calender icon


money icon Duration - 3 Month, 8-10 hours/week
calender icon Course fee: - INR 35000

This course is recognized by the National Skill Development Corporation, a PPP under the Ministry of Skill Development and Entrepreneurship of the Government of India. You will receive a certificate cobranded by NSDC and Skill India on successful completion.

What is the CIPM qualification?

The CIPM designation manifests that you’re a leader in privacy program administration and that you've got the knowledge to establish, maintain and manage a privacy program across all stages of its life cycle.


  • The CIPM is the global industry standard in privacy programme management.
  • Master the skills to establish, maintain and manage a privacy programme across all stages of its operational lifecycle.
  • Bear the mark of a privacy leader who drives the culture of privacy within your organisation.
  • Elevate your leadership profile among your colleagues.
  • Secure the confidence that you have the essential tools and knowledge to boost your privacy programme and add value across your organisation in both the public and private sectors.

What kind of positions/roles can you get if you possess the CIPM qualification?


What kind of organisations need to hire people who have a CIPM qualification?


What is the work that you have to do as a privacy manager?


Who is eligible to crack the CIPM Exam?

No specific eligibility requirements. Undergrad students can attempt the exam.

About the Exam

All IAPP exams are difficult to pass without adequate preparation. For the CIPM exam, you will get 90 multiple-choice questions. Each of the 90 questions will have four options in which you will be required to choose the correct answer. Most times, the four options are quite similar, and you will need an in-depth understanding of the topics to pick the right answer.

You have 2.5 hours to complete the exam and must score above 300 points to pass the test; that’s about 65% – 80%. We know each question carries equal value, but how the points are awarded isn’t known to the public yet.

How is CIPM different from CIPP?

CIPP is about the substantive privacy rules in the US/EU/Canada. In CIPM, the emphasis is on managing privacy. And less on knowledge of the substantive rules.

CIPM is about shaping Privacy program management. Questions that arise are why is a privacy program necessary? How do you manage that?

This involves creating an organizational privacy vision and mission statement, how to select the right Privacy Framework, develop a Privacy Strategy and structure a Privacy Team.

Can I do CIPM without having done CIPP?

Yes, there is no requirement to do CIPP before CIPM.

If I have CIPP should I also consider doing CIPM? What could the additional benefit be?

The CIPP certification helps in gaining the substantial knowledge of laws and regulations that govern the Privacy arena in a particular jurisdiction, however, CIPM is not about laws and regulations, it is more about implementation of privacy program, strategy, team structure and team management. 

Which organisations need to establish a privacy program? What are the components of a privacy program?

Every company that is subject to privacy laws, whether GDPR, CCPA, PIPEDA or LGPD, must establish a privacy program.

Some of the components of a privacy program include a business plan for privacy implementation, structuring a privacy team with internal and external stakeholders, identification of which categories of data need protection, review of information privacy standards and regulations, audit frameworks, and deployment of an employee awareness and training program.

Money-back guarantee

If you take this course, follow it diligently for a month, do all the exercises but still do not find value in it, or not able to understand or follow it or not find it good for any reason, we will refund the entire course fee to you. It is a 100% money-back guarantee with only one condition, you must pursue it properly for a month. If you don’t find it valuable after that, get your entire money back.

View Refund Policy

Training Methodology

Online 24/7 access

Access to basic study material through an online learning management system, Android and iOS app

Hard Copy Study Material

Hard copy study material modules to be couriered to your address

Live Online Classes

Based on the exercises, there will be a live video-based online class. You can ask questions, share your screen, get personal feedback in this class.

Convenient Class timings

Classes are held after regular work hours. Typically classes are kept on Sunday afternoon or 8-9 pm on other days.

Live Doubt Clearing

You can ask questions, get your doubt cleared live as well as through online forums


This course is recognized by the National Skill Development Corporation, a PPP under the Ministry of Skill Development and Entrepreneurship of the Government of India. You will receive a certificate cobranded by NSDC and Skill India on successful completion.

This is how the certificate from NSDC and Skill India will look as per the current applicable format (may change as per the approval authorities):



Developing a Privacy Program for example policies

ringIcon Create an organizational vision

ringIcon Establish a Data Governance model

ringIcon Define a privacy program

ringIcon Structure the privacy team

ringIcon Communicate with Stakeholders internally and externally

Privacy Program Framework for example stakeholder discussions

ringIcon Develop and implement the Privacy Program Framework

ringIcon Develop organizational privacy policies, procedures, standards, and/or guidelines

ringIcon Define privacy program activities

i. Education and awareness 
ii. Monitoring and responding to the regulatory environment 
iii. Monitoring internal privacy policy compliance 
iv. Data inventories, data flows, and classifications designed to identify what personal data your organization processes 
v. Risk assessment (Privacy Impact Assessments [PIAs]) (e,g., DPIAs etc.) 
vi. Incident response and process, including jurisdictional requirements 
vii. Remediation oversight 
viii. Program assurance, including audits 
ix. Plan inquiry/complaint handling procedures (customers, regulators, etc.) 

