Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page: 1 / 64

Total 320 Questions | Updated On: Jan 12, 2026

Add To Cart

Question 1

Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.

A : Processing necessary for scientific or statistical purposes.

B : Processing necessary for reasons of substantial public interest.

C : Processing necessary for purposes of preventive or occupational medicine.

D : Processing necessary for the defense of legal claims in potential negligence cases.

Answer: C

Question 2

What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?

A : HR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot.

B : EU can force national governments to implement and honor EU law, while the ECHR cannot.

C : EU can hear appeals on human rights decisions made by national courts, while the ECHR cannot.

D : HR can enforce human rights laws against governments that fail to implement them, while the CJEU cannot.

Answer: B

Question 3

Which sentence best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?

A : ployees must sign an ad hoc contractual agreement each time personal data is exported.

B : All employees are subject to the rules in their entirety, regardless of where the work is taking place.

C : l employees must follow the privacy regulations of the jurisdictions where the current scope of their work is established.

D : ployees who control personal data must complete a rigorous certification procedure, as they are exempt from legal enforcement.

Answer: C

Question 4

To receive a preliminary interpretation on provisions of the GDPR, a national court will refer its case to which of the following?

A : The Court of Justice of the European Union.

B : The European Data Protection Supervisor.

C : The European Court of Human Rights.

D : The European Data Protection Board.

Answer: A

Question 5

What should a controller do after a data subject opts out of a direct marketing activity?

A : thout exception, securely delete all personal data relating to the data subject.

B : thout undue delay, provide information to the data subject on the action that will be taken.

C : frain from processing personal data relating to the data subject for the relevant type of communication.

D : ke reasonable steps to inform third-party recipients that the data subject's personal data should be deleted and no longer processed.

Answer: C

Page: 1 / 64

Total 320 Questions | Updated On: Jan 12, 2026

Add To Cart