Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page: 1 / 64

Total 320 Questions | Updated On: Jan 12, 2026

Add To Cart

Question 1

A news website based m (he United Slates reports primarily on North American events The website is accessible to any user regardless of location, as the website operator does not block connections from outside of the U.S. The website offers a pad subscription that requires the creation of a user account; this subscription can only be paid in U.S. dollars.

Which of the following explains why the website operator, who is the responsible for all processing related to account creation and subscriptions, is NOT required to comply with the GDPR?

A : yments cannot be made in a European Union currency.

B : controller does not have an establishment in the European Union.

C : website is not available in several official languages of European Un on Member States

D : website cannot block connections from outside the U.S. that use a Virtual Private Network (VPN) to simulate a US location.

Answer: B

Question 2

Through a combination of hardware failure and human error, the decryption key for a bank’s customer account transaction database has been lost. An investigation has determined that this was not the result of hacking or malfeasance, simply an unfortunate combination of circumstances. Which of the following accurately indicates the nature of this incident?

A : A data breach has not occurred because the loss was not the result of hacking.

B : A data breach has not occurred because no data was exposed to any unauthorized individual.

C : A data breach has occurred because the loss of the key has resulted in the data no longer being accessible.

D : A data breach has occurred because the loss of the key has resulted in the loss of confidentiality or integrity of the data.

Answer: D

Question 3

What is the key difference between the European Council and the Council of the European Union?

A : Council of the European Union is helmed by a president.

B : Council of the European Union has a degree of legislative power.

C : European Council focuses primarily on issues involving human rights.

D : European Council is comprised of the heads of each EU member state.

Answer: D

Question 4

A data controller appoints a data protection officer. Which of the following conditions would NOT result in an infringement of Articles 37 to 39 of the GDPR?

A : If the data protection officer lacks ISO 27001 auditor certification

B : If the data protection officer is provided by the data processor.

C : If the data protection officer also manages the marketing budget.

D : If the data protection officer receives instructions from the data controller.

Answer: D

Question 5

Which sentence best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?

A : ployees must sign an ad hoc contractual agreement each time personal data is exported.

B : All employees are subject to the rules in their entirety, regardless of where the work is taking place.

C : l employees must follow the privacy regulations of the jurisdictions where the current scope of their work is established.

D : ployees who control personal data must complete a rigorous certification procedure, as they are exempt from legal enforcement.

Answer: C

Page: 1 / 64

Total 320 Questions | Updated On: Jan 12, 2026

Add To Cart