Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page: 1 / 64

Total 320 Questions | Updated On: Nov 24, 2025

Add To Cart

Question 1

According to the GDPR, Article 4(14), biometric data is defined as:

"Personal data resulting from specific technical processing relating to the ___ characteristics of a natural person."

Which term could NOT be placed in the above definition?

A : Physiological.

B : Physical.

C : Intellectual.

D : Behavioral

Answer: C

Question 2

The GDPR requires controllers to supply data subjects with detailed information about the processing of their data. Where a controller obtains data directly from data subjects, which of the following items of information does NOT legally have to be supplied?

A : recipients or categories of recipients.

B : categories of personal data concerned.

C : rights of access, erasure, restriction, and portability.

D : right to lodge a complaint with a supervisory authority.

Answer: B

Question 3

Jerry, the Chief Marketing Officer for a sports apparel and trophy company, sells products to schools and athletic clubs globally. Recently the company has decided to invest in a new line of customized sports equipment. Jerry plans to email his current customer base to offer them a discount on their first purchase of such equipment.

Jerry tells Kate, the Director of Privacy, about his plan. What is the best guidance Kate can provide to Jerry?

A : Permit Jerry to carry out his plan on the basis of marketing similar products to existing customers.

B : Require Jerry to send all current customers a second notice to allow them to opt-in to marketing emails

C : Permit Jerry to carry out his marketing plan on the basis of legitimate interest

D : Require Jerry to include an option to opt out of marketing emails in the future

Answer: D

Question 4

The European Parliament jointly exercises legislative and budgetary functions with which of the following?

A : European Commission

B : Article 29 Working Party.

C : Council of the European Union

D : European Data Protection Board.

Answer: C

Question 5

A company wishes to transfer personal data to a country outside of the European Union/EEA In order to do so, they are planning an assessment of the country's laws and practices, knowing that these may impinge upon the transfer safeguards they intend to use

All of the following factors would be relevant for the company to consider EXCEPT'?

A : y onward transfers, such as transfers of personal data to a sub-processor in the same or another third country.

B : process of modernization in the third country concerned and their access to emerging technologies that rely on international transfers of personal data

C : technical, financial, and staff resources available to an authority m the third country concerned that may access the personal data to be transferred

D : contractual clauses between the data controller or processor established in the European Union/EEA and the recipient of the transfer established in the third country concerned

Answer: B

Page: 1 / 64

Total 320 Questions | Updated On: Nov 24, 2025

Add To Cart