection Acts of the Member States

European Data Protection Law and Regulation

Data Protection Concepts
- Personal data
- Sensitive personal data
- Pseudonymous and anonymous data
- Processing
- Cross-border processing
- Controller
- Processor
- Data subject

Territorial and Material Scope of the General Data Protection Regulation
- Establishment in the EU
- Non-establishment in the EU

Data Processing Principles
- Fairness and lawfulness
- Purpose limitation
- Proportionality
- Accuracy
- Storage limitation (retention)
- Integrity and confidentiality

Lawful Processing Criteria
- Consent
- Contractual necessity
- Legal obligation, vital interests and public interest
- Legitimate interests
- Special categories of processing

Information Provision Obligations
- Transparency principle
- Privacy notices
- Layered notices

Data Subjects’ Rights
- Access
- Rectification
- Erasure and the right to be forgotten (RTBF)
- Restriction and objection
- Consent, including right of withdrawal
- Automated decision making, including profiling
- Data portability
- Restrictions

Security of Personal Data
- Appropriate technical and organizational measures
a. Protection mechanisms (encryption, access controls, etc.)
- Breach notification
a. Risk reporting requirements
- Vendor Management
- Data sharing

Accountability Requirements
- Responsibility of controllers and processors
a. joint controllers
- Data protection by design and by default
- Documentation and cooperation with regulators
- Data protection impact assessment (DPIA)
a. established criteria for conducting
- Mandatory data protection officers
- Auditing of privacy programs

International Data Transfers
- Rationale for prohibition
- Adequate jurisdictions
- Safe Harbor and Privacy Shield
- Standard Contractual Clauses
- Binding Corporate Rules (BCRs)
- Codes of Conduct and Certifications
- Derogations
- Transfer impact assessments (TIAs)

Supervision and enforcement
- Supervisory authorities and their powers
- The European Data Protection Board
- Role of the European Data Protection Supervisor (EDPS)

Consequences for GDPR violations
- Process and procedures
- Infringements and fines
- Class actions
- Data subject compensation

Compliance with European Data Protection Law and Regulation

Employment Relationship
- Legal basis for processing of employee data
- Storage of personnel records
- Workplace monitoring and data loss prevention
- EU Works councils
- Whistleblowing systems
- 'Bring your own device' (BYOD) programs
- Employee privacy notices

Surveillance Activities
- Surveillance by public authorities
- Interception of communications
- Closed-circuit television (CCTV)
- Geolocation
- Biometrics / facial recognition

Direct Marketing
- Telemarketing
- Direct marketing
- Online behavioural targeting

Internet Technology and Communications
- Cloud computing
- Web cookies
- Search engine marketing (SEM)
- Social networking services
- Artificial Intelligence (AI)
a. machine learning
b. ethical issues

Implementing GDPR in an organisation

Data Protection Departments
- Data Protection Officer / General Counsel
- Data Protection Analysts / Specialists / Managers

Developing a compliance framework
- Securing information from business functions
- Developing Data maps and flows
- Identifying processors, controllers, third parties
- Charting out responsibilities at each stage
- Installing protection mechanisms at each stage
- Record maintenance, creating logs