Revision Notes

for the CIPP/E

Screenshot 2022-07-08 at 23.29.09

Short Summaries of the CIPP/E Material

cippe prep

The best revision notes for the CIPP/E

Do you just want someone to tell you what you need to know?

Are you struggling to find the time to make revision notes?

Is a short multi-day workshop that costs $$$ not for you?

Then, you are in the

CIPP/E Preparation Revision Notes

contains summaries of:

All substantive topics listed in the IAPP Body of Knowledge.

All relevant guidelines referred to in the IAPP Body of Knowledge.

cippe revision notes

For a pre-view of a revision note, click here.

How is Inhousew different?

Comprehensive Materials

Money-Back Guarantee*


*You have up to 7 days from the date of purchase to change your mind. You will be refunded - no questions asked.


What do the revision notes cover?

Here is a breakdown of what the revision notes contain:

Module 1 - History of European Data Protection Law

a) Purpose 

b) Instruments giving an impetus to create Data Protection Laws 

c) Timeline of Data Protection Laws 

d) Data Protection Directive vs General Data Protection Regulation

e) Related Legislation & Instruments 

f) Brexit 

Module 2 - The European Union's Institutions

a) Overview  

b) European Parliament (“EP”)

c) European Council 

d) Council of the European Union 

e) European Commission 

f) Court of Justice of the European Union  

Module 3 - Legislative Framework

a) Overview 

b) Council of Europe Convention (Convention 108)

c) Data Protection Directive 

d) General Data Protection Regulation 

e) Law Enforcement Data Protection Directive 

f) Privacy and Electronic Communications Directive 

g) EU Directive on Electronic Commerce

h) Directive on Security of Network and Information Systems 

i) Data Retention Directive 

Module 4 - Data Protection Concepts

a) Personal Data

b) Sensitive personal data 

c) Processing 

d) Controller 

e) Processor 

f) Data Subject 

Summary of Guidelines 07:2020 on the concepts of controller and processor in the GDPR

Module 5 - Territorial and Material Scope of the GDPR

a) Territorial Scope 

b) Material scope 

Summary of Guidelines 3:2018 on the territorial scope of the GDPR - Art. 3

Module 6 - Data Processing Principles

a) Introduction 

b) Lawfulness, fairness and transparency

c) Purpose limitation 

d) Data minimisation 

e) Accuracy 

f) Storage limitation 

g) Integrity and confidentiality 

Module 7 - Lawful Processing Criteria

7.1. Lawful Processing Criteria

a) Introduction 

b) Consent

c) Contractual necessity 

d) Legal obligation 

e) Vital interests 

f) Public interests 

g) Legitimate interests 

7.2. Lawful Processing Criteria - Special Categories of Personal Data 

a) Introduction 

b) Explicit consent 

c) Legal obligations under employment/social protection law 

d) Vital interests 

e) Legitimate activity of a not-for-profit body  

f) Publicly available 

g) Legal claim

h) Substantial public interest 

i) Medical purpose 

j) Public health 

k) Public interest, scientific or historical research purposes, or statistical purposes

Module 8 - Information Provision Obligations

a) Introduction

b) Article 13  

c) Article 14  

d) When additional information must be provided 

e) When and how

f) Fair processing notices  

g) Exemptions 

Module 9 - Data Subjects’ Rights

a) Introduction

b) Right of access  (Art. 15) 

c) Right to rectification (Art. 16) 

d) Right to erasure (Art. 17) 

e) Right to restriction of processing (Art. 18) 

f) Notification obligation regarding rectification or erasure of personal data or restriction of processing (Art. 19)

g) Right to data portability (Art. 20) 

h) Right to object (Art. 21) 

i) Right to not be subject to automated decision-making (Art. 22) 

Summaries of

  • Guidelines 52019 on the criteria of the Right to be Forgotten in the search engines cases under the GDPR 
  • Guidelines 10:2020 on restrictions under Article 23 GDPR
Module 10 - Security of Personal Data

a) Introduction

b) Appropriate technical and organisational measures

c) Breach Notification 

d) Vendor Management

e) Data Sharing

Module 11 - Accountability Requirements

a) Introduction

b) Responsibility of controllers

c) Article 25 - Data protection by design and by default 

d) Record keeping and co-operation with regulators 

e) Data protection impact assessment 

f) Data protection officer 

g) Auditing of privacy programs

Module 12 - International Data Transfers

a) Introduction 

b) What is a transfer? 

