Free IAPP CIPP-E Exam Questions

Question 1

A high-ranking employee has his laptop bag stolen in a train station. In addition to the laptop, the bag contained the employee’s ID card, confidential company documents (such as financial information and minutes of board meetings, including participants and their roles), company payment cards, and authorization tokens.

As the company's Data Protection Officer, what should be your first action?

A : Inform the appropriate supervisory authority of the breach.

B : Verify whether the laptop contained personal data and, if so, if it was encrypted.

C : Inform the meeting participants of the breach and provide them with next steps to be taken.

D : Request deactivation of the authorization tokens to avoid access to company data, and remotely wipe the laptop.

Answer: B

Question 2

The origin of privacy as a fundamental human right can be found in which document?

A : iversal Declaration of Human Rights 1948.

B : ropean Convention of Human Rights 1953.

C : CD Guidelines on the Protection of Privacy 1980.

D : arier of Fundamental Rights of the European Union 2000.

Answer: A

Question 3

Through a combination of hardware failure and human error, the decryption key for a bank’s customer account transaction database has been lost. An investigation has determined that this was not the result of hacking or malfeasance, simply an unfortunate combination of circumstances. Which of the following accurately indicates the nature of this incident?

A : A data breach has not occurred because the loss was not the result of hacking.

B : A data breach has not occurred because no data was exposed to any unauthorized individual.

C : A data breach has occurred because the loss of the key has resulted in the data no longer being accessible.

D : A data breach has occurred because the loss of the key has resulted in the loss of confidentiality or integrity of the data.

Answer: D

Question 4

Through a combination of hardware failure and human error, the decryption key for a bank’s customer account transaction database has been lost. An investigation has determined that this was not the result of hacking or malfeasance, simply an unfortunate combination of circumstances. Which of the following accurately indicates the nature of this incident?

A : A data breach has not occurred because the loss was not the result of hacking.

B : A data breach has not occurred because no data was exposed to any unauthorized individual.

C : A data breach has occurred because the loss of the key has resulted in the data no longer being accessible.

D : A data breach has occurred because the loss of the key has resulted in the loss of confidentiality or integrity of the data.

Answer: D

Question 5

In which scenario is a Controller most likely required to undertake a Data Protection Impact Assessment?

A : en the controller is collecting email addresses from individuals via an online registration form for marketing purposes.

B : en personal data is being collected and combined with other personal data to profile the creditworthiness of individuals.

C : en the controller is required to have a Data Protection Officer.

D : en personal data is being transferred outside of the EEA.

Answer: B