Ring in the Holiday Season with Blazing Offers on
Most Popular Courses. Upto 50% OFF

CIPM 2019 vs CIPM 2020

‘Certified Information Privacy Manager’ or CIPM by IAPP (International Association of Privacy Professionals) is one of the leading privacy manager certifications today. The CIPM certification deals with the “how” aspect of data privacy. The CIPM certification demonstrates that you know “how” to manage privacy in your organization.

This certification enables one to understand the privacy regulations correctly and implement them accordingly in their organization.  This certification also helps to create a company vision, organize a data protection team, work with system frameworks and more.


Here is a comparison between CIPM 2019 and the new CIPM 2020 which was released on September 1, 2020:

General information:

CIPM 2019 CIPM 2020
No. of questions 90 90
Mode of questions Multiple choice Multiple choice(mostly scenario based)
Duration 2.5 hours 2.5 hours
Certification fees

550$ for first time certification attempt

375$ for subsequent certification attempt


550$ for first time certification attempt

375$ for subsequent certification attempt

Domains 2 6

Domain information:

The CIPM 2019 has two domains while the CIPM 2020 has been separated into six domains.

CIPM 2019 domains:

Here are the two domains of CIPM and their outlines:

Domain 1: Privacy program governance:

This domain provides a fine blue print on how a privacy program should be established, developed, measured and improved

Domain 2: Privacy program operational life cycle

This domain is based on the industry framework of

  1. Assessing an organization’s privacy posture
  2. Protecting assets by implementing privacy controls
  3. Sustaining the privacy program through training and awareness programs
  4. Responding to privacy incidents

CIPM 2020 domains:

The new CIPM 2020 has been separated into six domains. They are listed as follows:

Domain 1: Privacy program governance:

This domain lays out the rules for the governance of the privacy program and states how a privacy program may be developed, maintained and improved

Domain 2: Privacy program framework

The second domain of CIPM 2020 focuses on developing the privacy program framework, implementing it and developing appropriate metrics.

Domain 3: Privacy Operational Life cycle: Assess

The third domain of CIPM 2020 focuses on assessing the current baseline of an organization’s privacy program. It also includes assessing the other processors and third party vendors in addition to physical assessments, mergers, acquisitions and divestitures.

Domain 4: Privacy Operational Life cycle: Protect

In the privacy operational life cycle, the fourth domain lays spells out the protection of assets through various ways such as privacy by design, information security practices and integrating privacy practices into the functional areas of an organization.

Domain 5: Privacy Operational Life cycle: Sustain

The fifth domain specifies how the privacy program can be sustained through monitoring and auditing.

Domain 6: Privacy Operational Life cycle: Respond

The sixth domain deals with the response to privacy incidents such as incident response planning, incident detection, incident handling and more.

We list the differences between the old CIPM and the new CIPM in tabular format:

  CIPM 2019 CIPM 2020
Domain 1

Privacy Program Governance

  • Organization Level
  • Develop the Privacy Program Framework
  • Implement the Privacy Program Framework
  • Metrics
Developing a Privacy Program

  • Create a company vision
  • Establish a Data Governance model
  • Establish a privacy program
  • Structure the privacy team
  • Communicate
Domain 2

Privacy Program Operational Lifecycle

  • Assess Your Organization
  • Protect
  • Sustain
  • Respond

Privacy Program Framework

  • Develop the Privacy Program Framework
  • Implement the Privacy Program Framework
  • Develop Appropriate Metrics


Domain 3   Privacy Operational Life Cycle: Assess

  • Document current baseline of your privacy program
  • Processors and third-party vendor assessment
  • Physical assessments
  • Mergers, acquisitions and divestitures
  • Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs)
Domain 4   Privacy Operational Life Cycle: Protect

  • Information security practices
  • Privacy by Design
  • Integrate privacy requirements and representation into functional areas across the organization
  • Other Organizational Measures
Domain 5   Privacy Operational Life Cycle: Sustain

  • Monitor
  • Audit
Domain 6   Privacy Operational Life Cycle: Respond

  • Data-subject information requests and privacy rights
  • Privacy incident response


 Resources to study for the exam:

  1. Privacy Program Management, Second Edition
  2. How to Prepare for IAPP exams
  3. CIPM certification
  4. Free Study Material For IAPP CIPM / CIPP / CIPT Privacy Certification & Practice Test – Part 1


The old domains of CIPM 2019 have been distributed across the new CIPM  resulting in six new domains instead of the original two. These new domains are more focused in their content and more distributed than the old CIPM 2019.

Thus, the new CIPM certification will need a much more intense and focused study approach. IAPP recommends a minimum of 30 hours of studying and preparation time.

We hope the differences between CIPM 2019 and CIPM 2020 were useful to you.

For more of InfoSec Train’s leading certifications, do visit us at this link Click Here.


  1. https://iapp.org/certify/cipm/
  2. https://iapp.org/media/pdf/certification/CIPM_BOK_2.0.0.pdf
  3. https://iapp.org/media/pdf/certification/CIPM_BOK_1.0.4_APPROVED.pdf
Jayanthi Manikandan ( )
Cyber Security Analyst
Jayanthi Manikandan has a Master’s degree in Information systems with a specialization in Information Assurance from Walsh college, Detroit, MI. She is passionate about Information security and has been writing about it for the past 6 years. She is currently ‘Security researcher at InfoSec train.