Free IAPP CIPP-E Exam Questions

Question 1

What was the aim of the European Data Protection Directive 95/46/EC?

A : harmonize the implementation of the European Convention of Human Rights across all member states.

B : To implement the OECD Guidelines on the Protection of Privacy and trans-border flows of Personal Data.

C : To completely prevent the transfer of personal data out of the European Union.

D : further reconcile the protection of the fundamental rights of individuals with the free flow of data from one member state to another.

Answer: D

Question 2

Through a combination of hardware failure and human error, the decryption key for a bank’s customer account transaction database has been lost. An investigation has determined that this was not the result of hacking or malfeasance, simply an unfortunate combination of circumstances. Which of the following accurately indicates the nature of this incident?

A : A data breach has not occurred because the loss was not the result of hacking.

B : A data breach has not occurred because no data was exposed to any unauthorized individual.

C : A data breach has occurred because the loss of the key has resulted in the data no longer being accessible.

D : A data breach has occurred because the loss of the key has resulted in the loss of confidentiality or integrity of the data.

Answer: D

Question 3

Which of the following is NOT an explicit right granted to data subjects under the GDPR?

A : right to request access to the personal data a controller holds about them.

B : right to request the deletion of data a controller holds about them.

C : right to opt-out of the sale of their personal data to third parties.

D : right to request restriction of processing of personal data, under certain scenarios.

Answer: A

Question 4

Through a combination of hardware failure and human error, the decryption key for a bank’s customer account transaction database has been lost. An investigation has determined that this was not the result of hacking or malfeasance, simply an unfortunate combination of circumstances. Which of the following accurately indicates the nature of this incident?

A : A data breach has not occurred because the loss was not the result of hacking.

B : A data breach has not occurred because no data was exposed to any unauthorized individual.

C : A data breach has occurred because the loss of the key has resulted in the data no longer being accessible.

D : A data breach has occurred because the loss of the key has resulted in the loss of confidentiality or integrity of the data.

Answer: D

Question 5

Which of the following demonstrates compliance with the accountability principle found in Article 5, Section 2 of the GDPR?

A : Anonymizing special categories of data.

B : nducting regular audits of the data protection program.

C : tting consent from the data subject for a cross border data transfer.

D : crypting data in transit and at rest using strong encryption algorithms.

Answer: B