Skip to main content

CIPP/E study lessons

Certified Information Privacy Professional, Europe25 free, citation-backed lessons covering every exam domain. Read on any device, no login.

Start with Lesson 01 →
  1. 01Welcome: How to Pass the CIPP/E with AMLReadyMeet your independent, public-source study aid for the IAPP CIPP/E exam. Learn the exam format, the five official domains and their weightings, and the learn–test–review loop that turns hours of study into points on exam day.5 min read
  2. 02Why Europe Protects Data: Origins, Human Rights & Convention 108Trace European privacy from ECHR Article 8 through the 1981 Council of Europe Convention 108 and the OECD principles to the Charter's standalone right to data protection. Master the Domain I history the exam loves to test.5 min read
  3. 03The EU Institutions That Make and Police Privacy LawUntangle the Commission, Parliament, the two Councils, and the CJEU—plus the DPAs, EDPB, and EDPS. Stop losing points to the look-alike institutions and know exactly who proposes, adopts, and interprets EU data protection law.5 min read
  4. 04From Directive 95/46 to the GDPR: The Legislative FrameworkSee why the EU swapped a fragmented directive for a single harmonising regulation, and place the ePrivacy, Law Enforcement, e-Commerce, NIS2, and AI Act instruments in context. Recognise every law the exam cites by number.5 min read
  5. 05Brexit, Harmonization & the Goals of the GDPRUnderstand the GDPR's twin goals under Article 1, why harmonization mattered, and how Brexit and the UK GDPR stress-test it. Finish Domain I ready for its fact-recall questions and classic distractors.5 min read
  6. 06Core GDPR Definitions: Personal Data, Controller, Processor, Data SubjectMaster the Article 4 definitions that decide every hard question: personal data, processing, controller versus processor, and joint controllers. Learn to read a fact pattern and name the role that drives liability.5 min read
  7. 07Special Categories, Pseudonymisation & AnonymisationLock in the Article 9 special categories, the separate Article 10 criminal-data regime, and the exam-critical line between pseudonymous data (still in scope) and truly anonymous data (out of scope).4 min read
  8. 08The Principles of Lawful Processing (Article 5)Internalise the seven principles—lawfulness, fairness, transparency, purpose limitation, minimisation, accuracy, storage limitation, security, and accountability—and learn to spot which one a scenario breaks.4 min read
  9. 09Security of Processing: Article 32 & Vendor ManagementApply Article 32's risk-based security duty and the mandatory Article 28 processor contract. Understand why processors are directly liable and how to manage vendors and sub-processors the right way.4 min read
  10. 10Personal Data Breaches: Notification under Articles 33–34Run the breach playbook: the 72-hour authority notification, the high-risk threshold for telling individuals, and the encryption and mitigation exceptions. Practise the two-threshold reasoning the exam rewards.5 min read
  11. 11Data Subject Rights I: Access, Rectification, ErasureWork through access, rectification, and the right to be forgotten, plus the one-month response clock and the Google Spain ruling. Know exactly when erasure does—and does not—apply.5 min read
  12. 12Data Subject Rights II: Restriction, Objection, Portability, Automated DecisionsNail the precise conditions on restriction, objection (absolute for marketing), portability, and Article 22 automated decisions and profiling—the exact conditions the exam's wrong answers misstate.5 min read
  13. 13The Processing Principles in PracticeApply fairness, purpose limitation, proportionality, accuracy, retention, and security to real processing, including the Article 6(4) compatibility test. Build the least-intrusive instinct that unlocks best-answer questions.5 min read
  14. 14The Six Lawful Bases (Article 6)Master all six lawful bases and the legitimate-interests three-part test, and learn to choose the most appropriate basis for the real reason behind the processing—not just any basis that fits.5 min read
  15. 15Consent & Processing Special-Category Data (Articles 7 & 9)Learn what makes consent valid—freely given, specific, informed, unambiguous—the children's-consent ages, and the Article 9(2) conditions, including explicit consent, that unlock special-category processing.5 min read
  16. 16Transparency & Privacy Notices (Articles 13–14)Build a complete privacy notice and know the difference between Article 13 (direct collection) and Article 14 (indirect), plus the purpose of layered notices. Ace the 'what belongs in a notice' question.5 min read
  17. 17International Data Transfers: Adequacy, SCCs, BCRs & SchremsConquer the exam's hardest topic: the Chapter V transfer hierarchy, the Schrems I and II rulings, transfer impact assessments, and the EU-US Data Privacy Framework. Know which mechanism applies when.5 min read
  18. 18Material & Territorial Scope of the GDPR (Articles 2–3)Apply the material-scope carve-outs and the territorial establishment and targeting tests, including the GDPR's extraterritorial reach and the Article 27 EU-representative requirement.5 min read
  19. 19Accountability: DPIAs, Records, Privacy by Design & the DPOTurn accountability into practice: data protection by design and by default, Article 30 records, the high-risk DPIA triggers, prior consultation, and the three cases that make a DPO mandatory.5 min read
  20. 20Supervision: DPAs, the EDPB, EDPS & the One-Stop-ShopMap the enforcement structure—DPA powers under Article 58, the lead-authority one-stop-shop, the consistency mechanism, and the EDPB versus EDPS distinction the exam tests directly.5 min read
  21. 21Consequences: Fines, Liability & CompensationMaster the two Article 83 fine tiers and which violations fall in each, the factors that calibrate a fine, and individuals' rights to compensation and representative actions under Articles 82 and 80.5 min read
  22. 22Privacy at Work: Employment, Monitoring, BYOD & WhistleblowingApply the GDPR to the workplace, where consent rarely works: lawful bases for employee data, proportionate monitoring, BYOD trade-offs, works councils, and whistleblowing-system duties.4 min read
  23. 23Surveillance & Direct Marketing ComplianceHandle CCTV, geolocation, biometrics, and interception, plus the GDPR-and-ePrivacy rules for direct marketing, the absolute marketing opt-out, and online behavioural targeting.5 min read
  24. 24Technology Compliance: Cloud, Cookies, Social Media & AIApply the principles to modern tech: cloud processor relationships and transfers, ePrivacy cookie consent, joint control and dark patterns on social media, and AI under the GDPR and the EU AI Act.5 min read
  25. 25Exam-Day Strategy & Full Course ReviewPull the whole Body of Knowledge onto one map, drill the highest-yield facts and numbers, learn how to read a 'best answer' question, and walk in with a final-week and exam-day plan.5 min read

Get every CIPP/E lesson + the full question bank

Drop your email and we'll send new lessons and unlock the complete CIPP/E practice bank.

I'll email you when CIPP/E lessons drops. No spam, unsubscribe anytime.

By signing up, you agree to our Privacy Policy and Terms.

Or jump straight to CIPP/E practice questions →