Real CIPP/E Prep: An American’s Guide to European Data Protection Law And the General Data Protection Regulation (GDPR)
By Gordon Yu
5/5
()
About this ebook
Gordon Yu, Esq., MBA passed the CIPP/E on his first try. What about you?
How to Pass the CIPP/E
Santa Clara Law administered an old version of the CIPP exam in January 2015 to over 20 of its law students. Prof. Eric Goldman reports that only half of them passed. Furthermore, he reports, "I didn't see any clear correlation between law school GPA and passage rates."
Prof. Goldman's students agreed that the CIPP is a test of "minutiae." They recommended memorization and recitation to pass. They're right.
I recommend you recite (read out loud) the contents of this book as you work through it.
Why This Book Exists
First, I was unimpressed by IAPP's training materials. The $75, 382-page IAPP book wastes the test-taker's time by drowning them in a deluge of unnecessary detail. Ignore it. Then there's IAPP's $1,000 CIPP/E training. This book discusses my concerns with that training.
Don't worry about going off-brand. IAPP FAQ #7 states, "to maintain accreditation, ISO requires a separation between the IAPP's certification and training departments." And thank God for that.
Second, this book puts the test-taker on equal footing as someone who has $1,000 to spend. Whether IAPP's $1,000 price tag is reasonable is beyond the scope of this book.
Third, many privacy professionals planned to take the CIPP/E after they finished their GDPR implementations. I wanted to help and support them.
About the Author
Gordon Yu, Esq., MBA, CIPP/E, is currently a partner at Westmoreland Partners, LLP, a group of C-level executives who offer integrated financial, operations, and legal advisory services. He also serves as general counsel and CFO of Advancing Women in Product, a nonprofit.
He has educated hundreds of executives, professionals, graduates, and undergraduates at the George Washington University, where he earned the top 10% of faculty distinction, as well as his JD and MBA. He has taken and passed many exams, and also written and administered several more.
Previous to his current roles, he was chief legal officer of a family of healthcare providers; a Capitol Hill lobbyist; a Manhattan litigation associate at a (then) Global 10 law firm; and a federal employee in both the largest and second largest agencies (Defense and HHS), where he managed a $27M cybersecurity program.
He is licensed to practice law in New York, the District of Colorado, the Eastern District of Michigan, and before the United States Supreme Court.
Related to Real CIPP/E Prep
Related ebooks
Intro to GDPR: A Plain English Guide to Compliance Rating: 0 out of 5 stars0 ratingsEU GDPR – An international guide to compliance Rating: 0 out of 5 stars0 ratingsData Protection and Compliance: Second edition Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide Rating: 5 out of 5 stars5/5Ultimate GDPR Practitioner Guide (2nd Edition): Demystifying Privacy & Data Protection Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR), third edition: An Implementation and Compliance Guide Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition Rating: 0 out of 5 stars0 ratingsEU GDPR - A pocket guide, second edition Rating: 0 out of 5 stars0 ratingsData Protection Compliance in the UK: A Pocket Guide Rating: 5 out of 5 stars5/5ISO/IEC 27701:2019: An introduction to privacy information management Rating: 4 out of 5 stars4/5Data Protection Officer Rating: 3 out of 5 stars3/5The California Consumer Privacy Act (CCPA): An implementation guide Rating: 4 out of 5 stars4/5The California Privacy Rights Act (CPRA) – An implementation and compliance guide Rating: 0 out of 5 stars0 ratingsThe Ultimate GDPR Practitioner Guide: Demystifying Privacy & Data Protection Rating: 0 out of 5 stars0 ratingsCybersecurity Law, Standards and Regulations, 2nd Edition Rating: 0 out of 5 stars0 ratingsGDPR-standard data protection staff training: What employees & associates need to know by Dr Paweł Mielniczek Rating: 0 out of 5 stars0 ratingsThe Basics of Digital Privacy: Simple Tools to Protect Your Personal Information and Your Identity Online Rating: 0 out of 5 stars0 ratingsFundamentals of Information Security Risk Management Auditing: An introduction for managers and auditors Rating: 5 out of 5 stars5/5GDPR - Standard Data Protection System In 16 Steps Rating: 0 out of 5 stars0 ratingsIAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsCIPM A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCIPT A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsIAPP CIPM Certified Information Privacy Manager Study Guide Rating: 0 out of 5 stars0 ratingsThe Layman's Guide GDPR Compliance for Small Medium Business Rating: 5 out of 5 stars5/5Privacy By Design A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsGDPR for DevOp(Sec) - The laws, Controls and solutions Rating: 5 out of 5 stars5/5Privacy by design A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsPrivacy’s Blueprint: The Battle to Control the Design of New Technologies Rating: 5 out of 5 stars5/5A Last Minute Hands-on Guide to GDPR Readiness Rating: 0 out of 5 stars0 ratingsData Privacy Complete Self-Assessment Guide Rating: 5 out of 5 stars5/5
Security For You
Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsMike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5The Pentester BluePrint: Starting a Career as an Ethical Hacker Rating: 4 out of 5 stars4/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5
Reviews for Real CIPP/E Prep
1 rating0 reviews
Book preview
Real CIPP/E Prep - Gordon Yu
About the Author
Prof. Gordon Yu, Esq., MBA, CIPP/E, is currently a partner at Westmoreland Partners, LLP, a group of C-level executives who offer C-suite, transitional, and advisory services. He also serves as general counsel and chief financial officer of Advancing Women in Product, a nonprofit. His personal area of expertise is all legal matters, including GDPR compliance.
