Certified Information Privacy Professional Europe (CIPP/EU) + Exam [CIPPE]

OVERVIEW

In this course, you will gain foundational knowledge on concepts of privacy and data protection laws and practice. You will learn about common principles and approaches to privacy as well as the major privacy models employed around the globe. An introduction to information security concepts and information security management and governance will be covered, which includes frameworks, controls, and identity and access management. You will also learn about online privacy as it relates to using personal information on websites and other Internet-related technologies.

The structure of EU law, the enforcement of EU privacy and security laws, and information management from a EU perspective will be discussed, as well as the limitations on private-sector collection and usage of data. This course will also provide an introduction to workplace privacy considerations and EU laws related to marketing, financial data, data security, and breach notification.

OBJECTIVES

Introduction to European Data Protection

• Origins and Historical Context
• European Regulatory Institutions
• Legislative Framework

European Data Protection Law and Regulation

• Data Protection Concepts
• Application of the Law
• Data Protection Principles
• Legitimate Processing Criteria
• Information Provision Obligations
• Data Subjects Rights
• Confidentiality and Security
• Notification Requirements
• International Data Transfers
• Supervision and enforcement

Compliance with European Data Protection Law and Regulation

• Employment Relationship
• Surveillance Activities
• Marketing Activities
• Internet Technology and Communications
• Outsourcing

AUDIENCE

• Individuals who need a foundational understanding of information privacy and data protection
• Anyone interested in pursuing CIPP/E certification

CERTIFICATION

The examination blueprint indicates the minimum and maximum number of items that are included on the CIPP/E examination from the major areas of the Body of Knowledge. Questions may be asked from any of the listed topics under each area. You can use this blueprint to guide your preparation for the CIPP/E examination. For example, about 60% of the questions on the CIPP/E examination come from domain II.

NEXT STEP

CIPM

CIPT

CONTENT

I. Introduction to European Data Protection

- Origins and Historical Context

• Rationale for data protection
• Human rights laws
• Early laws and regulations
• The need for a harmonised European approach
• The Treaty of Lisbon

- European Regulatory Institutions

• Council of Europe
• European Court of Human Rights
• European Parliament
• European Commission
• European Council
• European Court of Justice

- Legislative Framework

• The Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data of 1981 (The CoE Convention)
• The EU Data Protection Directive (95/46/EC)
• The EU Directive on Privacy and Electronic Communications (2002/58/EC) – as amended
• The EU Data Retention Directive (2006/24/EC)
• National data protection laws across Europe

II. European Data Protection Law and Regulation

- Data Protection Concepts

• Personal data
• Sensitive personal data
• Processing
• Controller
• Processor
• Data subject

- Application of the Law

• Establishment in the EU
• Non-establishment in the EU

- Data Protection Principles

• Fairness and lawfulness
• Purpose limitation
• Proportionality
• Data quality

- Legitimate Processing Criteria

• Consent
• Contractual necessity
• Legal obligation, vital interests and public interest
• Legitimate interests
• Special categories of processing

- Information Provision Obligations

• Transparency principle
• Privacy notices
• Layered notices

- Data Subjects Rights

• Subject access
• Rectification, erasure or blocking of data
• Right to object
• Automated individual decisions

- Confidentiality and Security

• Appropriate technical and organisational measures
• Breach notification
• Engaging processors

- Notification Requirements

• Contents of notification
• Prior checking
• National registers

- International Data Transfers

• Rationale for prohibition
• Safe jurisdictions
• Safe Harbor
• Model contracts
• Binding Corporate Rules (BCRs)
• Derogations

- Supervision and enforcement

• Supervisory authorities and their powers
• The Article 29 Working Party
• Role of the European Data Protection Supervisor (EDPS)

III. Compliance with European Data Protection Law and Regulation

- Employment Relationship

• Legal basis for processing of employee data
• Storage of personnel records
• Workplace monitoring
• EU Works councils
• Whistleblowing systems

- Surveillance Activities

• Communications
• Closed-circuit television (CCTV)
• Biometric authentication
• Location-based services (LBS)

- Marketing Activities

• Telemarketing
• Direct marketing
• Online behavioural targeting

- Internet Technology and Communications

• Cloud computing
• Web cookies
• Internet Protocol (IP) addresses
• Search engine marketing (SEM)
• Social networking services

- Outsourcing

• Data protection obligations in an outsourcing contract
• Offshoring