Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page: 1 / 64

Total 320 Questions | Updated On: Feb 10, 2026

Add To Cart

Question 1

What is the most frequently used mechanism for legitimizing cross-border data transfer?

A : andard Contractual Clauses.

B : proved Code of Conduct.

C : nding Corporate Rules

D : rogations

Answer: A

Question 2

Jerry, the Chief Marketing Officer for a sports apparel and trophy company, sells products to schools and athletic clubs globally. Recently the company has decided to invest in a new line of customized sports equipment. Jerry plans to email his current customer base to offer them a discount on their first purchase of such equipment.

Jerry tells Kate, the Director of Privacy, about his plan. What is the best guidance Kate can provide to Jerry?

A : Permit Jerry to carry out his plan on the basis of marketing similar products to existing customers.

B : Require Jerry to send all current customers a second notice to allow them to opt-in to marketing emails

C : Permit Jerry to carry out his marketing plan on the basis of legitimate interest

D : Require Jerry to include an option to opt out of marketing emails in the future

Answer: D

Question 3

Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.

A : Processing necessary for scientific or statistical purposes.

B : Processing necessary for reasons of substantial public interest.

C : Processing necessary for purposes of preventive or occupational medicine.

D : Processing necessary for the defense of legal claims in potential negligence cases.

Answer: C

Question 4

To receive a preliminary interpretation on provisions of the GDPR, a national court will refer its case to which of the following?

A : The Court of Justice of the European Union.

B : The European Data Protection Supervisor.

C : The European Court of Human Rights.

D : The European Data Protection Board.

Answer: A

Question 5

An employee of company ABCD has just noticed a memory stick containing records of client data, including their names, addresses and full contact details has disappeared. The data on the stick is unencrypted and in clear text. It is uncertain what has happened to the stick at this stage, but it likely was lost during the travel of an employee. What should the company do?

A : tify as soon as possible the data protection supervisory authority that a data breach may have taken place.

B : unch an investigation and if nothing is found within one month, notify the data protection supervisory authority.

C : voke the "disproportionate effort" exception under Article 33 to postpone notifying data subjects until more information can be gathered.

D : mediately notify all the customers of the company that their information has been accessed by an unauthorized person.

Answer: A

Page: 1 / 64

Total 320 Questions | Updated On: Feb 10, 2026

Add To Cart