Use this quick start guide to collect all the information about IAPP CIPP-CN Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the IAPP Certified Information Privacy Professional/China (CIPP-CN) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual IAPP Certified Information Privacy Professional/China (CIPP-CN) certification exam.
The IAPP CIPP-CN certification is mainly targeted to those candidates who want to build their career in Privacy Laws and Regulations domain. The IAPP Certified Information Privacy Professional/China (CIPP-CN) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of IAPP Information Privacy Professional/China.
IAPP CIPP-CN Exam Summary:
| Exam Name | IAPP Certified Information Privacy Professional/China (CIPP-CN) |
| Exam Code | CIPP-CN |
| Exam Price |
First Time Candidate: $550 Retake: $375 (USD) |
| Duration | 150 mins |
| Number of Questions | 90 |
| Passing Score | 300 / 500 |
| Books / Training | CIPP/CN Body of Knowledge and Exam Blueprint |
| Schedule Exam | Pearson VUE |
| Sample Questions | IAPP CIPP-CN Sample Questions |
| Practice Exam | IAPP CIPP-CN Certification Practice Exam |
IAPP Information Privacy Professional/China Exam Syllabus Topics:
| Topic | Details |
|---|---|
Introduction to Personal Information Protection in China |
|
| Understand the main concepts of China’s statutory and regulatory frameworks. |
- Understand the parts of the Constitution of the People’s Republic of China that relate to personal information protection. - Understand the provisions of the Civil Code that relate to personal information protection. - Understand criminal law that relates to personal information protection. - Understand the basics of Consumer Protection Law. - Understand the basics of Minor Protection Law. - Understand the main concepts of the Cybersecurity Law (CSL), including Critical Information Infrastructure (CII) Protection and the Multi-level Protection Scheme (MLPS). - Understand the main concepts of the Data Security Law (DSL). - Understand the purpose of the Personal Information Protection Law (PIPL). - Understand administrative regulations related to personal information protection. - Understand local rules and regulations related to personal information protection. - Understand the sectoral regulations related to personal information protection. - Understand the national/industry standards and specifications related to personal information protection. |
| Understand the different roles and responsibilities of the supervisory authorities. |
- Understand the roles of the General Authorities:
- Understand the roles of the Sectoral Regulatory Authorities:
- Understand the roles of the judicial bodies, including The Supreme People’s Court and The Supreme People’s Procuratorate. |
The Personal Information Protection Law |
|
| Understand the Personal Information Protection concepts as defined in PIPL. |
- Understand what is personal information. - Understand the definition of a personal information subject. - Understand what is sensitive personal information. - Understand the requirements for data de-identification and anonymization. - Understand the requirements for processing of personal information. - Understand the consent and separate consent requirements. - Understand the general obligation of personal information processors and the special obligations for large internet platform operators. - Understand what an entrusted party is. - Understand the requirements for personal information protection impact assessments (PIPIA). - Understand the regulations governing cross-border data transfers. - Understand the main responsibilities of the personal information protection officer (China DPO). |
| Understand the principles that inform personal information processing activities. |
- Understand what it means for data processing to be lawful, legitimate and necessary. - Understand what it means for data processing to be done in good faith. - Understand what it means for data processing to be transparent. - Understand purpose limitation in data processing. - Understand what data minimization is and ensure minimum impact during processing activities. - Understand the importance of data quality. - Understand the importance of data security. - Understand the importance of accountability. |
| Understand the scope of application of the Personal Information Protection Law. |
- Know the material scope, territorial scope and extra-territorial jurisdiction of PIPL. - Know the exceptions to the scope of PIPL. |
| Comply with the legal requirements for personal information processing. |
- Ensure compliance with consent requirements. - Ensure compliance with the requirements necessary for the conclusion or performance of a contract or HR management. - Ensure compliance with the requirements necessary for the performance of statutory duties or legal and regulatory obligations. - Ensure compliance with the requirements necessary for the response to public health emergencies or necessary for the protection of life or asset in urgent situation. - Ensure personal information is reasonably processed for media reporting or media supervision in the public interest. - Ensure the reasonable processing of self-disclosed or legally disclosed information. - Ensure compliance with processing requirements in other circumstances as provided by laws or administrative regulations. - Ensure compliance with the specific requirements for Sensitive Personal Information processing. |
| Ensure organizational compliance with personal information subject’s rights. |
- Ensure procedures are in place to inform data subjects of their:
|
| Implement the requirements for cross border data transfers. |
- Conduct a security assessment. - Obtain a personal information protection certification. - Conclude standard contractual clauses. - Comply with other conditions under laws, regulations or those stipulated by the CAC. - Ensure compliance with international treaties or agreements when applicable. |
| Ensure accountability procedures and requirements for internal and external stakeholders are developed and implemented. |
- Develop and maintain a record of data processing. - Ascertain different roles in personal information sharing and design proper contracts.
