Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page: 1 / 64

Total 320 Questions | Updated On: Feb 10, 2026

Add To Cart

Question 1

Under Article 9 of the GDPR, which of the following categories of data is NOT expressly prohibited from data processing?

A : rsonal data revealing ethnic origin.

B : rsonal data revealing genetic information.

C : rsonal data revealing financial information.

D : Personal data revealing trade union membership.

Answer: C

Question 2

What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?

A : HR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot.

B : EU can force national governments to implement and honor EU law, while the ECHR cannot.

C : EU can hear appeals on human rights decisions made by national courts, while the ECHR cannot.

D : HR can enforce human rights laws against governments that fail to implement them, while the CJEU cannot.

Answer: B

Question 3

Which failing of Privacy Shield, cited by the CJEU as a reason for its invalidation, is the Trans-Atlantic Data Privacy Framework intended to address?

A : Data Subject Rights.

B : Right of Action.

C : Necessity.

D : Consent.

Answer: B

Question 4

Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.

A : Processing necessary for scientific or statistical purposes.

B : Processing necessary for reasons of substantial public interest.

C : Processing necessary for purposes of preventive or occupational medicine.

D : Processing necessary for the defense of legal claims in potential negligence cases.

Answer: C

Question 5

Which sentence best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?

A : ployees must sign an ad hoc contractual agreement each time personal data is exported.

B : All employees are subject to the rules in their entirety, regardless of where the work is taking place.

C : l employees must follow the privacy regulations of the jurisdictions where the current scope of their work is established.

D : ployees who control personal data must complete a rigorous certification procedure, as they are exempt from legal enforcement.

Answer: C

Page: 1 / 64

Total 320 Questions | Updated On: Feb 10, 2026

Add To Cart