Real CIPP/E Prep: An American’s Guide to European Data Protection Law And the General Data Protection Regulation (GDPR)

By Gordon Yu

Gordon Yu, Esq., MBA passed the CIPP/E on his first try.  What about you?

How to Pass the CIPP/E

Santa Clara Law administered an old version of the CIPP exam in January 2015 to over 20 of its law students.  Prof. Eric Goldman reports that only half of them passed.  Furthermore, he reports, "I didn't see any clear correlation between law school GPA and passage rates."

Prof. Goldman's students agreed that the CIPP is a test of "minutiae."  They recommended memorization and recitation to pass.  They're right.

I recommend you recite (read out loud) the contents of this book as you work through it.

Why This Book Exists

First, I was unimpressed by IAPP's training materials.  The $75, 382-page IAPP book wastes the test-taker's time by drowning them in a deluge of unnecessary detail.  Ignore it.  Then there's IAPP's $1,000 CIPP/E training.  This book discusses my concerns with that training. 

Don't worry about going off-brand.  IAPP FAQ #7 states, "to maintain accreditation, ISO requires a separation between the IAPP's certification and training departments."  And thank God for that.

Second, this book puts the test-taker on equal footing as someone who has $1,000 to spend.  Whether IAPP's $1,000 price tag is reasonable is beyond the scope of this book.

Third, many privacy professionals planned to take the CIPP/E after they finished their GDPR implementations.  I wanted to help and support them.

About the Author

Gordon Yu, Esq., MBA, CIPP/E, is currently a partner at Westmoreland Partners, LLP, a group of C-level executives who offer integrated financial, operations, and legal advisory services.  He also serves as general counsel and CFO of Advancing Women in Product, a nonprofit.

He has educated hundreds of executives, professionals, graduates, and undergraduates at the George Washington University, where he earned the top 10% of faculty distinction, as well as his JD and MBA.  He has taken and passed many exams, and also written and administered several more.

Previous to his current roles, he was chief legal officer of a family of healthcare providers; a Capitol Hill lobbyist; a Manhattan litigation associate at a (then) Global 10 law firm; and a federal employee in both the largest and second largest agencies (Defense and HHS), where he managed a $27M cybersecurity program.

He is licensed to practice law in New York, the District of Colorado, the Eastern District of Michigan, and before the United States Supreme Court.

• Language: English
• Publisher: Gordon Yu
• Release date: Jul 4, 2018
• ISBN: 9781540114501

Book preview

About the Author

Prof. Gordon Yu, Esq., MBA, CIPP/E, is currently a partner at Westmoreland Partners, LLP, a group of C-level executives who offer C-suite, transitional, and advisory services. He also serves as general counsel and chief financial officer of Advancing Women in Product, a nonprofit. His personal area of expertise is all legal matters, including GDPR compliance.

He has educated hundreds of executives, professionals, graduates, and undergraduates at the George Washington University, where he earned the top 10% of faculty designation, and where he earned his JD and MBA. He has taken and passed approximately a million exams and also written and administered his own exams to students.

Previous to his current roles, he was chief legal officer of several healthcare providers overseeing 80 staff; on the board of a Silicon Valley nonprofit; a Capitol Hill lobbyist; a Manhattan litigation associate at a (then) Global 10 law firm; and a federal employee in both the largest and second largest agencies (Defense and HHS), where he managed a $27M cybersecurity program. He is also a published statistician.

He is licensed to practice law before the New York Supreme Court, District of Colorado, Eastern District of Michigan, and the United States Supreme Court.

He welcomes your feedback.

Send it to him on LinkedIn.

Acknowledgements

A gigantic thank you to Ami Rodriguez, Esq., CIPP/US, CIPM, for introducing me to data privacy law and her innumerable insights to this book.

All errors are my own.

Unless they’re IAPP’s.

Why This Book Exists

First, I was unimpressed by IAPP’s training materials.

The $75, 382-page IAPP book wastes the test-taker’s time. It drowns test-preparers in a deluge of unnecessary detail. Ignore it. (Later, if you’re a practitioner seeking a desk reference, it’s OK.)

First, I was unimpressed by IAPP’s training materials. The $75, 382-page IAPP book wastes the test-taker’s time by drowning them in a deluge of unnecessary detail. Ignore it. Then there’s IAPP’s $1,000 CIPP/E training. This book discusses my concerns with that training.

Don’t worry about going off-brand. IAPP FAQ #7 states, to maintain accreditation, ISO requires a separation between the IAPP’s certification and training departments. And thank God for that.

Second, this book puts the test-taker on equal footing as someone who has $1,000 to spend. Whether IAPP’s $1,000 price tag is reasonable is beyond the scope of this book.

Third, many privacy professionals planned to take the CIPP/E after they finished their GDPR implementations. I wanted to help and support them.

Fourth, I wished to create a living document that evolves with each update to IAPP’s common body of knowledge.

If you are interested in co-authoring the next edition whenever IAPP releases its next Body of Knowledge, please contact me via LinkedIn.

How to Pass the CIPP/E

Santa Clara Law administered an old version of the CIPP exam in January 2015 to over 20 of its law students. Prof. Eric Goldman reports that only half of them passed. Furthermore, he reports, I didn’t see any clear correlation between law school GPA and passage rates.

Prof. Goldman’s students agreed that the CIPP is a test of minutiae. They recommended memorization and recitation to pass. They’re right.

I recommend you recite (read out loud) the contents of this book as you work through it. Then recite it again. Recite the sections until you know the content flat. Until it utterly bores you.

I’ve marked some sections as memorize. These sections are confusing and lend themselves to IAPP’s needlessly tricky exam questions. I recommend you make flash cards to commit these to memory.

Other sections are marked skim or let’s think about. This material is not on the exam. Don’t recite it.

Another tip: back when I studied for the bar exam, I had an idiot Barbri instructor. The only thing she said that made sense was, stick a photo of the dumbest lawyer you know to your computer as motivation. I stuck her photo to my laptop. It works.

Finally, and unfortunately, due to my professional obligations, I pushed out this book out over the course of a couple weeks. There might be an error or two. If you spot an error, please look me up on LinkedIn and mention you concern in the Connection request. I would be delighted to update this book and acknowledge you in the new edition (if you’re OK with that).

I.

Introduction to European

Data Protection Law

IA. Origins and Historical Context

IA1. Rationale for data protection

Skim:

Preamble, GDPR

Let’s think about:

Europeans observe the Equifax breach (143,000,000 people affected) and Facebook’s role in Cambridge Analytica (more than 50,000,000 people affected). They observe chronic American apathy. That is a rationale for European data protection law.

European public authorities such as the Gestapo and Stasi