🔏 CIPP/E Privacy (GDPR)
Free, independent CIPP/E exam-preparation on European data protection & the GDPR, with a signed certificate. Learn the modules, pass the exam.
Last updated: June 2026
An independent, free exam-preparation course that walks through the publicly published IAPP CIPP/E Body of Knowledge — the law and practice of European data protection. It covers the history and sources of EU privacy law, the General Data Protection Regulation (GDPR) scope and definitions, the data-protection principles and lawful bases, consent, data subject rights, the obligations of controllers and processors, the Data Protection Officer, records of processing, Data Protection Impact Assessments, security of processing, personal-data breach notification, international data transfers, the European Data Protection Board and supervisory authorities, enforcement and fines, the ePrivacy/cookies regime, and workplace monitoring. It uses visual lessons, worked scenarios, original self-check questions and a 45-question final exam to build exam-ready understanding. It is awareness/prep only — not the official IAPP training or the certification exam — and claims no IAPP affiliation or endorsement. It maps to IAPP CIPP/E (EU data protection / GDPR). The course is organized into 22 modules, ending with a final exam (pass mark 80%). It is independent, free exam-preparation training — not an official or accredited review course.
What you'll learn
- Foundations & history of European data protection
- EU institutions & legal framework
- GDPR scope: material & territorial
- Key definitions: personal data & processing
- The seven data-protection principles
- The six lawful bases for processing
- Consent & the conditions for valid consent
- Special-category & criminal-offence data
- Data subject rights
- Transparency & information notices
- Controllers, processors & joint controllers
- The Data Protection Officer (DPO)
- Records of processing & accountability
- Data Protection Impact Assessments (DPIAs)
- Security of processing & privacy by design
- Personal data breach notification
- International data transfers
- The EDPB & supervisory authorities
- Enforcement, remedies & fines
- ePrivacy, cookies & electronic communications
- Employment data, monitoring & surveillance
- Exam strategy & putting it together
Learning objectives
- Trace the history and legal sources of European data protection, from Convention 108 and the 1995 Directive to the GDPR.
- Apply the GDPR's material and territorial scope and the key definitions of personal data, processing, controller and processor.
- Explain and apply the seven data-protection principles and the six lawful bases for processing.
- Evaluate valid consent and the special rules for special-category and criminal-offence data.
- Advise on data subject rights — access, rectification, erasure, portability, objection and automated decision-making.
- Map controller and processor accountability obligations, including records of processing and the role of the DPO.
- Conduct a Data Protection Impact Assessment and apply security-of-processing and breach-notification requirements.
- Assess lawful mechanisms for international data transfers — adequacy, standard contractual clauses and BCRs.
- Describe the EDPB, supervisory authorities, the consistency mechanism, enforcement powers and the fine framework.
- Pass a 45-question exam (80% to earn your certificate).