Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page: 1 / 64

Total 320 Questions | Updated On: Apr 01, 2026

Add To Cart

Question 1

Which of the following would most likely NOT be covered by the definition of "personal data" under the GDPR?

A : payment card number of a Dutch citizen

B : U.S. social security number of an American citizen living in France

C : unlinked aggregated data used for statistical purposes by an Italian company

D : identification number of a German candidate for a professional examination in Germany

Answer: D

Question 2

A worker in a European Union (EU) member state has ceased his employment with a company. What should the employer most likely do in regard to the worker's personal data?

A : troy sensitive information and store the rest per applicable data protection rules.

B : ore all of the data in case the departing worker makes a subject access request.

C : curely store the data that is required to be kept under local law.

D : ovide the employee the reasons for retaining the data.

Answer: A

Question 3

Jerry, the Chief Marketing Officer for a sports apparel and trophy company, sells products to schools and athletic clubs globally. Recently the company has decided to invest in a new line of customized sports equipment. Jerry plans to email his current customer base to offer them a discount on their first purchase of such equipment.

Jerry tells Kate, the Director of Privacy, about his plan. What is the best guidance Kate can provide to Jerry?

A : Permit Jerry to carry out his plan on the basis of marketing similar products to existing customers.

B : Require Jerry to send all current customers a second notice to allow them to opt-in to marketing emails

C : Permit Jerry to carry out his marketing plan on the basis of legitimate interest

D : Require Jerry to include an option to opt out of marketing emails in the future

Answer: D

Question 4

When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?

A : Documenting due diligence steps taken in the pre-contractual stage.

B : nducting a risk assessment to analyze possible outsourcing threats.

C : quiring that the processor directly notify the appropriate supervisory authority.

D : intaining evidence that the processor was the best possible market choice available.

Answer: A

Question 5

What is the primary purpose of Convention 108+, which amends the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data?

A : To issue updated guidelines for data transfers from the EU to third-country signatories to the Convention.

B : To modify the process for third countries to obtain an adequacy decision from the European Commission.

C : To strengthen data protection in line with the European and international regulatory framework.

D : To establish new data subject rights and safeguards for consumers in the EU member states.

Answer: C

Page: 1 / 64

Total 320 Questions | Updated On: Apr 01, 2026

Add To Cart