So, you’ve decided that you want to become a Certified Information Privacy Professional / Europe (CIPP/E). Or, at least you’re interested in obtaining this certification, which is administered by the IAPP, formerly known as the International Association of Privacy Professionals. The best place to start is by reviewing a document that the IAPP refers to as the Body of Knowledge (BoK). The CIPP/E Body of Knowledge is a high-level document that sets forth the topics and concepts that will be included on the CIPP/E exam.
Each year, the IAPP publishes an updated version of the CIPP/E Body of Knowledge. The IAPP does this for several reasons. First, it does not want its certification exams to get “overexposed.” But more importantly, these annual updates are necessary to keep pace with the quickly evolving world of data protection.
Below we break down everything you need to know about relevant changes so that you are ready on exam day.
When Do These Changes Go into Effect?
The IAPP does not want to surprise its test takers. To that end, the IAPP releases the updated CIPP/E Body of Knowledge months ahead of when it becomes effective. The IAPP provides a minimum of 90 days. In other words, all the new content contained in the updated BoK will not start appearing on actual exams for some time.
The changes to the 2025-2026 Body of Knowledge for the CIPP/E exam go into effect on September 1, 2025.
What is the Format for the New CIPP/E Body of Knowledge?
Several years ago, the IAPP started the process of moving the Bodies of Knowledge for some of the exams that it administers to a new format and structure. With respect to the CIPP/E certification, however, the IAPP has continued to adhere to the old nested-outline structure.
Practically, this also means that another form called the “Exam Blueprint” has been maintained as a separate document as well. The CIPP/E Exam Blueprint sets forth the number of questions (given as a range) that students should expect to see on each topic set forth in the BoK.
Changes to the New CIPP/E Body of Knowledge
Okay, so the format is the same, but what about the content? Before answering that question, you should know this. Yearly updates to the BoK contain no more than 10-15% new content, at least according to the IAPP. If you have already put a lot of effort into studying, don’t fret. There might be some new content that you will need to learn if you take the exam after the effective date, but in the bigger picture (and as we explain below), the new content is relatively minimal.
Did the Domains Change?
In past years, the CIPP/E Body of Knowledge contained three high-level “domains.” The IAPP, however, has decided to reorganize the content of the CIPP/E exam this year, which now includes five different domains. Those domains are:
- Domain I – Introduction to the European Data Protection
- Domain II – European Data Protection Law and Regulation
- Domain III – European Data Processing
- Domain IV – European Data Protection: Scope & Accountability
- Domain V – Compliance with European Data Protection Law and Regulation
This may seem like a significant change, but it’s not. The IAPP puts it this way: “The CIPP/E Body of Knowledge and Exam Blueprint have been reorganized. Domain II (European Data Protection Law and Regulation), previously comprised of sub-topics A. through K., has been split into Domains II., III. (European Data Processing), and IV. (European Data Protection: Scope & Accountability). The sub-topics in these new domains, and the number of exam questions apportioned to them, are the same as in the previous versions of the BoK and EBP. All changes are strictly organizational.”
In other words, don’t sweat it.
Are There Any New Topics or Concepts, and Was Anything Removed?
So, now that we know that this restructure is strictly organizational, you’re probably wondering: what non-organizational changes were made? Is there any new material I need to know? Well, good question. And the answer is, yes, there is some new material.
The new topics included in this year’s CIPP/E Body of Knowledge include the following:
- Section II.A.6.b – Opinion 22/2024 on Certain Obligations Following from the Reliance on Processor(s) and Sub-processor(s)
- Section III.B.4.a – Guidelines 1/2024 on Processing of Personal Data Based on Article 6(1)(f) GDPR
- Section IV.A.1.a – Opinion 04/2024 on the Notion of Main Establishment of a Controller in the Union Under Article 4(16)(a) GDPR
These changes are specifically listed in the new BoK. In addition, however, the IAPP has also stated that two additional topics are included that don’t expressly appear in the text of the new BoK. Those updates are:
- AI and the GDPR (various topics)
- Privacy and Security Incidents (various topics)
While this may appear somewhat cryptic, it seems to us that this is really the IAPP’s way of suggesting that privacy professionals must be up to date on the newest AI and privacy/security incident news, which is fast evolving and seemingly ever-changing.
Some years, the IAPP will also remove some content from the BoK, but that is not the case this year—at least for the CIPP/E certification, as no content was removed.
Did the Number of Questions Asked on Each Topic Change?
As we note above, the CIPP/E Body of Knowledge has been reorganized. While those changes are, or course, reflected in the Exam Blueprint, the good news is that the actual number of questions on each topic has remained the same. In other words, there are no areas of the exam that are emphasized or de-emphasized compared to last year.
Is Privacy Bootcamp’s CIPP/E Course Up to Date?
Yes, all Privacy Bootcamp courses are up to date.
At Privacy Bootcamp, we comprehensively update our courses once a year to correspond to any changes made to the CIPP/E Body of Knowledge and Exam Blueprint. Our work begins, however, months ahead of when those updates are first released publicly. We have a general understanding of what changes can be expected based upon important events and changes in the data protection industry, as well as student feedback. We will release updated CIPP/E course content in the coming weeks and months – significantly ahead of the September 1, 2025 effective date for the changes discussed above. With Privacy Bootcamp, you can always rest assured that you will be prepared come test day, no matter what changes IAPP throws your way.
