CIPM: Certified Information Privacy Manager
I recently became a Certified Information Privacy Manager certified by IAPP — International Association of Privacy Professionals. It’s been such a journey!
-What is CIPM?
-How did I study?
-How was the exam?
-Do you need prior experience?
-Final notes and disclaimer!
CIPM is the golden standard of privacy management all around the world. International Association of Privacy Professionals certifies privacy professionals in different areas such as Management, Technology, Europe Privacy, Asia Privacy, US Privacy.
You can take the exam once a month in an official training center or you can take it online. It costs 550 $ per exam. If you pass or fail one, it decreases to 375 $. It is a 90 multiple-choice question exam but there are cases and review questions.
I mainly focused on the official book “Privacy Program Management: Tools for Managing Privacy Within Your Organization.” by Russell Densmore CIPM, FIP, CISSP, CIPT, CIPP US/EU. I read it once, took notes on separate sheets. Studied my notes afterward. I also reviewed some privacy pros’ notes not to miss anything.
I took a look at the “All-in-one Exam Guide” of Peter H. Gregory, I would’ve deep-dived if I hadn’t got prior experience in this field. I found lots of questions online to test my knowledge. There were plenty of websites selling questions, demos, cases, and so on.
To be honest it was good to test my skills but I figured out huge mistakes in every document I found so you have to be really cautious. There are some notes of people in Quizlet and Brainscape but I would be really cautious with them as well.
The exam was far better than I expected! I have certifications in a couple of fields but I felt tested and satisfied at the same time after a long period of time. It was testing my knowledge regarding privacy issues in the US, Canada, GDPR, and Asia zones.
The cases were really realistic and derived from real-life experience. In some questions, I felt like “Been there, done that!” or “I know that person, he/she is like x person in y company.”.There is always a budget cutter in every project and you still have to manage the project.
Sometimes there is a next-gen in the company who prioritizes privacy but conflicts with the other senior executives. Every 3/4 of local teams have a difference of opinions on how to interpret laws or lack of knowledge.
I believe you can pass the exam without prior experience in the field but it will take months of hard work. Case questions took judgment calls which you build brick by brick in years and I had some moments of “Yes, you can do any of them but if you are in the shoe of x…”
That was my journey, and I feel proud and relieved at the same time. Please note that I’m already managing privacy compliance projects for almost 3 years internationally in different sectors such as retail, construction, ports, technology, and startups.
I’m already a OneTrust fellow, ISO27001 LA, writing my thesis on privacy in an IT Law LLM program, so I have real experience in the field. It can require a more intense study than I did.
I really thank Vircon Group, Startup Hukuku, and Clemta for supporting me in the way.
I will need a huge shoutout to my lovely wife Zülal Metin Hacıpaşaoğlu for her support! Alican Yazdıç CIPP/E, CIPMwas always a guiding spirit as a privacy pro. I learned a lot from Leyla Keser and Mehmet Bedii Kaya about privacy laws and Ender Can about IT project management best practices.
Kerim Kaya, R. Okan Şencan, Ömer Kaya and Onur Sencan for being my partners for years while we are building a solid privacy-first, IT combined compliance team and practice.
Seren Deniz Yanık and Sena Evren for building a Vircon Data Protection methodology and coping with cases together.
If you have any questions or comments regarding the certification please drop a message. You can follow or connect with me (Erdem Mümtaz Hacıpaşaoğlu) for more floods about #privacy , #web30 and #startups .
