Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page: 1 / 64

Total 320 Questions | Updated On: Nov 24, 2025

Add To Cart

Question 1

Through a combination of hardware failure and human error, the decryption key for a bank’s customer account transaction database has been lost. An investigation has determined that this was not the result of hacking or malfeasance, simply an unfortunate combination of circumstances. Which of the following accurately indicates the nature of this incident?

A : A data breach has not occurred because the loss was not the result of hacking.

B : A data breach has not occurred because no data was exposed to any unauthorized individual.

C : A data breach has occurred because the loss of the key has resulted in the data no longer being accessible.

D : A data breach has occurred because the loss of the key has resulted in the loss of confidentiality or integrity of the data.

Answer: D

Question 2

Which of the following does NOT have to be included in the records most processors must maintain in relation to their data processing activities?

A : me and contact details of each controller on behalf of which the processor is acting

B : tegories of processing carried out on behalf of each controller for which the processor is acting.

C : tails of transfers of personal data to a third country carried out on behalf of each controller for which the processor is acting.

D : tails of any data protection impact assessment conducted in relation to any processing activities carried out by the processor on behalf of each controller for which the processor is acting.

Answer: C

Question 3

A worker in a European Union (EU) member state has ceased his employment with a company. What should the employer most likely do in regard to the worker's personal data?

A : troy sensitive information and store the rest per applicable data protection rules.

B : ore all of the data in case the departing worker makes a subject access request.

C : curely store the data that is required to be kept under local law.

D : ovide the employee the reasons for retaining the data.

Answer: A

Question 4

The European Data Protection Board (EDPB) recommends measures to supplement transfer tools, in order to ensure compliance with the European Union (EU) level of personal data protection. According to these recommendations, what additional actions should be taken when a transfer to a third country is based upon an adequacy decision?

A : opt a supplementary data transfer mechanism.

B : nitor the ongoing validity of the data transfer mechanism.

C : opt technical, contractual or organizational supplementary measures.

D : nitor changes in the law or practice of the third country that would tower the level of protection of personal data

Answer: D

Question 5

Which failing of Privacy Shield, cited by the CJEU as a reason for its invalidation, is the Trans-Atlantic Data Privacy Framework intended to address?

A : Data Subject Rights.

B : Right of Action.

C : Necessity.

D : Consent.

Answer: B

Page: 1 / 64

Total 320 Questions | Updated On: Nov 24, 2025

Add To Cart