Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page: 1 / 64

Total 320 Questions | Updated On: Feb 10, 2026

Add To Cart

Question 1

The origin of privacy as a fundamental human right can be found in which document?

A : iversal Declaration of Human Rights 1948.

B : ropean Convention of Human Rights 1953.

C : CD Guidelines on the Protection of Privacy 1980.

D : arier of Fundamental Rights of the European Union 2000.

Answer: A

Question 2

Through a combination of hardware failure and human error, the decryption key for a bank’s customer account transaction database has been lost. An investigation has determined that this was not the result of hacking or malfeasance, simply an unfortunate combination of circumstances. Which of the following accurately indicates the nature of this incident?

A : A data breach has not occurred because the loss was not the result of hacking.

B : A data breach has not occurred because no data was exposed to any unauthorized individual.

C : A data breach has occurred because the loss of the key has resulted in the data no longer being accessible.

D : A data breach has occurred because the loss of the key has resulted in the loss of confidentiality or integrity of the data.

Answer: D

Question 3

Under the GDPR, which of the following is true in regard to adequacy decisions involving cross-border transfers?

A : European Commission can adopt an adequacy decision for individual companies.

B : European Commission can adopt, repeal or amend an existing adequacy decision.

C : member states are vested with the power to accept or reject a European Commission adequacy decision.

D : be considered as adequate, third countries must implement the EU General Data Protection Regulation into their national legislation.

Answer: A

Question 4

According to the GDPR, Article 4(14), biometric data is defined as:

"Personal data resulting from specific technical processing relating to the ___ characteristics of a natural person."

Which term could NOT be placed in the above definition?

A : Physiological.

B : Physical.

C : Intellectual.

D : Behavioral

Answer: C

Question 5

An employee of company ABCD has just noticed a memory stick containing records of client data, including their names, addresses and full contact details has disappeared. The data on the stick is unencrypted and in clear text. It is uncertain what has happened to the stick at this stage, but it likely was lost during the travel of an employee. What should the company do?

A : tify as soon as possible the data protection supervisory authority that a data breach may have taken place.

B : unch an investigation and if nothing is found within one month, notify the data protection supervisory authority.

C : voke the "disproportionate effort" exception under Article 33 to postpone notifying data subjects until more information can be gathered.

D : mediately notify all the customers of the company that their information has been accessed by an unauthorized person.

Answer: A

Page: 1 / 64

Total 320 Questions | Updated On: Feb 10, 2026

Add To Cart