IAPP CIPM Learning Path

Learn about data privacy regulations and how to implement them in daily operations.

7 hours, 34 minutes

Quick facts

About this learning path

  • courses

    100% online

  • Duration

    7 hours, 34 minutes

  • Assessment



The CIPM training path equips you with the knowledge needed to pass the IAPP's CIPM exam and is designed to meet their Common Body of Knowledge. The CIPM takes the assumption that you are in charge of a new global privacy team for a global multinational. It uses this case study to run through the creation of a Personal Information Management System that creates a continually improving privacy program for the organization, in order to prepare you for the exam and for managing a real global privacy program in your own organization.



CIPM Practice Exam

Assessment - 35 questions

Developing a privacy program

Course - 00:41:00

This course discusses the fundamentals of breaking down an organization to understand its industry, stakeholders, drivers and influences, to uncover and document the "why" and "ethos" behind a business' new privacy program. Taking the example of a new privacy manager tasked with the creation of a new privacy program and discussing the fundamentals of what such a program should contain.
Privacy governance

Course - 00:27:00

This section of the learning path discusses the building blocks of your new privacy program, including resourcing and funding decisions, pitching privacy to individuals, goals, vision, strategy and policy. Includes a look at creating the right structures to manage the privacy program across a global enterprise.
Privacy program frameworks

Course - 00:38:00

This course discusses existing legislation, standards and frameworks that can be utilized to build a roadmap for your privacy program. This includes a discussion of using these frameworks to best effect, and vendor tools and technology pros and cons.
Legal jurisdictions and global data flows

Course - 00:53:00

This course discusses differing approaches to privacy globally, and how to incorporate these in global data governance programs, accounting for similarity and variance. It also discusses data localization laws and restrictions on data transfer, and mechanisms that can be used to effect data transfers legally.
Data assessments

Course - 01:03:00

This course discusses approaches to data assessments, including risk assessments, DPIAs, data inventories, supplier evaluations, physical audits and more. The goal of this is to establish the current levels of privacy maturity within the organization and to establish a program to raise the maturity to the desired level of the management.

Course - 00:19:00

This course discusses policies, procedures, guidance and privacy notices, and outlines the differences between different types of documentation required to manage privacy programs. It goes on to discuss approaches to managing documentation effectively.
Privacy rights

Course - 00:53:00

This course looks at global privacy rights, using the EU GDPR as its focus. Topics include transparency, subject access requests, erasure, rectification, objection, portability, automated decision-making and general complaints. You'll see when each one applies and what strategies can be employed to effectively manage rights requests from individuals.
Training and awareness

Course - 00:19:00

This course looks at understanding competencies required to fulfill data protection roles, evidencing where competencies are in place and assessing actions to fulfil them, including different types of training for different audiences. Once training has been delivered, awareness programs are needed to keep general messaging and awareness high, and strategies are needed to deploy them.
Information security and protection of data

Course - 00:44:00

This course looks at the basics of information security, focusing on risk assessment to keep the level of technical and organizational controls appropriate to the organization. Legal requirements for breach notification are discussed, along with security standards such as ISO 27001, 27002 and SOC 1 and 2.
Managing a security breach

Course - 00:37:00

This course looks at what happens when security is breached, including the difference between an incident and a breach and steps to be taken in order to detect, assess, respond to and learn from security incidents. A well-managed security event can make the difference between disaster and a positive learning experience for all.
Continual improvement

Course - 00:44:00

This course discusses the Plan-Do-Check-Act continual improvement cycle, including how to set up objective and goals, establish measurements, metrics and monitoring. It includes auditing a privacy program and making the best use of checks in order to use actions and horizon scanning to create a continually improving privacy management program.

Meet the author

Ralph O'Brien

Ralph is a trusted advisor on Global Privacy and Security compliance, practices and management. His experience includes strategic GDPR adoption programs, advisory services and assurance delivery in global multinational environments.

He has worked in a wide variety of industry sectors including Defense, Public Sector, Pharma and Financial Services, representing both multinational corporations and boutique specialist consultancies.

He continues to be a hands-on practitioner, combining business-level consultancy with training and technical experience. He was responsible for the first global joint 27001/25999 management system to be certified. With a focus on business processes and the protection of information, and an ethos of management assurance, risk management and knowledge transfer he continues to ensure effective protection of assets appropriate to the business needs of the client.

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo