CIPP-E Exam Questions
268 real CIPP-E exam questions with expert-verified answers and explanations. Page 2 of 6.
- Question #51
SCENARIO Please use the following to answer the next question: Zandelay Fashion (`Zandelay') is a successful international online clothing retailer that employs approximately 650 p...
- Question #52
SCENARIO Please use the following to answer the next question: Zandelay Fashion (`Zandelay') is a successful international online clothing retailer that employs approximately 650 p...
- Question #53
A company is located in a country NOT considered by the European Union (EU) to have an adequate level of data protection. Which of the following is an obligation of the company if...
- Question #54
Which of the following countries will continue to enjoy adequacy status under the GDPR, pending any future European Commission decision to the contrary?
- Question #55
A company is hesitating between Binding Corporate Rules and Standard Contractual Clauses as a global data transfer solution. Which of the following statements would help the compan...
- Question #56
Under the GDPR, which of the following is true in regard to adequacy decisions involving cross- border transfers?
- Question #57
Under Article 58 of the GDPR, which of the following describes a power of supervisory authorities in European Union (EU) member states?
- Question #58
SCENARIO Please use the following to answer the next question: Javier is a member of the fitness club EVERFIT. This company has branches in many EU member states, but for the purpo...
- Question #59
SCENARIO Please use the following to answer the next question: Javier is a member of the fitness club EVERFIT. This company has branches in many EU member states, but for the purpo...
- Question #60
The GDPR specifies fines that may be levied against data controllers for certain infringements. Which of the following infringements would be subject to the less severe administrat...
- Question #61
What is the MAIN reason GDPR Article 4(22) establishes the concept of the "concerned supervisory authority"?
- Question #62
Which area of privacy is a lead supervisory authority's (LSA) MAIN concern?
- Question #63
If a multi-national company wanted to conduct background checks on all current and potential employees, including those based in Europe, what key provision would the company have t...
- Question #64
Why is advisable to avoid consent as a legal basis for an employer to process employee data?
- Question #65
What is true if an employee makes an access request to his employer for any personal data held about him?
- Question #66
Read the following steps: Discover which employees are accessing cloud services and from which devices and apps Lock down the data in those apps and devices Monitor and analyze the...
- Question #67
If a company is planning to use closed-circuit television (CCTV) on its premises and is concerned with GDPR compliance, it should first do all of the following EXCEPT?
- Question #68
SCENARIO Please use the following to answer the next question: Building Block Inc. is a multinational company, headquartered in Chicago with offices throughout the United States, A...
- Question #69
SCENARIO Please use the following to answer the next question: Building Block Inc. is a multinational company, headquartered in Chicago with offices throughout the United States, A...
- Question #70
SCENARIO Please use the following to answer the next question: Building Block Inc. is a multinational company, headquartered in Chicago with offices throughout the United States, A...
- Question #71
Based on GDPR Article 35, which of the following situations would trigger the need to complete a DPIA?
- Question #72
In which of the following cases would an organization MOST LIKELY be required to follow both ePrivacy and data protection rules?
- Question #73
What permissions are required for a marketer to send an email marketing message to a consumer in the EU?
- Question #74
Under what circumstances might the "soft opt-in" rule apply in relation to direct marketing?
- Question #75
What should a controller do after a data subject opts out of a direct marketing activity?
- Question #76
How is the GDPR's position on consent MOST likely to affect future app design and implementation?
- Question #77
A mobile device application that uses cookies will be subject to the consent requirement of which of the following?
- Question #78
What term BEST describes the European model for data protection?
- Question #79
What was the aim of the European Data Protection Directive 95/46/EC?
- Question #80
What is the key difference between the European Council and the Council of the European Union?
- Question #81
Which change was introduced by the 2009 amendments to the e-Privacy Directive 2002/58/EC?
- Question #82
What is a reason the European Court of Justice declared the Data Retention Directive invalid in 2014?
- Question #83
Which type of personal data does the GDPR define as a "special category" of personal data?
- Question #84
After leaving the EU under the terms of Brexit, the United Kingdom will seek an adequacy determination. What is the reason for this?
- Question #85
To which of the following parties does the territorial scope of the GDPR NOT apply?
- Question #86
What must a data controller do in order to make personal data pseudonymous?
- Question #87
Which of the following entities would most likely be exempt from complying with the GDPR?
- Question #88
Article 29 Working Party has emphasized that the GDPR forbids "forum shopping", which occurs when companies do what?
- Question #89
Under Article 9 of the GDPR, which of the following categories of data is NOT expressly prohibited from data processing?
- Question #90
When does the GDPR provide more latitude for a company to process data beyond its original collection purpose?
- Question #91
In which situation would a data controller most likely be able to justify the processing of the data of a child without parental consent?
- Question #92
An organisation receives a request multiple times from a data subject seeking to exercise his rights with respect to his own personal data. Under what condition can the organisatio...
- Question #93
Which GDPR principle would a Spanish employer most likely depend upon to annually send the personal data of its employees to the national tax authority?
- Question #94
An online company's privacy practices vary due to the fact that it offers a wide variety of services. How could it best address the concern that explaining them all would make the...
- Question #95
The GDPR requires controllers to supply data subjects with detailed information about the processing of their data. Where a controller obtains data directly from data subjects, whi...
- Question #96
According to Article 14 of the GDPR, how long does a controller have to provide a data subject with necessary privacy information, if that subject's personal data has been obtained...
- Question #97
When would a data subject NOT be able to exercise the right to portability?
- Question #98
In which of the following situations would an individual most likely to be able to withdraw her consent for processing?
- Question #99
As a result of the European Court of Justice's ruling in the case of Google v. Spain, search engines outside the EEA are also likely to be subject to the Regulation's right to be f...
- Question #100
A German data subject was the victim of an embarrassing prank 20 years ago. A newspaper website published an article about the prank at the time, and the article is still available...