Blueprint Check · Domain coverage map (IV–V) & gap analysis
The cross-check for Domains IV (Scope & Accountability) and V (Compliance), plus the short list of items the official training reinforced on top of the textbook (NIS2, the EU AI Act, dark patterns, Opinion 22/2024, the Article 27 representative and the EDPS).
| Competency (BoK) | Training module | Covered in this guide |
|---|---|---|
| IV.A Territorial & material scope (establishment vs non-establishment, scope of processing & exemptions) | Module 4 | Book Ch 5 topics + Module 4 training topics |
| IV.B Accountability (controllers/joint/processors, DP by design & default, documentation, DPIAs, mandatory DPO, auditing) | Modules 3, 10 | Book Ch 11 topics + Module 10 training topics |
| IV.C Supervision & enforcement structure (EDPB & EDPS powers, supervisory authorities, lead SA) | Module 11 | Book Ch 13 topics + Module 11 training topics |
| IV.D Consequences for violations (procedures & fines, class actions, compensation) | Module 11 | Book Ch 13 topics + Module 11 training topics |
| Competency (BoK) | Training module | Covered in this guide |
|---|---|---|
| V.A Employment (legal basis, personnel records, monitoring & DLP, BYOD, works councils, whistleblowing) | Module 8 | Book Ch 14 topics + Module 8 training topics |
| V.B Surveillance (public-authority surveillance, interception, CCTV, geolocation, biometrics/facial recognition) | Module 8 | Book Ch 15 topics + Module 8 training topics |
| V.C Direct marketing (processing for marketing, online behavioural targeting) | Module 8 | Book Ch 16 topics + Module 8 training topics |
| V.D Internet technology (cloud, web cookies, social media & dark patterns, search-engine marketing, AI & machine learning) | Module 8 | Book Ch 17 topics + Module 8 training topics (Ch 18 outsourcing supports IV.B & V) |
The textbook already covers every competency. The IAPP training added emphasis on a few exam-current items now woven in: NIS2 (essential vs important entities; effective 17 Jan 2025; EUVD/ENISA), the EU AI Act four risk tiers, the six dark-pattern categories, EDPB Opinion 22/2024 on sub-processors, the Article 27 EU-representative duty, and the distinct role of the EDPS.
All five domains and every competency in the Exam Blueprint are covered - by the textbook chapters and the official-training topics together, with the EDPB guidelines pulled out for focused revision. No blueprint gaps remain.