How to pass the CIPP/E

A practical, no-fluff guide to passing the IAPP Certified Information Privacy Professional/Europe (CIPP/E) exam: what it tests, how to study, and the mistakes that cost people marks. Written by someone who sat it and scored well.

What the CIPP/E actually tests

The CIPP/E certifies that you understand European data protection law, principally the GDPR but also the wider framework around it. The exam is built from the IAPP's published body of knowledge, which covers:

The origins and context of European data protection (the Council of Europe, the Charter, Convention 108, and the road to the GDPR).
Core GDPR concepts: personal data, controllers and processors, the data protection principles, and the six lawful bases.
Data subject rights and how to handle requests.
Controller and processor obligations: records, security, breach notification, DPIAs, DPOs, and data protection by design and by default.
International data transfers: adequacy, standard contractual clauses, binding corporate rules, and derogations.
Supervision and enforcement: supervisory authorities, the EDPB, the consistency mechanism, and fines.
How the rules apply in practice across employment, surveillance, direct marketing and more.

You can read every one of these topics free in the study notes.

The exam format

The CIPP/E is a multiple-choice exam of 90 questions with a 2.5 hour time limit, reported on a scaled score where 300 out of 500 is a pass. A few items are unscored pilot questions. Exact figures can change, so confirm the current format on the IAPP's official exam blueprint before you book.

A study plan that works

The biggest lever is active recall, testing yourself, rather than re-reading. A simple four to six week plan:

Weeks 1 to 2, build the map. Read the notes chapter by chapter. Do not memorise yet; aim to understand the structure and where each idea sits.
Weeks 3 to 4, drill. Switch to questions. After each topic, answer practice questions and read every explanation, including for the ones you got right.
Week 5, spaced review. Let the spaced-repetition schedule resurface what you are forgetting, and spend your time on weak areas, not what you already know.
Final week, simulate. Sit the full official practice exam under timed conditions, then review every miss.

Where people lose marks

Confusing the lawful bases. Know when consent is needed versus legitimate interests, and the conditions for each.
Mixing up controller and processor obligations. The exam loves scenarios that turn on who is responsible for what.
Transfers. Be precise about adequacy decisions, SCCs, and when derogations apply.
Timelines and thresholds. Breach notification timing, DPIA triggers and the fining tiers come up repeatedly.
Reading too fast. Many questions hinge on a single qualifying word such as "only", "must" or "unless". Slow down on the stem.

How this site helps

The study notes are free and structured for active recall, with the exam-critical wording highlighted. When you are ready to test yourself, the practice question bank includes the official practice exam plus hundreds of topic questions, each with a worked explanation, marked automatically and scheduled for spaced review. Your progress syncs across your devices.

Frequently asked questions

Is the CIPP/E hard?

It is demanding but very passable with structured study. It rewards understanding the GDPR framework and practising exam-style questions far more than memorising the text.

How long should I study for the CIPP/E?

Most people need four to six weeks of consistent study, more if European data protection is new to you. Quality of practice matters more than hours: testing yourself beats re-reading.

What is the CIPP/E passing score?

It is reported on a scaled range and 300 out of 500 is a pass. Confirm the current details on the IAPP's official exam blueprint before you book.

Do I need a legal background to pass the CIPP/E?

No. The exam tests applied understanding of the GDPR and the wider European framework, not legal practice. Plenty of non-lawyers pass it.

Are these notes enough on their own?

They cover the full body of knowledge and pair with a practice question bank, but laws evolve, so always cross-check against current official sources.

See the practice exam