Exam Prep · The CIPP/E exam at a glance
The CIPP/E exam tests the IAPP Body of Knowledge across five domains. Knowing the weighting tells you where to spend your time: Domain II is the single biggest slice, and Domains II + III together are well over half the paper.
The exam is a multiple-choice paper of 90 questions to be completed in 2.5 hours (150 minutes). The IAPP sets a scaled passing score of 300 on a 100–500 scale - you are not simply scored on a flat percentage. Some items are unscored pilot questions, so answer every question.
| Domain | Min | Max | Approx. share |
|---|---|---|---|
| I - Introduction to European Data Protection | 7 | 13 | ~13% |
| II - European Data Protection Law & Regulation | 18 | 28 | ~31% (largest) |
| III - European Data Processing | 13 | 21 | ~23% |
| IV - Scope & Accountability | 8 | 18 | ~17% |
| V - Compliance (employment, surveillance, marketing, tech) | 8 | 16 | ~16% |
Domains II and III together are roughly half the exam. Master the core concepts (personal data, controller/processor, the Article 5 principles, the six lawful bases, data-subject rights, security and international transfers) before the compliance scenarios.
The BoK is owned by the CIPP/E Exam Development Board, reviewed yearly, and changes are communicated at least 90 days before they appear. The credential is ANAB-accredited under ISO/IEC 17024, which is why it is recognised worldwide.