Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page: 1 / 64

Total 320 Questions | Updated On: Nov 24, 2025

Add To Cart

Question 1

Which of the following demonstrates compliance with the accountability principle found in Article 5, Section 2 of the GDPR?

A : Anonymizing special categories of data.

B : nducting regular audits of the data protection program.

C : tting consent from the data subject for a cross border data transfer.

D : crypting data in transit and at rest using strong encryption algorithms.

Answer: B

Question 2

In which scenario is a Controller most likely required to undertake a Data Protection Impact Assessment?

A : en the controller is collecting email addresses from individuals via an online registration form for marketing purposes.

B : en personal data is being collected and combined with other personal data to profile the creditworthiness of individuals.

C : en the controller is required to have a Data Protection Officer.

D : en personal data is being transferred outside of the EEA.

Answer: B

Question 3

Which of the following is NOT recognized as being a common characteristic of cloud-computing services?

A : service's infrastructure is shared among the supplier's customers and can be located in a number of countries.

B : supplier determines the location, security measures, and service standards applicable to the processing.

C : supplier allows customer data to be transferred around the infrastructure according to capacity.

D : supplier assumes the vendor's business risk associated with data processed by the supplier.

Answer: D

Question 4

What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?

A : HR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot.

B : EU can force national governments to implement and honor EU law, while the ECHR cannot.

C : EU can hear appeals on human rights decisions made by national courts, while the ECHR cannot.

D : HR can enforce human rights laws against governments that fail to implement them, while the CJEU cannot.

Answer: B

Question 5

Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.

A : Processing necessary for scientific or statistical purposes.

B : Processing necessary for reasons of substantial public interest.

C : Processing necessary for purposes of preventive or occupational medicine.

D : Processing necessary for the defense of legal claims in potential negligence cases.

Answer: C

Page: 1 / 64

Total 320 Questions | Updated On: Nov 24, 2025

Add To Cart