Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page: 1 / 64

Total 320 Questions | Updated On: Feb 10, 2026

Add To Cart

Question 1

Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.

A : Processing necessary for scientific or statistical purposes.

B : Processing necessary for reasons of substantial public interest.

C : Processing necessary for purposes of preventive or occupational medicine.

D : Processing necessary for the defense of legal claims in potential negligence cases.

Answer: C

Question 2

A high-ranking employee has his laptop bag stolen in a train station. In addition to the laptop, the bag contained the employee’s ID card, confidential company documents (such as financial information and minutes of board meetings, including participants and their roles), company payment cards, and authorization tokens.

As the company's Data Protection Officer, what should be your first action?

A : Inform the appropriate supervisory authority of the breach.

B : Verify whether the laptop contained personal data and, if so, if it was encrypted.

C : Inform the meeting participants of the breach and provide them with next steps to be taken.

D : Request deactivation of the authorization tokens to avoid access to company data, and remotely wipe the laptop.

Answer: B

Question 3

The origin of privacy as a fundamental human right can be found in which document?

A : iversal Declaration of Human Rights 1948.

B : ropean Convention of Human Rights 1953.

C : CD Guidelines on the Protection of Privacy 1980.

D : arier of Fundamental Rights of the European Union 2000.

Answer: A

Question 4

Which of the following is NOT recognized as being a common characteristic of cloud-computing services?

A : service's infrastructure is shared among the supplier's customers and can be located in a number of countries.

B : supplier determines the location, security measures, and service standards applicable to the processing.

C : supplier allows customer data to be transferred around the infrastructure according to capacity.

D : supplier assumes the vendor's business risk associated with data processed by the supplier.

Answer: D

Question 5

According to the GDPR, Article 4(14), biometric data is defined as:

"Personal data resulting from specific technical processing relating to the ___ characteristics of a natural person."

Which term could NOT be placed in the above definition?

A : Physiological.

B : Physical.

C : Intellectual.

D : Behavioral

Answer: C

Page: 1 / 64

Total 320 Questions | Updated On: Feb 10, 2026

Add To Cart