Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page: 1 / 64

Total 320 Questions | Updated On: Feb 19, 2026

Add To Cart

Question 1

To receive a preliminary interpretation on provisions of the GDPR, a national court will refer its case to which of the following?

A : The Court of Justice of the European Union.

B : The European Data Protection Supervisor.

C : The European Court of Human Rights.

D : The European Data Protection Board.

Answer: A

Question 2

Through a combination of hardware failure and human error, the decryption key for a bank’s customer account transaction database has been lost. An investigation has determined that this was not the result of hacking or malfeasance, simply an unfortunate combination of circumstances. Which of the following accurately indicates the nature of this incident?

A : A data breach has not occurred because the loss was not the result of hacking.

B : A data breach has not occurred because no data was exposed to any unauthorized individual.

C : A data breach has occurred because the loss of the key has resulted in the data no longer being accessible.

D : A data breach has occurred because the loss of the key has resulted in the loss of confidentiality or integrity of the data.

Answer: D

Question 3

According to the Personal Data Protection Commission’s (PDPC) “Guide to basic data anonymization techniques,” recently adopted by the Spanish Data Protection Agency, which of the following is NOT a valid basic anonymization technique?

A : Swapping

B : Generalization

C : Data Adjustment.

D : Attribute Suppression.

Answer: C

Question 4

A worker in a European Union (EU) member state has ceased his employment with a company. What should the employer most likely do in regard to the worker's personal data?

A : troy sensitive information and store the rest per applicable data protection rules.

B : ore all of the data in case the departing worker makes a subject access request.

C : curely store the data that is required to be kept under local law.

D : ovide the employee the reasons for retaining the data.

Answer: A

Question 5

The GDPR requires controllers to supply data subjects with detailed information about the processing of their data. Where a controller obtains data directly from data subjects, which of the following items of information does NOT legally have to be supplied?

A : recipients or categories of recipients.

B : categories of personal data concerned.

C : rights of access, erasure, restriction, and portability.

D : right to lodge a complaint with a supervisory authority.

Answer: B

Page: 1 / 64

Total 320 Questions | Updated On: Feb 19, 2026

Add To Cart