c) Adequacy Decisions 

d) Adequate Safeguards 

e) Derogations 

f) Transfers to the US 

g) Transfer Impact Assessments

Summaries of 

  • Guidelines 05:2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR
  • Guidelines 04:2021 on codes of conduct as tools for transfers
  • Guidelines 02:2018 on derogations of Article 49 under Regulation 2016:679
  • Recommendations 01:2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data
Module 13 - Supervision and Enforcement

a) Introduction 

b) Self-regulation 

c) Data subject rights 

d) Regulator supervision

e) International cooperation 

Module 14 - Consequences of GDPR Violations

a) Introduction 

b) Process and procedures 

c) Fines 

d) Data Subject Compensation 

e) Class Actions

Module 15 - Employment Relationships

a) Introduction 

b) Legal basis for processing of employee data 

c) Storage of personnel records 

d) Workplace monitoring and data loss prevention 

e) EU Works councils 

f) Whistleblowing systems 

g) ‘Bring your own device’ (BYOD) programs

Module 16 - Surveillance Activities

a) Introduction 

b) Regulation of surveillance  

c) Communications surveillance 

d) Video surveillance 

e) Biometric data/facial recognition  

f) Location data  

Summary of Guidelines 3:2019 on processing of personal data through video devices

Module 17 - Direct Marketing

a) Introduction 

b) Regulation of direct marketing 

c) Specific types of marketing +

Summary of Guidelines 8:2020 on the targeting of social media use

Module 18 - Internet Technology and Communications

a) Introduction 

b) Cloud computing 

c) Cookies

d) Search engines

e) Social networking services (SNS)

f) Artificial Intelligence 

What is the CIPP/E?

The International Association of Privacy Professionals (IAPP) is a non-profit organisation that provides privacy and data protection education and certifications.


The Certified Information Privacy Professional/Europe Exam or (CIPP/E for short) is set by the IAPP and consists of 90 multiple-choice questions. 75 questions are graded and you have 2.5 hours.


You can sit and schedule the CIPP/E in any PearsonVue Centre or often, even remotely through your own laptop.


For more information, resources and booking the actual exam, check out the Official IAPP page.

Why take the CIPP/E?

Boost your GDPR knowledge

Boost your GDPR knowledge

Many in-house legal and compliance jobs and roles require some knowledge of the EU General Data Protection Regulation (the "GDPR") and the protection of people's data. 

The GDPR was one of the most fundamental and ground-breaking laws that was introduced in the European Union and touched almost every aspect of life. 

Make your CV stand out

Make your CV stand out

The job market can be very competitive and you will want to make your CV stand out! 

Passing the CIPP/E will help you demonstrate that you have a foundation in data protection and GPDR knowledge. 

Adding a CIPP/E certification to your CV will help you stand out and give employers confidence in your privacy skills! 

Be a valuable asset

Be a valuable asset

Many businesses need to be GDPR-compliant and have awareness of their obligations under the GDPR. 

Lots of businesses struggle with resource and having budget to hire external expertise. 

Having a basic understanding of the GDPR and advising your employer or your own business of what needs to be done, can avoid headaches and turn you into an invaluable asset.

Who will teach me?

madeleine weber

Hi there

My name is Madeleine Weber!

I have been working as a legal professional for half a decade, predominantly in the IT industry as an in-house counsel.

My day-to-day job as an in-house lawyer involves a lot of drafting and negotiating of data protection agreements. Therefore, I accumulated a lot of experience in data protection and the EU GDPR, in particular.

However, I found that in order to progress in my career, I had to prove that knowledge by passing the CIPP/E and becoming a certified privacy professional.

I sat the exam in November 2021 and passed on my first attempt.

I am so excited to be in a position to provide you with the resources I wish I had when I studied for the CIPP/E.


What else do I need to pass the CIPP/E?

I would also recommend to purchase the latest edition of the recommended textbook: European Data Protection by Eduardo Ustaran. 

You will also need to budget costs to book and sit the CIPP/E exam (remember, to be certified, you will also need to become a member of IAPP) - always check the IAPP website for the latest fees (at the moment, the exam fee is $550 and the membership fee is $250).

Bear in mind that this product DOES NOT CONTAIN the actual exam, the membership, nor the textbook. 

For a step-by-step overview of what is needed to become a Certified Information Privacy Professional, please click here.

How long will I have access to the material?

You will have access for 1 year from the date of purchase. 

What exactly is contained in the revision notes?

You will receive access to the following: 

  • Written summaries covering 18 modules
If I am already a CIPP/E Preparation student, is this material different to the notes contained in CIPP/E Preparation?

NO! Please don't purchase these revision notes if you are already enrolled in CIPP/E Preparation as the notes are identical. 

Will I be able to access the material offline as well?

All materials are downloadable and usable offline.

The course is provided via Teachable. All materials will be available on all your devices either via a web browser or via the Teachable app. 

What is your refund policy?

If you are unhappy about any aspect of the course, do let me know and I will do my best to sort the issue out for you.

If this resource is not for you or you wish to un-enrol for any other reason, I understand, as well. You have up to 7 days from the date of purchase to change your mind. You will be refunded - no questions asked. 

No refunds will be provided after the 7-day period. 


(*incl. 20% VAT - note that subject to your location this may change)