He has educated hundreds of executives, professionals, graduates, and undergraduates at the George Washington University, where he earned the top 10% of faculty designation, and where he earned his JD and MBA. He has taken and passed approximately a million exams and also written and administered his own exams to students.
Previous to his current roles, he was chief legal officer of several healthcare providers overseeing 80 staff; on the board of a Silicon Valley nonprofit; a Capitol Hill lobbyist; a Manhattan litigation associate at a (then) Global 10 law firm; and a federal employee in both the largest and second largest agencies (Defense and HHS), where he managed a $27M cybersecurity program. He is also a published statistician.
He is licensed to practice law before the New York Supreme Court, District of Colorado, Eastern District of Michigan, and the United States Supreme Court.
He welcomes your feedback.
Send it to him on LinkedIn.
Acknowledgements
A gigantic thank you to Ami Rodriguez, Esq., CIPP/US, CIPM, for introducing me to data privacy law and her innumerable insights to this book.
All errors are my own.
Unless they’re IAPP’s.
Why This Book Exists
First, I was unimpressed by IAPP’s training materials.
The $75, 382-page IAPP book wastes the test-taker’s time. It drowns test-preparers in a deluge of unnecessary detail. Ignore it. (Later, if you’re a practitioner seeking a desk reference, it’s OK.)
First, I was unimpressed by IAPP’s training materials. The $75, 382-page IAPP book wastes the test-taker’s time by drowning them in a deluge of unnecessary detail. Ignore it. Then there’s IAPP’s $1,000 CIPP/E training. This book discusses my concerns with that training.
Don’t worry about going off-brand. IAPP FAQ #7 states, to maintain accreditation, ISO requires a separation between the IAPP’s certification and training departments.
And thank God for that.
Second, this book puts the test-taker on equal footing as someone who has $1,000 to spend. Whether IAPP’s $1,000 price tag is reasonable is beyond the scope of this book.
Third, many privacy professionals planned to take the CIPP/E after they finished their GDPR implementations. I wanted to help and support them.
Fourth, I wished to create a living document that evolves with each update to IAPP’s common body of knowledge.
If you are interested in co-authoring the next edition whenever IAPP releases its next Body of Knowledge, please contact me via LinkedIn.
How to Pass the CIPP/E
Santa Clara Law administered an old version of the CIPP exam in January 2015 to over 20 of its law students. Prof. Eric Goldman reports that only half of them passed. Furthermore, he reports, I didn’t see any clear correlation between law school GPA and passage rates.
Prof. Goldman’s students agreed that the CIPP is a test of minutiae.
They recommended memorization and recitation to pass. They’re right.
I recommend you recite (read out loud) the contents of this book as you work through it. Then recite it again. Recite the sections until you know the content flat. Until it utterly bores you.
I’ve marked some sections as memorize. These sections are confusing and lend themselves to IAPP’s needlessly tricky exam questions. I recommend you make flash cards to commit these to memory.
Other sections are marked skim or let’s think about. This material is not on the exam. Don’t recite it.
Another tip: back when I studied for the bar exam, I had an idiot Barbri instructor. The only thing she said that made sense was, stick a photo of the dumbest lawyer you know to your computer as motivation.
I stuck her photo to my laptop. It works.
Finally, and unfortunately, due to my professional obligations, I pushed out this book out over the course of a couple weeks. There might be an error or two. If you spot an error, please look me up on LinkedIn and mention you concern in the Connection request. I would be delighted to update this book and acknowledge you in the new edition (if you’re OK with that).
I.
Introduction to European
Data Protection Law
IA. Origins and Historical Context
IA1. Rationale for data protection
Skim:
Preamble, GDPR
Let’s think about:
Europeans observe the Equifax breach (143,000,000 people affected) and Facebook’s role in Cambridge Analytica (more than 50,000,000 people affected). They observe chronic American apathy. That is a rationale for European data protection law.
European public authorities such as the Gestapo and Stasi