Free IAPP CIPP-E Exam Questions

Question 1

Which of the following is NOT an explicit right granted to data subjects under the GDPR?

A : right to request access to the personal data a controller holds about them.

B : right to request the deletion of data a controller holds about them.

C : right to opt-out of the sale of their personal data to third parties.

D : right to request restriction of processing of personal data, under certain scenarios.

Answer: A

Question 2

The GDPR forbids the practice of "forum shopping", which occurs when companies do what?

A : Choose the data protection officer that is most sympathetic to their business concerns.

B : ignate their main establishment in member state with the most flexible practices.

C : le appeals of infringement judgments with more than one EU institution simultaneously.

D : lect third-party processors on the basis of cost rather than quality of privacy protection.

Answer: B

Question 3

Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.

A : Processing necessary for scientific or statistical purposes.

B : Processing necessary for reasons of substantial public interest.

C : Processing necessary for purposes of preventive or occupational medicine.

D : Processing necessary for the defense of legal claims in potential negligence cases.

Answer: C

Question 4

Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.

A : Processing necessary for scientific or statistical purposes.

B : Processing necessary for reasons of substantial public interest.

C : Processing necessary for purposes of preventive or occupational medicine.

D : Processing necessary for the defense of legal claims in potential negligence cases.

Answer: C

Question 5

Which sentence best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?

A : ployees must sign an ad hoc contractual agreement each time personal data is exported.

B : All employees are subject to the rules in their entirety, regardless of where the work is taking place.

C : l employees must follow the privacy regulations of the jurisdictions where the current scope of their work is established.

D : ployees who control personal data must complete a rigorous certification procedure, as they are exempt from legal enforcement.

Answer: C