HomeCoursesCIPP/E Privacy (GDPR)

🔏 CIPP/E Privacy (GDPR)

Free, independent CIPP/E exam-preparation on European data protection & the GDPR, with a signed certificate. Learn the modules, pass the exam.

Last updated: June 2026

An independent, free exam-preparation course that walks through the publicly published IAPP CIPP/E Body of Knowledge — the law and practice of European data protection. It covers the history and sources of EU privacy law, the General Data Protection Regulation (GDPR) scope and definitions, the data-protection principles and lawful bases, consent, data subject rights, the obligations of controllers and processors, the Data Protection Officer, records of processing, Data Protection Impact Assessments, security of processing, personal-data breach notification, international data transfers, the European Data Protection Board and supervisory authorities, enforcement and fines, the ePrivacy/cookies regime, and workplace monitoring. It uses visual lessons, worked scenarios, original self-check questions and a 45-question final exam to build exam-ready understanding. It is awareness/prep only — not the official IAPP training or the certification exam — and claims no IAPP affiliation or endorsement. It maps to IAPP CIPP/E (EU data protection / GDPR). The course is organized into 22 modules, ending with a final exam (pass mark 80%). It is independent, free exam-preparation training — not an official or accredited review course.

What you'll learn

  • Foundations & history of European data protection
  • EU institutions & legal framework
  • GDPR scope: material & territorial
  • Key definitions: personal data & processing
  • The seven data-protection principles
  • The six lawful bases for processing
  • Consent & the conditions for valid consent
  • Special-category & criminal-offence data
  • Data subject rights
  • Transparency & information notices
  • Controllers, processors & joint controllers
  • The Data Protection Officer (DPO)
  • Records of processing & accountability
  • Data Protection Impact Assessments (DPIAs)
  • Security of processing & privacy by design
  • Personal data breach notification
  • International data transfers
  • The EDPB & supervisory authorities
  • Enforcement, remedies & fines
  • ePrivacy, cookies & electronic communications
  • Employment data, monitoring & surveillance
  • Exam strategy & putting it together

Learning objectives

  • Trace the history and legal sources of European data protection, from Convention 108 and the 1995 Directive to the GDPR.
  • Apply the GDPR's material and territorial scope and the key definitions of personal data, processing, controller and processor.
  • Explain and apply the seven data-protection principles and the six lawful bases for processing.
  • Evaluate valid consent and the special rules for special-category and criminal-offence data.
  • Advise on data subject rights — access, rectification, erasure, portability, objection and automated decision-making.
  • Map controller and processor accountability obligations, including records of processing and the role of the DPO.
  • Conduct a Data Protection Impact Assessment and apply security-of-processing and breach-notification requirements.
  • Assess lawful mechanisms for international data transfers — adequacy, standard contractual clauses and BCRs.
  • Describe the EDPB, supervisory authorities, the consistency mechanism, enforcement powers and the fine framework.
  • Pass a 45-question exam (80% to earn your certificate).