Develop Appropriate Metrics

ringIcon Identify intended audience for metrics

ringIcon Define reporting resources

ringIcon Define privacy metrics for oversight and governance per audience for example

Compliance metrics (examples, will vary by organization) that includes Collection (notice), Responses to data subject inquiries, Retention, Disclosure to third parties, Incidents (breaches, complaints, inquiries), Employees trained, PIA/DPIA metrics, Privacy risk indicators, Percent of company functions represented by governance mechanisms, Trend Analysis,  Privacy program return on investment (ROI), Business resiliency metrics, Privacy program maturity level and Resource utilisation. 

ringIcon Identify systems/application collection points

Privacy Operational Life Cycle: Assess for example awareness trainings

ringIcon Document current baseline of your privacy program

a. Education and awareness 
b. Monitoring and responding to the regulatory environment 
c. Assess policy compliance against internal and external requirements 
d. Data, systems and process assessment 
i. Map data inventories, flows, lifecycle and system integrations 
e. Risk assessment methods 
f. Incident management, response and remediation

ringIcon Processors and third-party vendor assessment

a. Evaluate processors and third-party vendors, insourcing and outsourcing privacy risks, including rules of international data transfer 
i. Privacy and information security policies 
ii. Access controls 
iii. Where personal information is being held 
iv. Review and set limits on vendor internal use of personal information 

b. Understand and leverage the different types of relationships 
i. Internal audit 
ii. Information security 
iii. Physical security 
iv. Data protection authority 

c. Risk assessment 
i. Type of data being outsourced 
ii. Location of data 
iii. Technologies and processing methods deployed (eg Cloud Computing) 
iv. Legal compliance 
v. Records retention 
vi. Contractual requirements (incident response, etc.) 
vii. Determine minimum standards for safeguarding information 
viii. Cross-border transfers 

d. Contractual requirements and review process 
e. Ongoing monitoring and auditing 

ringIcon Physical assessments

a. Identify operational risk 

i. Data centers and offices 
ii. Physical access controls 
iii. Document retention and destruction 
iv. Media sanitization and disposal (e.g., hard drives, USB/thumb drives, etc.) 
v. Device forensics 
vi. Device security (e.g., mobile devices, Internet of Things (IoT), geotracking, imaging/copier hard drive security controls) 

ringIcon Mergers, acquisitions and divestitures

a. Due diligence procedures 
b. Review contractual and data sharing obligations 
c. Risk assessment 
d. Risk and control alignment 
e. Post integration planning and risk mitigation

Privacy Operational Life Cycle: Protect for example ensuring technical measures

ringIcon Technical and Organizational measures

a. Quantify the costs of technical and organizational controls 
b. Manage data retention with respect to the organization’s policies 
c. Define the methods for physical and electronic data destruction 
d. Define roles and responsibilities for managing the sharing and disclosure of data for internal and external use 
e. Determine and implement guidelines for secondary uses (ex: research, etc.) 
f. Define policies related to the processing (including collection, use, retention, disclosure and disposal) of organization’s data holdings, taking into account both legal and ethical requirements 
g. Implement appropriate administrative safeguards, such as policies, procedures, and contracts 

Privacy Operational Life Cycle: Sustain for example compliance audits

ringIcon Monitor

a. Environment (e.g., systems, applications) monitoring 
b. Monitor compliance with established privacy policies 
c. Monitor regulatory and legislative changes 
d. Compliance monitoring (e.g. collection, use and retention) 
i. Internal audit 
ii. Self-regulation 
iii. Retention strategy 
iv. Exit strategy

ringIcon Audit

a. Align privacy operations to an internal and external compliance audit program 
i. Knowledge of audit processes and maintenance of an “audit trail”

Privacy Operational Life Cycle: Respond for example Data Breach Mgmt

ringIcon Data-subject information requests and privacy rights

ringIcon Privacy incident response

ringIcon Incident detection

ringIcon Incident handling

ringIcon Follow incident response process to ensure meeting jurisdictional, global and business requirements

ringIcon Identify incident reduction techniques g. Incident metrics—quantify the cost of a privacy incident

Course Plan


RS. 35000

incl. of all charges

Printed study material (by courier)

2 online live classes per week (12 weeks)

Get digital access to entire study material

1 Mock of 10 questions per class

Access on LMS, Android & iOS app

Instructor feedback on assignments

Doubt clearing on Discord, LMS & classes

Instructor led course with online live classes

Online exams (give exams as per your convenience on given time slots)

Certificate (by courier)

Training for writing and publishing articles

Networking with other students & alumni

Access to updated content online for 3 years

Doubt clearing within 24 hours