- Understand the requirements for the personal information protection officer. |
| Understand PIPL enforcement penalties and reporting requirements. |
- Understand what constitutes PIPL criminal offenses. - Understand the administrative corporate and individual penalties for PIPL violations. - Process complaints and reports related to PIPL violations. - Conduct public interest actions. |
| Understand the requirements when personal information is used in automated decision-making. | - Ensure the requirements for transparency, fairness and impartiality are implemented. |
Sectoral Regulations and Compliance |
|
| Ensure criminal records processing conforms to data processing requirements. |
- Understand the criminal penalties for personal information encroachment. - Conduct criminal records inquiries. |
| Ensure compliance with the Internet applications (apps) and electronic marketing laws. |
- Ensure compliance with the personal information collection requirements of electronic marketing and apps laws. - Ensure data minimization for apps and mini-programs is practiced. - Implement prohibition against bundled consent and know the distinction between basic functions and non-basic functions. - Ensure personal Information sharing with third parties (e.g., software development kits) is lawful. - Ensure compliance with SMS/e-mail marketing laws. |
| Ensure compliance with child and minor protection laws. |
- Ensure privacy and personal information protection for minors. - Ensure compliance with the regulation on the Protection of Children’s Personal Information Online. |
| Ensure compliance with processing requirements for banks and financial institutions. |
- Understand consumer protection laws. - Understand security obligations in the financial sector. - Ensure compliance with industry regulators’ issued rules (People’s Bank of China (PBOC), National Financial Regulatory Administrative (NFRA), China Securities Regulatory Commission (CSRC)). |
| Understand the regulatory obligations that apply to Internet platforms. |
- Establish a personal information protection compliance system and ensure independent oversight. - Understand platform governance obligations that apply to product / service providers’ processing of personal information. - Ensure the release of social responsibility reports documenting personal information protection. |
| Understand personal information processing requirements in the automotive industry. |
- Understand security management requirements of automotive data. - Ensure the lawful processing of vehicle-collected data. - Understand the data processing requirements associated with connected and autonomous vehicles. |
| Ensure responsible governance of emerging technologies. |
- Understand the Cyberspace Administration of China’s measures for the management of generative artificial intelligence services. - Understand consent requirements for the use of facial recognition technology. - Understand algorithm use restrictions as detailed in the Algorithm Recommendation Regulation. |
| Ensure compliance with personal information processing requirements in an employment context. |
- Ensure non-discrimination in employee recruitment. - Ensure compliance with background check requirements. - Understand limitations on workplace monitoring and surveillance (e.g., embedded software and CCTV). - Understand the requirements for protecting personal information during internal investigations. |
| Ensure compliance with collection and processing restrictions of health and human genetic data. |
- Ensure the protection and sharing limitations of sensitive personal health information. - Secure doctor-patient confidentiality. - Understand the restrictions on the collection, preservation and exploitation of Chinese human genetic resources implemented by the Human Genetic Resources Administration. |
To ensure success in IAPP Information Privacy Professional/China certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for IAPP Certified Information Privacy Professional/China (CIPP-CN) exam.