Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page: 1 / 64

Total 320 Questions | Updated On: Jan 12, 2026

Add To Cart

Question 1

A worker in a European Union (EU) member state has ceased his employment with a company. What should the employer most likely do in regard to the worker's personal data?

A : troy sensitive information and store the rest per applicable data protection rules.

B : ore all of the data in case the departing worker makes a subject access request.

C : curely store the data that is required to be kept under local law.

D : ovide the employee the reasons for retaining the data.

Answer: A

Question 2

Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.

A : Processing necessary for scientific or statistical purposes.

B : Processing necessary for reasons of substantial public interest.

C : Processing necessary for purposes of preventive or occupational medicine.

D : Processing necessary for the defense of legal claims in potential negligence cases.

Answer: C

Question 3

To receive a preliminary interpretation on provisions of the GDPR, a national court will refer its case to which of the following?

A : The Court of Justice of the European Union.

B : The European Data Protection Supervisor.

C : The European Court of Human Rights.

D : The European Data Protection Board.

Answer: A

Question 4

Through a combination of hardware failure and human error, the decryption key for a bank’s customer account transaction database has been lost. An investigation has determined that this was not the result of hacking or malfeasance, simply an unfortunate combination of circumstances. Which of the following accurately indicates the nature of this incident?

A : A data breach has not occurred because the loss was not the result of hacking.

B : A data breach has not occurred because no data was exposed to any unauthorized individual.

C : A data breach has occurred because the loss of the key has resulted in the data no longer being accessible.

D : A data breach has occurred because the loss of the key has resulted in the loss of confidentiality or integrity of the data.

Answer: D

Question 5

Which failing of Privacy Shield, cited by the CJEU as a reason for its invalidation, is the Trans-Atlantic Data Privacy Framework intended to address?

A : Data Subject Rights.

B : Right of Action.

C : Necessity.

D : Consent.

Answer: B

Page: 1 / 64

Total 320 Questions | Updated On: Jan 12, 2026

Add To Cart