Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page: 1 / 64

Total 320 Questions | Updated On: Feb 10, 2026

Add To Cart

Question 1

What should a controller do after a data subject opts out of a direct marketing activity?

A : thout exception, securely delete all personal data relating to the data subject.

B : thout undue delay, provide information to the data subject on the action that will be taken.

C : frain from processing personal data relating to the data subject for the relevant type of communication.

D : ke reasonable steps to inform third-party recipients that the data subject's personal data should be deleted and no longer processed.

Answer: C

Question 2

A news website based m (he United Slates reports primarily on North American events The website is accessible to any user regardless of location, as the website operator does not block connections from outside of the U.S. The website offers a pad subscription that requires the creation of a user account; this subscription can only be paid in U.S. dollars.

Which of the following explains why the website operator, who is the responsible for all processing related to account creation and subscriptions, is NOT required to comply with the GDPR?

A : yments cannot be made in a European Union currency.

B : controller does not have an establishment in the European Union.

C : website is not available in several official languages of European Un on Member States

D : website cannot block connections from outside the U.S. that use a Virtual Private Network (VPN) to simulate a US location.

Answer: B

Question 3

A company wishes to transfer personal data to a country outside of the European Union/EEA In order to do so, they are planning an assessment of the country's laws and practices, knowing that these may impinge upon the transfer safeguards they intend to use

All of the following factors would be relevant for the company to consider EXCEPT'?

A : y onward transfers, such as transfers of personal data to a sub-processor in the same or another third country.

B : process of modernization in the third country concerned and their access to emerging technologies that rely on international transfers of personal data

C : technical, financial, and staff resources available to an authority m the third country concerned that may access the personal data to be transferred

D : contractual clauses between the data controller or processor established in the European Union/EEA and the recipient of the transfer established in the third country concerned

Answer: B

Question 4

The GDPR forbids the practice of "forum shopping", which occurs when companies do what?

A : Choose the data protection officer that is most sympathetic to their business concerns.

B : ignate their main establishment in member state with the most flexible practices.

C : le appeals of infringement judgments with more than one EU institution simultaneously.

D : lect third-party processors on the basis of cost rather than quality of privacy protection.

Answer: B

Question 5

What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?

A : HR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot.

B : EU can force national governments to implement and honor EU law, while the ECHR cannot.

C : EU can hear appeals on human rights decisions made by national courts, while the ECHR cannot.

D : HR can enforce human rights laws against governments that fail to implement them, while the CJEU cannot.

Answer: B

Page: 1 / 64

Total 320 Questions | Updated On: Feb 10, 2026

Add To Cart