Free IAPP CIPP-E Exam Questions

Question 1

An online company's privacy practices vary due to the fact that it offers a wide variety of services. How could it best address the concern that explaining them all would make the policies incomprehensible?

A : a layered privacy notice on its website and in its email communications.

B : entify uses of data in a privacy notice mailed to the data subject.

C : ovide only general information about its processing activities and offer a toll-free number for more information.

D : ace a banner on its website stipulating that visitors agree to its privacy policy and terms of use by visiting the site.

Answer: B

Question 2

Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.

A : Processing necessary for scientific or statistical purposes.

B : Processing necessary for reasons of substantial public interest.

C : Processing necessary for purposes of preventive or occupational medicine.

D : Processing necessary for the defense of legal claims in potential negligence cases.

Answer: C

Question 3

What was the aim of the European Data Protection Directive 95/46/EC?

A : harmonize the implementation of the European Convention of Human Rights across all member states.

B : To implement the OECD Guidelines on the Protection of Privacy and trans-border flows of Personal Data.

C : To completely prevent the transfer of personal data out of the European Union.

D : further reconcile the protection of the fundamental rights of individuals with the free flow of data from one member state to another.

Answer: D

Question 4

Company X has entrusted the processing of their payroll data to Provider Y. Provider 'I stores this encrypted data on its server. The IT department of Provider 'I finds out that someone managed to hack into the system and take a copy of the data from its server. In this scenario, whom does Provider 'I have the obligation to notify?

A : public

B : mpany X

C : w enforcement

D : The supervisory authority

Answer: B

Question 5

Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.

A : Processing necessary for scientific or statistical purposes.

B : Processing necessary for reasons of substantial public interest.

C : Processing necessary for purposes of preventive or occupational medicine.

D : Processing necessary for the defense of legal claims in potential negligence cases.

Answer: C