Free IAPP CIPP-E Exam Questions

Question 1

Which of the following is NOT an explicit right granted to data subjects under the GDPR?

A : right to request access to the personal data a controller holds about them.

B : right to request the deletion of data a controller holds about them.

C : right to opt-out of the sale of their personal data to third parties.

D : right to request restriction of processing of personal data, under certain scenarios.

Answer: A

Question 2

Which of the following is NOT recognized as being a common characteristic of cloud-computing services?

A : service's infrastructure is shared among the supplier's customers and can be located in a number of countries.

B : supplier determines the location, security measures, and service standards applicable to the processing.

C : supplier allows customer data to be transferred around the infrastructure according to capacity.

D : supplier assumes the vendor's business risk associated with data processed by the supplier.

Answer: D

Question 3

When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?

A : Documenting due diligence steps taken in the pre-contractual stage.

B : nducting a risk assessment to analyze possible outsourcing threats.

C : quiring that the processor directly notify the appropriate supervisory authority.

D : intaining evidence that the processor was the best possible market choice available.

Answer: A

Question 4

Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.

A : Processing necessary for scientific or statistical purposes.

B : Processing necessary for reasons of substantial public interest.

C : Processing necessary for purposes of preventive or occupational medicine.

D : Processing necessary for the defense of legal claims in potential negligence cases.

Answer: C

Question 5

Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.

A : Processing necessary for scientific or statistical purposes.

B : Processing necessary for reasons of substantial public interest.

C : Processing necessary for purposes of preventive or occupational medicine.

D : Processing necessary for the defense of legal claims in potential negligence cases.

Answer: C