IAPP Certification Programs

The IAPP has two certification programs—the CIPP and the CIPM—which complement each other by addressing privacy laws and regulations (CIPP) and how to operationalize them (CIPM). The side-by-side comparison below can help you understand which areas of skill each program covers.


The "what"

The CIPP demonstrates that you have a foundational knowledge of the laws, regulations and standards of privacy in a particular jurisdiction or discipline.

Components of the program include:

  • Jurisdictional laws, regulations and enforcement models, or rules and standards in your domain
  • Essential privacy concepts and principles
  • Legal requirements for handling and transferring data

The CIPP is the the “what” of privacy—laws and regulations—as opposed to the CIPM being the “how”—operations.

Learn more


The "how"

The CIPM demonstrates an understanding of how to manage privacy in an organization through process and technology—regardless of jurisdiction or industry.

Components of the program include how to:

  • Implement a privacy program framework
  • Manage the privacy program operational lifecycle
  • Structure a privacy team

It is the “how” of privacy—operations—as opposed to CIPP being the “what”—laws and regulations.

Learn more