1.1 Current Exam Facts
Key Takeaways
- The CIPP/E has 90 multiple-choice questions, of which 75 are scored and 15 are unscored pretest items mixed in invisibly.
- You get 2.5 hours and must reach a scaled score of 300 on a 100-500 range to pass.
- The IAPP exam fee is $550 for a first attempt and $375 for a retake, delivered through Pearson VUE centers or OnVUE online proctoring.
- Certification runs on a two-year cycle maintained with 20 continuing privacy education (CPE) credits plus IAPP membership or the maintenance fee.
- The current Body of Knowledge is Version 1.3.3, effective 1 September 2025, and governs the exam through 2026.
Current CIPP/E Exam Facts
Quick Answer: The CIPP/E is a 90-question, 2.5-hour exam from the International Association of Privacy Professionals (IAPP). Of the 90 questions, 75 are scored and 15 are unscored pretest items. You need a scaled score of 300 on a 100-500 range to pass, the first-attempt fee is $550 (retake $375), and it is delivered through Pearson VUE test centers or OnVUE online proctoring.
The Certified Information Privacy Professional/Europe (CIPP/E) is the IAPP's flagship credential for European data protection law. It is accredited under ISO/IEC 17024 by the ANSI National Accreditation Board (ANAB), which is why the exam is built around a documented Body of Knowledge and a statistically defensible cut score rather than a casual quiz. The credential validates working knowledge of the General Data Protection Regulation (GDPR), the ePrivacy regime, and the broader European framework, and it tests whether you can apply the law to facts, not merely recite article numbers.
A frequent candidate misconception is that the CIPP/E is purely about the GDPR. The GDPR is the spine, but the exam also touches the Council of Europe Convention 108/108+, the Charter of Fundamental Rights, the Law Enforcement Directive, the ePrivacy Directive (2002/58/EC), and current EU digital regulation. Knowing only the GDPR articles will leave roughly a fifth of the exam exposed.
Exam Format at a Glance
| Detail | Information |
|---|---|
| Certifying body | IAPP (International Association of Privacy Professionals) |
| Accreditation | ANAB, ISO/IEC 17024 |
| Total questions | 90 multiple-choice (4 options each) |
| Scored questions | 75 |
| Unscored (pretest) questions | 15 |
| Time limit | 2.5 hours (150 minutes) |
| Passing score | 300 on a scaled 100-500 range |
| First-attempt fee | $550 USD |
| Retake fee | $375 USD |
| Delivery | Pearson VUE test center or OnVUE online proctoring |
| Languages | English, French, German, and other localizations |
| Certification cycle | Two years, 20 CPE credits to maintain |
| Current Body of Knowledge | Version 1.3.3, effective 1 September 2025 |
The 15 unscored items are pretest questions the IAPP is trialing for future forms. They are mixed invisibly into the 90, so you cannot tell which questions count. Treat every item as if it is scored. There is no on-screen indicator of difficulty or domain, and you can move forward and backward, flag, and revisit within the single 150-minute window.
Scoring and the 300/500 Scale
IAPP reports your result as a scaled score between 100 and 500, with 300 as the cut score. Scaling converts a raw count of correct answers onto a common scale so that slightly harder or easier exam forms are treated fairly through a process called equating. Because only the 75 scored questions count and the scale is statistical, there is no published "answer X of 75" rule. As a practical study target, score consistently above roughly 75-80% on timed mixed practice so you have a comfortable margin against form-to-form variation.
Results are pass/fail on the screen the moment you finish; the numeric scaled score and a domain-level breakdown follow. The domain breakdown only appears for candidates who do not pass, helping target a retake. A scheduled break is offered around the midpoint, but the clock keeps running during the exam itself unless the published unscheduled-break policy applies — plan to use the break efficiently.
Worked example: why raw guessing fails
Suppose two candidates each answer 56 of 75 scored items correctly. On a harder form, equating may push that raw score above 300; on an easier form, the same raw count may land below 300. This is exactly why IAPP refuses to publish a fixed raw threshold, and why "I think I got about 70%" is not a reliable self-assessment of a pass.
Eligibility, Cost, and Maintenance
- Eligibility: No degree, prior credential, or work experience is required to sit the exam. Anyone may register and test.
- Fee: The first-attempt exam fee is $550; a retake is $375. Optional add-ons include the official practice exam (about $55) and the European Data Protection textbook (about $75). Training bundles cost more.
- Scheduling window: You generally have up to one year from purchase to schedule and complete the exam.
- Retakes: A retake cannot be scheduled sooner than the IAPP's published waiting period after the prior appointment; you must purchase a new exam ($375) for each attempt.
- Maintenance: Certification lasts two years. You keep it active with 20 continuing privacy education (CPE) credits over the cycle, plus either active IAPP membership (about $295/year) or payment of the certification maintenance fee (about $250 per cycle for non-members).
| Cost item | Approx. amount |
|---|---|
| First-attempt exam | $550 |
| Retake exam | $375 |
| Annual IAPP membership | $295 |
| Maintenance fee (non-member, per cycle) | $250 |
| Official practice exam | $55 |
Budget the total cost of certification — membership plus CPE — not just the single sitting, when planning. Many employers reimburse the fee and fund IAPP membership.
Why the Version 1.3.3 Blueprint Matters
The CIPP/E exam in force during 2026 follows the IAPP Body of Knowledge Version 1.3.3, approved 4 March 2025 and effective 1 September 2025. The revision keeps the GDPR at the center but explicitly folds in current developments in the European digital-regulation landscape. Expect contextual awareness — not deep technical mastery — of:
- The staged application of the EU AI Act (Regulation 2024/1689), including prohibited-practice and high-risk concepts.
- The Data Act and Data Governance Act, and how they interact with personal-data rules.
- Operational NIS2 cybersecurity obligations and the Digital Services Act / Digital Markets Act context.
- The EU-U.S. Data Privacy Framework as the post-Schrems II adequacy bridge for transatlantic transfers.
If you studied from a pre-September-2025 textbook, refresh on these additions; they are the most common stale-content gap.
Official Resources
- IAPP CIPP/E Certification Page — official exam details and blueprint
- IAPP Certification Candidate Handbook — scoring, scheduling, and retake rules
- IAPP CIPP/E Exam Purchase Page — current fee and scheduling
How many of the 90 CIPP/E questions are scored, and what scaled score is required to pass?
Which statement about CIPP/E logistics is correct under the Version 1.3.3 Body of Knowledge?