Tsaaro academy

for existing users only

Upcoming changes to the CIPM exam

Upcoming changes to the CIPM exam

cipm

The article covers the changes that have been made to the certification exam which will come into effect from 3rd October. People appearing for the exam before that may follow the earlier pattern but anyone after October 3rd should take a closer look at the syllabus.

 

The syllabus is divided into 6 parts, we will discuss below the changes to each one.

 

Part 1 – Developing a Privacy Policy

Earlier candidates were not required to understand how to plan inquiry/complaint handling procedures while developing a privacy program for the company, after 3rd October, this needs to be kept in mind. The structure of the privacy team has been consolidated to include both large and small organizations. Where earlier only identification and cataloging of any documents related to updates in privacy requirements were enough after 3rd October, it needs to be ensured that employees have access to such documents relative to their roles.

 

Part 2 – Privacy Program Framework

After changes come into effect, candidates will not only have to develop privacy policies and standards but also the procedures to be followed. Planning inquiry/complaint handling procedures is also another addition to the framework. Further, the framework earlier required candidates to understand whether national or local laws would apply in a situation, after 3rd October, candidates need to ensure they understand not only territorial regulations/laws but also industry-specific regulations/laws. Instead of just international data sharing agreements, two new additions i.e. vendor agreements and affiliate and subsidiary agreements need to be thoroughly understood.

 

Part 3 – Privacy Operational Life Cycle: Assess

While documenting “creation of a record of authority” will not be required post 3rd October. Further in the risk assessment of processors and third-party vendors, implications of all types of technologies used need to be assessed (and not only cloud computing as required earlier) along with cross-border transfers. Lastly, during mergers and acquisitions, earlier only risk assessment and due diligence were required, post 3rd October the following also need to be kept in mind – review of contractual and data sharing obligations, risk and control alignment, and post-integration planning and risk mitigation.

 

Part 4 – Privacy Operational Life Cycle: Protect

After 3rd October, the scope of Privacy by design has been expanded to include integration of privacy through business processes and communication with stakeholders about the importance of PIAs and PbD. The technical and organizational measures have also been expanded to include guidelines on secondary uses, policies on processing of organizations data holding ( accounting for legal and ethical requirements) as well as the implementation of administrative safeguards through policies, procedures, and contracts.

 

Part 5 – Privacy Operational Life Cycle: Sustain

After 3rd October, during the audit process an “audit trail” needs to be maintained along with utilization and report on regulator compliance assessment tools. 

 

Part 6 – Privacy Operational Life Cycle: Respond

Data subjects’ information requests and rights will now include complaints including file reviews. The Incident handling requirements have been expanded to include – conducting risk assessment, performing containment activities, identifying and implementing remediation measures, and notifying regulators, impacted individuals, and data controller.

 

Take Tsaaro’s CIPM mock exams in keeping with the latest rule and regulatory updates. You can stay current with the shifting regime by taking these practice examinations. 


Take the mock and be your own judge https://academy.tsaaro.com/mock-exam/ !

Upskill yourself
with these courses

cipt

Certified Information Privacy Technology

cipm

Certified Information Privacy Manager

CIPP US

Certified Information Privacy Professional/United States

Certified Information Privacy Professional/Europe

DPF

Data Privacy Fundamentals

Data Protection Officer Certification

CT-DPO

Certified Tsaaro Data Protection Officer Course

Upskill yourself
with these courses

Upskill yourself
with these courses

cipt

Certified Information Privacy Technology

cipm

Certified Information Privacy Manager

CIPP US

Certified Information Privacy Professional/United States

Certified Information PrivacyProfessional/Europe

Data Protection Officer Certification

DPF

Data Privacy Fundamentals

CT-DPO

Certified Tsaaro Data Protection Officer Course

Don’t Miss these

UpSkill Your Data Privacy Knowledge!