CIPM Certified Information Privacy Manager

The GDPR includes among its mandates the requirement to appoint knowledgeable DPOs (data protection officers) tasked with monitoring compliance, managing internal data protection activities, training data processing staff, conducting internal audits and more. There's a lot to know, there's a lot at stake and there's a lot of opportunity for privacy professionals with the right training and education.

This course is suitable for:

• Data Protection Officers
• Privacy Professionals
• Audit Professionals
• Legal Professionals
• Compliance Professionals
• Information Security Professionals

Principles of Privacy Management is the how-to training on implementing a privacy program framework, managing the privacy program operational lifecycle and structuring a knowledgeable, high-performing privacy team. Those taking this course will learn the skills to manage privacy in an organisation through process and technology—regardless of jurisdiction or industry.

The Principles of Privacy Program Management training is based on the body of knowledge for the IAPP’s ANSI-accredited Certified Information Privacy Manager (CIPM) certification program.

There are no specific prerequisites for this course.

The CIPM certification is comprised of two domains:

Domain 1: Privacy Program Governance

Domain 2: Privacy Program Operational Life Cycle

Domain 1 provides a solid foundation for the governance of a privacy program and defines how the privacy program may be developed, measured and improved.

1. Organisation Level

• Create a company vision
• Establish a privacy program
• Structure the privacy team

2. Develop the Privacy Program Framework

• Develop organisational privacy policies, standards and/or guidelines
• Define privacy program activities

3. Implement the Privacy Policy Framework

• Communicate the framework to internal and external stakeholders
• Ensure continuous alignment to applicable laws and regulations to support the development of an organizational privacy program framework

4. Metrics

• Identify intended audience for metrics
• Define reporting resources
• Define privacy metrics for oversight and governance per audience
• Identify systems/application collection points

Domain 2 details the management and operations of the privacy program governance model within the context of the organisation's privacy strategy. The Privacy Program Operational Life Cycle domain is built upon a common industry-accepted framework.

1. Assess Your Organisation

• Document current baseline of your privacy
• Processors and third-party vendor assessment
• Physical assessments
• Mergers, acquisitions and divestitures
• Conduct analysis and assessments, as needed or appropriate

2. Protect

• Data life cycle (creation to deletion)
• Information security practices
• Privacy by Design

3. Sustain

• Measure
• Align
• Audit
• Communicate
• Monitor

4. Respond

• Information requests
• Privacy incidents

The CIPM body of knowledge outlines all the concepts and topics that you need to know to become certified. The exam blueprint gives you an idea of how many questions from each topic area you can expect on the exam. We recommend you download and read the following publications provided by the IAPP:

• CIPM Body of Knowledge
• CIPM Exam Blueprint
• 2019 Certification Candidate Handbook