2018 EDITION
A CONCISE GUIDE TO
PASSING THE CERTIFIED
INFORMATION PRIVACY
PROFESSIONAL/EUROPE
(CIPP/E) EXAM
CHRISTEN LUDWIG
c CHRISTEN LUDWIG
,A CONCISE GUIDE TO PASSING THE IAPP CERTIFIED
INFORMATION PRIVACY PROFESSIONAL/EUROPE (CIPP/E)
EXAM
CHRISTEN LUDWIG
1. INTRODUCTION TO THE EUROPEAN DATA PROTECTION 1
A. Origins and Historical Context of Data Protection
Law
B. European Union Institutions
C. Legislative Framework
2. EUROPEAN DATA PROTECTION LAW AND REGULATION 7
A. Key Data Protection Concepts
B. Territorial and Material scope of the GDPR
C. Data Protection Principles
D. Lawful Processing Criteria
E. Information Provision Obligations
F. Data Subject Rights
G. Security
H. Accountability
I. International Data Transfers
J. Supervision and enforcement
3. COMPLIANCE WITH EUROPEAN DATA PROTECTION LAW
AND REGULATION 24
A. Employment Relationship
B. Surveillance Activities
C. Direct Marketing
D. Internet Technology and Communications
1
, 1. INTRODUCTION TO THE EUROPEAN DATA PROTECTION
(REPRESENTATIVE MARK ALLOCATION: 4-10)
A. Origins and Historical Context of Data Protection Law (representative
mark allocation:1-2)
I. Rationale for Data Protection
Automated storage of personal information and the rise in cross-
border trade necessitated new laws that allowed individuals to
exercise control over their personal information. However, the
challenge was to balance State concerns for privacy and free trade
at the European Economic Community level.
II. Human rights laws
Universal Declaration of Human Rights 1948 (Articles 12, 19 and
29(2)) adopted on 10 December 1948 by the General Assembly of the
UN
Article 12- Right to a private life and associated freedoms.
Article 19- Right to freedom of expression.
Article 29(2) - individual rights are not absolute and there will
be instances where a balance must be struck.
European Convention on Human Rights 1953 – Council of
Europe (Articles 8 and 10)
Article 8 of the ECHR similar to Article 12 of the Human Rights
Declaration.
Article 10 addresses Right to freedom of expression.
Reechoes the need for balance of the Right to Privacy and the
Right to freedom of expression.
III. Early laws and regulations
The Council of Europe established a framework of specific principles
and standards to prevent unfair collecting and processing of
personal information.
2
A CONCISE GUIDE TO
PASSING THE CERTIFIED
INFORMATION PRIVACY
PROFESSIONAL/EUROPE
(CIPP/E) EXAM
CHRISTEN LUDWIG
c CHRISTEN LUDWIG
,A CONCISE GUIDE TO PASSING THE IAPP CERTIFIED
INFORMATION PRIVACY PROFESSIONAL/EUROPE (CIPP/E)
EXAM
CHRISTEN LUDWIG
1. INTRODUCTION TO THE EUROPEAN DATA PROTECTION 1
A. Origins and Historical Context of Data Protection
Law
B. European Union Institutions
C. Legislative Framework
2. EUROPEAN DATA PROTECTION LAW AND REGULATION 7
A. Key Data Protection Concepts
B. Territorial and Material scope of the GDPR
C. Data Protection Principles
D. Lawful Processing Criteria
E. Information Provision Obligations
F. Data Subject Rights
G. Security
H. Accountability
I. International Data Transfers
J. Supervision and enforcement
3. COMPLIANCE WITH EUROPEAN DATA PROTECTION LAW
AND REGULATION 24
A. Employment Relationship
B. Surveillance Activities
C. Direct Marketing
D. Internet Technology and Communications
1
, 1. INTRODUCTION TO THE EUROPEAN DATA PROTECTION
(REPRESENTATIVE MARK ALLOCATION: 4-10)
A. Origins and Historical Context of Data Protection Law (representative
mark allocation:1-2)
I. Rationale for Data Protection
Automated storage of personal information and the rise in cross-
border trade necessitated new laws that allowed individuals to
exercise control over their personal information. However, the
challenge was to balance State concerns for privacy and free trade
at the European Economic Community level.
II. Human rights laws
Universal Declaration of Human Rights 1948 (Articles 12, 19 and
29(2)) adopted on 10 December 1948 by the General Assembly of the
UN
Article 12- Right to a private life and associated freedoms.
Article 19- Right to freedom of expression.
Article 29(2) - individual rights are not absolute and there will
be instances where a balance must be struck.
European Convention on Human Rights 1953 – Council of
Europe (Articles 8 and 10)
Article 8 of the ECHR similar to Article 12 of the Human Rights
Declaration.
Article 10 addresses Right to freedom of expression.
Reechoes the need for balance of the Right to Privacy and the
Right to freedom of expression.
III. Early laws and regulations
The Council of Europe established a framework of specific principles
and standards to prevent unfair collecting and processing of
personal information.
2
