CIPPE | Certified Information Privacy Professional Europe (CIPP/EU) + Exam | Training Course | IAPP. Skip to main Content

Certified Information Privacy Professional Europe (CIPP/EU) + Exam

  • Course Code CIPPE
  • Duration 2 days

Additional Payment Options

  • GTC 29 inc. VAT

    GTC, Global Knowledge Training Credit, please contact Global Knowledge for more details

Public Classroom Price


excl. VAT

Request Group Training Add to Cart

Course Delivery

This course is available in the following formats:

  • Class Connect HD

    Connect to a class in HD

  • Company Event

    Event at company

  • Elearning (Self-paced)

    Self paced electronic learning

  • Public Classroom

    Traditional Classroom Learning

  • Virtual Learning

    Learning that is virtual

Request this course in a different delivery format.

Course Overview


In this course, you will gain foundational knowledge on concepts of privacy and data protection laws and practice. You will learn about common principles and approaches to privacy as well as the major privacy models employed around the globe. An introduction to information security concepts and information security management and governance will be covered, which includes frameworks, controls, and identity and access management. You will also learn about online privacy as it relates to using personal information on websites and other Internet-related technologies.

The structure of EU law, the enforcement of EU privacy and security laws, and information management from a EU perspective will be discussed, as well as the limitations on private-sector collection and usage of data. This course will also provide an introduction to workplace privacy considerations and EU laws related to marketing, financial data, data security, and breach notification.

Course Schedule

    • Delivery Format: Virtual Learning
    • Date: 04-05 July, 2022

      Guaranteed  To Run

    • Location: Virtual


    • Delivery Format: Public Classroom
    • Date: 22-23 August, 2022
    • Location: Mechelen (Battelsesteenweg 455-B)


    • Delivery Format: Virtual Learning
    • Date: 22-23 August, 2022
    • Location: Virtual


Target Audience

  • Individuals who need a foundational understanding of information privacy and data protection
  • Anyone interested in pursuing CIPP/E certification
  • Course Objectives


    Introduction to European Data Protection

    • Origins and Historical Context
    • European Regulatory Institutions
    • Legislative Framework

    European Data Protection Law and Regulation

    • Data Protection Concepts
    • Application of the Law
    • Data Protection Principles
    • Legitimate Processing Criteria
    • Information Provision Obligations
    • Data Subjects Rights
    • Confidentiality and Security
    • Notification Requirements
    • International Data Transfers
    • Supervision and enforcement

    Compliance with European Data Protection Law and Regulation

    • Employment Relationship
    • Surveillance Activities
    • Marketing Activities
    • Internet Technology and Communications
    • Outsourcing

    Course Content


    I. Introduction to European Data Protection

    - Origins and Historical Context

    • Rationale for data protection
    • Human rights laws
    • Early laws and regulations
    • The need for a harmonised European approach
    • The Treaty of Lisbon

    - European Regulatory Institutions

    • Council of Europe
    • European Court of Human Rights
    • European Parliament
    • European Commission
    • European Council
    • European Court of Justice

    - Legislative Framework

    • The Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data of 1981 (The CoE Convention)
    • The EU Data Protection Directive (95/46/EC)
    • The EU Directive on Privacy and Electronic Communications (2002/58/EC) – as amended
    • The EU Data Retention Directive (2006/24/EC)
    • National data protection laws across Europe

    II. European Data Protection Law and Regulation

    - Data Protection Concepts

    • Personal data
    • Sensitive personal data
    • Processing
    • Controller
    • Processor
    • Data subject

    - Application of the Law

    • Establishment in the EU
    • Non-establishment in the EU

    - Data Protection Principles

    • Fairness and lawfulness
    • Purpose limitation
    • Proportionality
    • Data quality

    - Legitimate Processing Criteria

    • Consent
    • Contractual necessity
    • Legal obligation, vital interests and public interest
    • Legitimate interests
    • Special categories of processing

    - Information Provision Obligations

    • Transparency principle
    • Privacy notices
    • Layered notices

    - Data Subjects Rights

    • Subject access
    • Rectification, erasure or blocking of data
    • Right to object
    • Automated individual decisions

    - Confidentiality and Security

    • Appropriate technical and organisational measures
    • Breach notification
    • Engaging processors

    - Notification Requirements

    • Contents of notification
    • Prior checking
    • National registers

    - International Data Transfers

    • Rationale for prohibition
    • Safe jurisdictions
    • Safe Harbor
    • Model contracts
    • Binding Corporate Rules (BCRs)
    • Derogations

    - Supervision and enforcement

    • Supervisory authorities and their powers
    • The Article 29 Working Party
    • Role of the European Data Protection Supervisor (EDPS)

    III. Compliance with European Data Protection Law and Regulation

    - Employment Relationship

    • Legal basis for processing of employee data
    • Storage of personnel records
    • Workplace monitoring
    • EU Works councils
    • Whistleblowing systems

    - Surveillance Activities

    • Communications
    • Closed-circuit television (CCTV)
    • Biometric authentication
    • Location-based services (LBS)

    - Marketing Activities

    • Telemarketing
    • Direct marketing
    • Online behavioural targeting

    - Internet Technology and Communications

    • Cloud computing
    • Web cookies
    • Internet Protocol (IP) addresses
    • Search engine marketing (SEM)
    • Social networking services

    - Outsourcing

    • Data protection obligations in an outsourcing contract
    • Offshoring

    Course Prerequisites

    There are no prerequisites for this course.

    Test Certification


    The examination blueprint indicates the minimum and maximum number of items that are included on the CIPP/E examination from the major areas of the Body of Knowledge. Questions may be asked from any of the listed topics under each area. You can use this blueprint to guide your preparation for the CIPP/E examination. For example, about 60% of the questions on the CIPP/E examination come from domain II.

    Follow on Courses




    The following are recommended for further study: