CIPP/E • IAPP Body of Knowledge 2025
CIPP/E MASTER COURSE
Enterprise Grade • Zero Prerequisites • Fully Self-Contained course
Based strictly on the official IAPP CIPP/E Body of Knowledge 2025.
Each chapter includes objectives, beginner→expert explanations, EDPB references, scenarios, mini-cases, exam-style questions and concise summaries.
Structure Overview
Five domains — each with 50 chapters. Each chapter is self-contained and designed to be Certifications-ready.
Media Rich
Video lessons (10+ min), podcast audio (45 min), PDF notes (10+ pages), and chapter deck for every chapter.
Exam-Mapped
Mapped to IAPP competencies and performance indicators.
Curriculum — Full Chapter List
Expand any domain to view the 50 chapter titles. Each chapter will be authored with learning objectives, EDPB mapping, scenarios, mini-cases, exam questions and summaries.
DOMAIN I — Introduction to European Data Protection (50 Chapters)
Section A — Origins & Historical Context (Ch 1–20)
1. What Is Data Protection? 2. Why Europe Became the Birthplace of Data Protection 3. Human Rights Foundations – UDHR & ECHR 4. Article 8 ECHR – Right to Privacy 5. OECD Guidelines (1980): Origins of Modern Privacy 6. Council of Europe & Convention 108 7. Convention 108+: Modernised Protection 8. Treaty of Lisbon & Charter of Fundamental Rights 9. Early Data Protection Laws of EU Member States 10. Rise of the Need for Harmonization 11. Conflicts & Fragmentation Before GDPR 12. Technology Shifts that Forced Legal Change 13. EU Institutions Behind Privacy (Overview) 14. European Commission – Role in Data Protection 15. European Parliament – Legislative Role 16. Council of the EU – Policymaking Role 17. Court of Justice of the EU – Interpreting Privacy 18. European Court of Human Rights – Human Rights Enforcement 19. Impact of Brexit on EU Data Protection 20. How GDPR Emerged in 2016
Section B — European Institutions (Ch 21–35)
21. Council of Europe – Privacy Influence 22. European Commission – Enforcement & Proposals 23. CJEU Power to Interpret GDPR 24. Understanding EU Legislative Process 25. EU Law vs National Law 26. Roles of Supervisory Authorities 27. Cooperation and Consistency Mechanism 28. EDPB Structure & Role 29. EDPS Role 30. One-Stop-Shop Concept 31. Legal Hierarchy in the EU 32. Role of National Parliaments 33. Role of Independent Authorities 34. Cross-Border Investigations Framework 35. Impact of EU Case Law on Privacy
Section C — Legislative Framework (Ch 36–50)
36. 95/46/EC Data Protection Directive 37. ePrivacy Directive (2002/58/EC) 38. Electronic Commerce Directive (2000/31/EC) 39. NIS/NIS2 Directives 40. EU Artificial Intelligence Act (AIA) 41. Sectoral Privacy Laws (Banking/Telecom) 42. GDPR Principles Overview 43. Lawfulness, Fairness, Transparency 44. Purpose Limitation 45. Data Minimization 46. Accuracy 47. Storage Limitation 48. Integrity & Confidentiality 49. Accountability 50. Test Your Knowledge — Domain I Exam Review
DOMAIN II — European Data Protection Law & Regulation (50 Chapters)
Section A — Basic GDPR Concepts (Ch 51–70)
51. What Is Personal Data? 52. Special Categories of Data 53. Pseudonymisation 54. Anonymisation 55. Identifiability: Direct vs Indirect 56. Data Subject Definition 57. Controller Concept 58. Processor Concept 59. Joint Controllers 60. EDPB Guidance on Controller–Processor 61. Lawfulness Overview 62. Transparency as a Principle 63. Profiling & Automated Decisions 64. Children’s Data 65. Research/Archiving Data Framework 66. Data Protection Principles Case Studies 67. Identifying Personal vs Non-Personal Data 68. Data Classification Methods 69. Sensitive Use Cases (Health, Biometrics) 70. Domain II Practice Drill
Section B — Security of Personal Data (Ch 71–95)
71. Security Under GDPR – Overview 72. Appropriate Technical Measures 73. Organizational Measures 74. Encryption 75. Access Controls 76. User Permissions Architecture 77. Data Breach Definition 78. Breach Notification to SA 79. Breach Notification to Individuals 80. EDPB Breach Guidelines 81. Records of Processing Activities (RoPA) 82. Vendor Management 83. Due Diligence for Processors 84. Processor Agreements 85. Data Sharing Principles 86. Third-Party Assessments 87. Supply Chain Security 88. Data Retention Security 89. BCP & Disaster Recovery 90. Cloud Security Basics 91. Real-World Breach Scenarios 92. Internal Security Audits 93. Data Loss Prevention 94. Employee Access Risks 95. Domain II Security Review
Section C — Data Subject Rights (Ch 96–120)
96. Overview of Data Subject Rights 97. Right of Access 98. Right of Rectification 99. Right to Erasure 100. Restriction of Processing 101. Right to Object 102. Right to Withdraw Consent 103. Data Portability 104. Automated Decision-Making 105. Profiling Scenarios 106. Timeframes for Responding 107. EDPB Guidelines on Rights 108. Denying Requests – Legal Basis 109. Validating Identity for Requests 110. Handling Excessive Requests 111. Employee Rights Cases 112. Children’s Rights 113. Marketing-Related Rights 114. Fraud & Abuse Prevention 115. AI/Automated Systems — Rights 116. Subject Rights Register 117. Escalations to Supervisory Authority 118. Real-World Request Examples 119. Case Law Review 120. Domain II Rights Mastery Exam
DOMAIN III — European Data Processing (50 Chapters)
Section A — Core Processing Principles (Ch 121–135)
121. Fairness 122. Lawfulness 123. Proportionality 124. Purpose Limitation 125. Data Minimization 126. Accuracy 127. Storage Limitation 128. Integrity & Confidentiality 129. GDPR vs ePrivacy 130. Balancing Tests 131. Necessity Assessment 132. Legitimate Interest Test 133. Processing Scenarios 134. Practical Case Studies 135. Domain III Principles Review
Section B — Lawful Basis (Ch 136–160)
136. Consent 137. Contractual Necessity 138. Legal Obligation 139. Vital Interests 140. Public Interest 141. Legitimate Interests (LIA + 3-part test) 142. EDPB Guidance 143. Employee Data Lawful Basis 144. Marketing Lawful Basis 145. Children’s Consent 146. Special Category Data 147. Article 9 Conditions 148. Criminal Offence Data 149. Biometrics 150. Health Data 151. Financial Services Processing 152. HR Data Processing 153. Scientific Research Basis 154. Legitimate Interests Documentation 155. Lawful Basis Decision Tree 156. Changing Lawful Basis 157. Recording Lawful Basis 158. Case Studies 159. Common Exam Traps 160. Lawful Basis Quiz
Section C — Information Provision (Ch 161–175)
161. Transparency 162. Article 12–14 Requirements 163. Layered Notices 164. Privacy Notice – Structure 165. Just-in-Time Notices 166. Cookie Notices 167. Marketing Disclosures 168. Employee Notices 169. Children’s Notices 170. Mobile App Notices 171. AI Systems Transparency 172. Data Collection Points 173. CCTV Notices 174. Digital Identity Notices 175. Practice: Rewrite a Privacy Notice
Section D — International Transfers (Ch 176–200)
176. Why Transfers Are Restricted 177. Adequacy Mechanism 178. Adequacy Decisions 179. Schrems I 180. Schrems II 181. EU–US Data Privacy Framework 182. Other National Adequacy Issues 183. Standard Contractual Clauses (SCCs) 184. How to Implement SCCs 185. BCRs – Structure 186. Codes of Conduct 187. Certifications 188. Article 49 Derogations 189. TIA (Transfer Impact Assessment) 190. EDPB TIA Guidelines 191. Encryption in Transit & Rest 192. Cloud Transfers 193. Global Vendor Chains 194. US Cloud Providers 195. Real-World Transfer Scenarios 196. Updating Transfer Tools 197. Law Enforcement Access 198. Multinational Organization Case 199. Common Exam Mistakes 200. International Transfers Final Exam
DOMAIN IV — Scope & Accountability (50 Chapters)
Section A — Territorial & Material Scope (Ch 201–215)
201. Material Scope – What GDPR Covers 202. Territorial Scope 203. Establishment in the EU 204. Non-EU Controllers Targeting EU 205. Goods & Services Targeting Test 206. Monitoring Behavior 207. Exemptions 208. Household Exemption 209. Criminal Data Exemption 210. Immigration/Border Cases 211. Public Authorities 212. Extraterritorial Reach 213. EDPB Scope Guidelines 214. Multi-Country Scenarios 215. Domain IV Scope Quiz
