4 min read

5 Tips to Get Your IAPP Certification

Looking to get your IAPP certification? Check out our favorite tips and lessons learned!


Getting an IAPP certification can sometimes be more art than science.

The financial cost of under-studying, failing, and re-taking an IAPP certification is at least $375. Picking the best study resources, avoiding common pitfalls, and knowing how to study are all as important as knowing what to study.

These tips help you avoid certification pitfalls and pass your IAPP exams.

They provide words of caution, encouragement, humility, and accountability. However, the goal is always the same—to help you get your IAPP certification.

  1. Have a game plan
  2. If you can, find a community
  3. Choose your study resources wisely
  4. Give yourself time, but be accountable
  5. Your professional experience may not translate

Have a Game Plan

IAPP certifications are a maze—you need a game plan. Where do you start?

You'll need two crucial resources: the Body of Knowledge and Exam Blueprint.

The Body of Knowledge outlines the specific topics covered by the certification. Meanwhile, the Exam Blueprint specifies the minimum and maximum number of exam questions on each of those topics.

What pitfalls do these help you avoid? Here are a few:

  1. The IAPP does not test all exam content equally
  2. Official textbooks may include unnecessary information
  3. Official textbooks may not cover all required topics (!!)

Would you spend the same time studying a topic that only has 2 questions or 13 questions? Hopefully not. In that case, review the Exam Blueprint to ensure you're spending your study time appropriately based on the number of exam questions.

The authors of the official textbooks and IAPP exam writers are explicitly separate groups—this is by design. However, this means that sometimes the official textbooks contain extraneous and unnecessary information for the exam. The Body of Knowledge helps you identify these topics and skip them (if you wish).

Privacy requirements change continuously. Textbooks? Not so much.

The official textbooks may be outdated and not cover all required topics. Despite this, the IAPP may still test you on this new material. Review the Body of Knowledge before you start studying to account for any potential discrepancies and supplement your study resources as needed.

In short, have a game plan. Invest your study time well.

If You Can, Find a Community

Studying for IAPP certifications can be lonely, isolating, and challenging.

It's easy to get discouraged, spin your wheels, and feel like you're not making progress toward your certification goals. How do you keep going when you spend nights and weekends with your nose in privacy laws?

If you can, find a community.

This community can be of any size or shape. It could be a single coworker, a study group, a Google or Facebook Group, or some other ad hoc community.

The community holds you accountable and supports you when you need it.

It's helpful to have a group of individuals all pursuing a common goal. It serves as a sounding board when you have questions and helps ease your concerns when you encounter difficult topics or uncertainty.

I'm always happy to answer questions via LinkedIn or email. If you're struggling to find a good study community, or just want to talk to someone, send me a message!

We need more passionate privacy people—you're part of that.

Choose Your Study Resources Wisely

Official resources are not inherently better or more affordable than unofficial ones.

Some official IAPP resources are invaluable and others we rarely recommend. Some study resources are cost-prohibitive. They cost an arm and a leg but can provide limited value.

Similarly, there are plenty of free or cheap third-party resources that have issues. These resources may suffer from issues with correctness, grammar, and overall quality, and may be detrimental to your studies. Be wary of poor quality.

Our favorite resources are mostly free or low-cost from the IAPP!

Aside from avoiding resources like the IAPP online training, it's hard to go wrong with the other IAPP resources. For example, we're absolute fans of the Body of Knowledge, Exam Blueprint, and Practice Exams provided by the IAPP.

When reaching for third-party resources, first evaluate for quality and recency.

Look for resources with excellent reviews that are updated frequently. IAPP exams move quickly and are updated annually—don't rely on outdated study materials.

For more detailed recommendations, check out our dedicated blog post!

Give Yourself Time, But Be Accountable

IAPP certifications expect a lot out of you and it feels like you can study forever.

It's easy to get lost in the privacy requirements and feel you never quite know the material well enough. This quickly leads to a never-ending study cycle.

IAPP certification exams primarily use hypothetical, scenario-based questions. Memorizing facts and definitions is important, but you must be able to apply them to novel situations—just as you would as a privacy practitioner.

For topics like privacy laws, make sure you understand the atomic bits.

You should memorize who the law covers, when it applies, penalties for non-compliance, interactions with other laws, etc. Once you've memorized these facts, you can then practice applying them to hypothetical scenarios.

This comprehension takes time and repetition. How do you avoid the study cycle?

Pick a reasonable date and schedule your certification exam.

Probably don't pick next Saturday. In my experience, 2-3 months out is just right.

Having this hard deadline gives you time to digest and comprehend the material. However, it also establishes a goalpost and helps hold yourself accountable.

At some point, trust yourself that you're ready—you've put in the work.

Your Professional Experience May Not Translate

I've seen many wonderful privacy people fail IAPP certification exams.

IAPP certifications may introduce familiar privacy topics in an unfamiliar way.

Not all IAPP certifications are grueling. However, they are often particular. You may understand the same topic perfectly within your organization. However, the IAPP expects a specific vocabulary and way of thinking for the exams.

This is most frustrating for the CIPM and CIPT, and less frustrating for the CIPPs.

For example, the CIPT defines topics like pseudonymization and anonymization. You may disagree with these definitions based on personal expertise, company policy or standards, industry-specific guidelines, etc.

Please don't skip over an exam topic because you believe you already know it.

You must use the IAPP's definitions for the certification exam. 

Especially for the CIPM and CIPT, take your time and review these topics.

Ensure your understanding and definitions match the way the IAPP expects you to understand it. Save yourself the $375 re-take fee and the added headache.

Don't assume that your expertise translates directly to the certification exam.

Wrapping Up

I sincerely hope this post was accessible, useful, and practical for you. If you have any feedback on this post, please let me know. Cheers.