Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page: 1 / 64

Total 320 Questions | Updated On: Apr 15, 2026

Add To Cart

Question 1

Which of the following does NOT have to be included in the records most processors must maintain in relation to their data processing activities?

A : me and contact details of each controller on behalf of which the processor is acting

B : tegories of processing carried out on behalf of each controller for which the processor is acting.

C : tails of transfers of personal data to a third country carried out on behalf of each controller for which the processor is acting.

D : tails of any data protection impact assessment conducted in relation to any processing activities carried out by the processor on behalf of each controller for which the processor is acting.

Answer: C

Question 2

What is the primary purpose of Convention 108+, which amends the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data?

A : To issue updated guidelines for data transfers from the EU to third-country signatories to the Convention.

B : To modify the process for third countries to obtain an adequacy decision from the European Commission.

C : To strengthen data protection in line with the European and international regulatory framework.

D : To establish new data subject rights and safeguards for consumers in the EU member states.

Answer: C

Question 3

What should a controller do after a data subject opts out of a direct marketing activity?

A : thout exception, securely delete all personal data relating to the data subject.

B : thout undue delay, provide information to the data subject on the action that will be taken.

C : frain from processing personal data relating to the data subject for the relevant type of communication.

D : ke reasonable steps to inform third-party recipients that the data subject's personal data should be deleted and no longer processed.

Answer: C

Question 4

A high-ranking employee has his laptop bag stolen in a train station. In addition to the laptop, the bag contained the employee’s ID card, confidential company documents (such as financial information and minutes of board meetings, including participants and their roles), company payment cards, and authorization tokens.

As the company's Data Protection Officer, what should be your first action?

A : Inform the appropriate supervisory authority of the breach.

B : Verify whether the laptop contained personal data and, if so, if it was encrypted.

C : Inform the meeting participants of the breach and provide them with next steps to be taken.

D : Request deactivation of the authorization tokens to avoid access to company data, and remotely wipe the laptop.

Answer: B

Question 5

What was the aim of the European Data Protection Directive 95/46/EC?

A : harmonize the implementation of the European Convention of Human Rights across all member states.

B : To implement the OECD Guidelines on the Protection of Privacy and trans-border flows of Personal Data.

C : To completely prevent the transfer of personal data out of the European Union.

D : further reconcile the protection of the fundamental rights of individuals with the free flow of data from one member state to another.

Answer: D

Page: 1 / 64

Total 320 Questions | Updated On: Apr 15, 2026

Add To Cart