Copyright 2015, IAPP

v. 2.0.0

European Privacy Certification

Authoritative Resource List

Introduction
The IAPP and its certification advisory board compiled the following list of books, periodicals, white
papers, reports and Web sites for the purpose of furthering education in information privacy. These
selections support the Certified Information Privacy Professional/Europe (CIPP/E) credentialing
program which assesses candidates understanding of information privacy laws and practices that
apply primarily to the European private sector.

The CIPP/E Authoritative Resource List is divided into three sections:

1. Authoritative Texts: Core publications that encompass the domains on the CIPP/E body of
knowledge.

2. Web-based Privacy Resources: General references for European information privacy that
are available online.

3. GDPR Resources: Online resources addressing the General Data Protection Regulation
(GDPR).

Who Should Review

Certification Candidates: The authoritative texts address the information privacy and
information security concepts and issues referenced in the CIPP/E body of knowledge. While
the IAPP does not draw from a single source to develop exams, we recommend these
publications to candidates studying for their exams. The supplemental readings augment the
authoritative texts by focusing on specific areas of the body of knowledge; therefore, the IAPP
strongly suggests that you incorporate supplemental reading into your regimen for exam
preparation based on your individual needs.

Certified Professionals (current CIPP/E credential holders): Each of the items listed in
this bibliography may be applied toward the continuing privacy education (CPE) requirements
mandated under your credential. Upon submission to the IAPP for approval, credits will be
awarded based on a formula where 50 pages of written text = 1 CPE credit. Simply tally the
total number of pages from your selection and submit for approval using the authorization
form available at http://www.iapp.org.

IMPORTANT: You must include photocopies of both the cover and inside table of contents of
the selection(s) you submit for CPE consideration.

1
 Copyright 2015, IAPP
v. 2.0.0

Authoritative Texts
While we recommend these resources as comprehensive, widely-recognized privacy texts that
cover the topics outlined in the CIPP/E body of knowledge, candidates for certification must
understand that no published text can keep pace with the rapidly-changing privacy landscape.
We continuously adjust our exam content to represent the latest regulatory and technological
changes and we expect candidates for IAPP certification to know about the important
developments in their sector that may modify or supplant information in the authoritative texts.
With the adoption of the General Data Protection Regulation (GDPR), some of these materials
may contain information that is out of date. They have been kept on the list for the material that
is still relevant to general European privacy issues, or that is useful for understanding older laws
and regulations from a historical perspective. GDPR resources are located at the end of this
document.

Ustaran, Eduardo. European Privacy: Law and Practice for Data Protection Professionals.
Portsmouth: IAPP Publications, 2011.

Carey, Peter. Data Protection: A Practical Guide to UK and EU Law. Oxford: Oxford University
Press, 2015.

European Union Agency for Fundamental Rights. Handbook on European data protection law.
2014.

Determann, Lothar. Determanns Field Guide to International Data Privacy Law Compliance.
Northampton: Edward Elgar Pub, 2015.

Web-based Privacy Resources

Commission nationale de l'informatique et des liberts (CNIL): http://www.cnil.fr/english/.

Council of Europe: http://hub.coe.int/.

Data Protection Commissioner: http://www.dataprotection.ie/viewdoc.asp?DocID=4.

European Commission: http://ec.europa.eu/index_en.htm.

European Court of Human Rights: http://www.echr.coe.int/Pages/home.aspx?p=home&c.

European Data Protection Days: http://www.edpd-conference.com/.

European Data Protection Supervisor:

https://secure.edps.europa.eu/EDPSWEB/edps/EDPS?lang=en.

2
 Copyright 2015, IAPP
v. 2.0.0

Hunton & Williams EU Data Protection Regulation Tracker:

http://www.huntonregulationtracker.com/.

Information Commissioners Office: http://www.ico.org.uk/.

Interactive Advertising Bureau (IAB) Europe: http://www.iabeurope.eu/.

Ci Security Standards: https://www.pcisecuritystandards.org/.

Telephone Preference Service: http://www.tpsonline.org.uk/tps/whatistps.html.

GDPR Resources
Boardman, Ruth; Mole, Ariane; and Mullock, James. Bird & Bird: Guide to the General Data

Protection Regulation. Bird & Bird, 2016.

Bowman, Courtney M. A Primer on the GDPR: What You Need to Know. Proskauer, 2015.

Bird & Bird GDPR Timeline: http://www.twobirds.com/en/practice-areas/privacy-and-data-

protection/eu-framework-revision.

EU GDPR Portal: http://www.eugdpr.org/.

Fieldfishers Privacy and Information Law Blog GDPR Entries:

https://iapp.org/resources/article/getting-to-know-the-gdpr-blog-series/.

GDPR Compliant-Process Map: https://iapp.org/resources/gdpr-tool/.

General Data Protection Regulation (full text): http://ec.europa.eu/justice/data-

protection/reform/files/regulation_oj_en.pdf.

Heimes, Rita; Maldoff, Gabriel; and Myers, Anna. Top 10 Operational Impacts of the GDPR.

IAPP, 2016.

Lee, Phil. The New EU General Data Protection Regulation in Under 60 Minutes. Youtube.com,

2016.

Nymitys GDPR Compliance Toolkit: https://www.nymity.com/gdpr-toolkit.aspx.

Reform of EU Data Protection Rules. European Commission, 2016.