Section B — Accountability Requirements (Ch 216–240)
216. Accountability Principle 217. Data Protection by Design 218. Data Protection by Default 219. Documentation Obligations 220. DPIAs — Overview 221. Criteria Requiring DPIA 222. High-Risk Processing 223. DPIA Template & Components 224. How to Conduct a DPIA 225. Prior Consultation Mechanism 226. Mandatory DPO Requirements 227. DPO Independence Requirements 228. DPO Tasks 229. Records of Processing Activities 230. Security Audits 231. Vendor Accountability 232. Joint Controller Agreements 233. Processor Obligations 234. Processor Monitoring 235. Incident Response Plans 236. Training & Awareness 237. Governance Frameworks 238. Data Ethics 239. Maturity Models 240. CAP Exam Prep
Section C — Supervision & Enforcement (Ch 241–245)
241. Roles of SA 242. Lead Supervisory Authority 243. Cooperation Mechanism 244. Consistency Mechanism 245. EDPS & EDPB
Section D — Consequences of Violations (Ch 246–250)
246. Administrative Fines 247. Categories of Fines 248. Compensation Claims 249. Class Actions 250. Final Domain IV Exam
DOMAIN V — Compliance with European DP Law (50 Chapters)
Section A — Employment Data (Ch 251–270)
251. Employee Data Basics 252. Lawful Basis for HR Data 253. Personnel File Storage 254. HR Retention 255. Employee Monitoring 256. Keylogging, Email Scans 257. BYOD Risks 258. Data Loss Prevention 259. Whistleblowing Systems 260. Works Councils 261. Remote Work Compliance 262. Biometric Attendance 263. Video Monitoring at Work 264. Employee Access Requests 265. HR Access Controls 266. GDPR in Hiring 267. Background Checks 268. Health/Medical HR Data 269. Cross-Border HR Data 270. HR Case Studies
Section B — Surveillance (Ch 271–285)
271. Public Authority Surveillance 272. Communications Interception 273. CCTV Legal Requirements 274. Geolocation 275. Biometrics 276. Facial Recognition 277. EDPB Surveillance Guidelines 278. Workplace Surveillance 279. Data Minimization for Surveillance 280. Smart Cities Surveillance 281. Police Access Rules 282. Government Security Databases 283. Mobile Tracking 284. Dashboard Cameras 285. Real-Life Surveillance Cases
Section C — Direct Marketing (Ch 286–300)
286. ePrivacy + GDPR Marketing Rules 287. Opt-In vs Opt-Out 288. PECR (UK example for contrast) 289. Email Marketing Rules 290. SMS Marketing 291. Telemarketing 292. Profiling for Marketing 293. Cookie-Based Targeting 294. EDPB OBA Guidelines 295. AdTech Ecosystem 296. Do-Not-Track 297. Children in Marketing 298. Cross-Device Tracking 299. Marketing Case Studies 300. Domain V Marketing Quiz
Section D — Internet Technology & Communications (Ch 301–325)
301. Cloud Computing Compliance 302. Cloud Contracts 303. Web Cookies 304. Cookie Banners 305. Dark Patterns 306. Social Media Compliance 307. Platform Liability 308. SEM (Search Engine Marketing) 309. AI & ML Compliance 310. Algorithmic Transparency 311. Deepfakes & Misuse 312. IoT Devices 313. Smart Home Data 314. App Permission Models 315. Browser Privacy Models 316. Zero-Party/First-Party Data 317. Data Lakes & Big Data 318. Encryption Best Practices 319. Network Security 320. Distributed Systems Compliance 321. DPIA for IT Projects 322. Cloud Vendor Audits 323. Case Law on Technology Use 324. Ethics + AI 325. Final Domain V Master Test
Pricing & Plans
Self‑Paced — Full Course
One-time purchase · Lifetime access
Contact
250 chapters · 300+ hours · Video + Podcast + PDFs + Decks
Pro — Live Cohort
Limited seats
Contact
Includes live Q&A, graded assignments and certificate of completion
Instructor & Credibility
Course Authors
Experienced privacy professionals instructor with 20+ years of Experience.
Includes: Case studies, templates, and enterprise runbooks.
Get Started
Enroll now and gain access to recorded lessons, podcast episodes, PDFs and instructor decks.
Email: contact@durgaanalytics.com