Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page: 1 / 64

Total 320 Questions | Updated On: Feb 10, 2026

Add To Cart

Question 1

An employee of company ABCD has just noticed a memory stick containing records of client data, including their names, addresses and full contact details has disappeared. The data on the stick is unencrypted and in clear text. It is uncertain what has happened to the stick at this stage, but it likely was lost during the travel of an employee. What should the company do?

A : tify as soon as possible the data protection supervisory authority that a data breach may have taken place.

B : unch an investigation and if nothing is found within one month, notify the data protection supervisory authority.

C : voke the "disproportionate effort" exception under Article 33 to postpone notifying data subjects until more information can be gathered.

D : mediately notify all the customers of the company that their information has been accessed by an unauthorized person.

Answer: A

Question 2

Through a combination of hardware failure and human error, the decryption key for a bank’s customer account transaction database has been lost. An investigation has determined that this was not the result of hacking or malfeasance, simply an unfortunate combination of circumstances. Which of the following accurately indicates the nature of this incident?

A : A data breach has not occurred because the loss was not the result of hacking.

B : A data breach has not occurred because no data was exposed to any unauthorized individual.

C : A data breach has occurred because the loss of the key has resulted in the data no longer being accessible.

D : A data breach has occurred because the loss of the key has resulted in the loss of confidentiality or integrity of the data.

Answer: D

Question 3

What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?

A : HR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot.

B : EU can force national governments to implement and honor EU law, while the ECHR cannot.

C : EU can hear appeals on human rights decisions made by national courts, while the ECHR cannot.

D : HR can enforce human rights laws against governments that fail to implement them, while the CJEU cannot.

Answer: B

Question 4

When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?

A : Documenting due diligence steps taken in the pre-contractual stage.

B : nducting a risk assessment to analyze possible outsourcing threats.

C : quiring that the processor directly notify the appropriate supervisory authority.

D : intaining evidence that the processor was the best possible market choice available.

Answer: A

Question 5

Which failing of Privacy Shield, cited by the CJEU as a reason for its invalidation, is the Trans-Atlantic Data Privacy Framework intended to address?

A : Data Subject Rights.

B : Right of Action.

C : Necessity.

D : Consent.

Answer: B

Page: 1 / 64

Total 320 Questions | Updated On: Feb 10, 2026

Add To Cart