CIPP-E Exam Questions

SCENARIO Please use the following to answer the next question: Jane Stan's her new role as a Data Protection Officer (DPO) at a Malta-based company that allows anyone to buy and se...

A dynamic Internet Protocol (IP) address is considered persona! data when it is combined with what?

Two companies, Gellcoat and Freifish, make plans to launch a co-branded product the prototype of which is called Gellifish 9090. The companies want to organize an event to introduc...

Which of the following is NOT exempt from the material scope of the GDPR. insofar as the processing of personal data is concerned?

MagicClean is a web-based service located in the United States that matches home cleaning services to customers. It otters its services exclusively in the United States It uses a p...

A news website based m (he United Slates reports primarily on North American events The website is accessible to any user regardless of location, as the website operator does not b...

A company has collected personal data tor direct marketing purpose on the basis of consent. It is now considering using this data to develop new products through analytics. What is...

Which kind of privacy notice, originally advocated by the Article 29 Working Party, is commonly recommended tor Al-based technologies because of the way it provides processing info...

Articles 13 and 14 of the GDPR provide details on the obligation of data controllers to inform data subjects when collecting personal data. However, both articles specify an exempt...

The transparency principle is most directly related to which of the following rights?

In the Planet 49 case, what was the man judgement of the Coon of Justice of the European Union (CJEU) regarding the issue of cookies?

SCENARIO Please use the following to answer the next question: Jack worked as a Pharmacovigiliance Operations Specialist in the Irish office of a multinational pharmaceutical compa...

SCENARIO Please use the following to answer the next question: Jack worked as a Pharmacovigiliance Operations Specialist in the Irish office of a multinational pharmaceutical compa...

SCENARIO Please use the following to answer the next question: Jack worked as a Pharmacovigiliance Operations Specialist in the Irish office of a multinational pharmaceutical compa...

Pursuant to Article 17 and EDPB Guidelines S'2019 on RTBF criteria in search engines cases, all of the following would be valid grounds for data subject delisting requests EXCEPT?

According to Art 23 GDPR, which of the following data subject rights can NOT be restricted?

The European Data Protection Board (EDPB) recommends measures to supplement transfer tools, in order to ensure compliance with the European Union (EU) level of personal data protec...

Which of the following is an accurate statement regarding the "one-stop-shop" mechanism of the GDPR?

SCENARIO Please use the following to answer the next question: ProStorage is a multinational cloud storage provider headquartered in the Netherlands. Its CEO. Ruth Brown, has devel...

SCENARIO Please use the following to answer the next question: ProStorage is a multinational cloud storage provider headquartered in the Netherlands. Its CEO. Ruth Brown, has devel...

SCENARIO Please use the following to answer the next question: ProStorage is a multinational cloud storage provider headquartered in the Netherlands. Its CEO. Ruth Brown, has devel...

SCENARIO Please use the following to answer the next question: Why was Jackie correct in not completing a transfer impact assessment for HRYourWay?

Higher fines are assessed for GDPR violations due to which of the following?

A company would like to implement CCTV monitoring in its offices for safety and security purposes. Which of the following would be the best legal basis for the company to rely upon...

According to the GDPR. Article 4(14). biometric data is defined as: "Personal data resulting from specific technical processing relating to the______charactenstics of a natural per...

According to the European Data Protection Board, data subjects should be aware of any video surveillance in operation. How should a retail shop operator ensure that data subjects r...

Jerry the Chief Marketing Officer for a sports apparel and trophy company, sells products to schools and athletic clubs globally Recently the company has decided to invest in a new...

A homeowner has installed a motion-detecting surveillance system that films his front doc and entryway. The camera does not film any public areas only areas that are the property o...

Which of the following is NOT one of the 4 principles developed by the European Al Alliance regarding the ethical use of Artificial Intelligence?

Since blockchain transactions are classified as pseudonymous, are they considered to be within the material scope of the GDPR or outside of it?

After detecting an intrusion involving the theft of unencrypted personal data, who shall the breached company notify first under GDPR requirements?

What ruling did the Planet 49 CJEU judgment make regarding the issue of pre-ticked boxes?

You are the new Data Protection Officer for your company and have to determine whether the company has implemented appropriate technical and organizational measures as required by...

It a company receives an anonymous email demanding ransom for the stolen personal data of its clients, what must the company do next, per GDPR requirements'3

If two controllers act as joint controllers pursuant to Article 26 of the GDPR, which of the following may NOT be validly determined by said controllers?

What is the main task of the European Data Protection Board?

In relation to third countries and international organizations, which of the following shall, along with the supervisory authorities, take appropriate steps to develop internationa...

A company wishes to transfer personal data to a country outside of the European Union/EEA In order to do so, they are planning an assessment of the country's laws and practices, kn...

What is the primary purpose of Convention 108+, which amends the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data?

SCENARIO Please use the following to answer the next question: Jane starts her new role as a Data Protection Officer (DPO) at a Malta-based company that allows anyone to buy and se...

Sanctions for non-compliance with the EU Artificial Intelligence Act (Al Act) could result in a maximum fine of?

SCENARIO Please use the following to answer the next question: Financially, it has been a very good year at ARRA Hotels: Their 21 hotels, located in Greece (5), Italy (15) and Spai...

SCENARIO Please use the following to answer the next question: Financially, it has been a very good year at ARRA Hotels: Their 21 hotels, located in Greece (5), Italy (15) and Spai...

SCENARIO Please use the following to answer the next question: Financially, it has been a very good year at ARRA Hotels: Their 21 hotels, located in Greece (5), Italy (15) and Spai...

SCENARIO Please use the following to answer the next question: Financially, it has been a very good year at ARRA Hotels: Their 21 hotels, located in Greece (5), Italy (15) and Spai...

As a Data Protection Officer for a small bank in the European Union, you receive a data subject access request from one of your customers. The customer provides you with his name,...

In the Planet 49 case, what was the main judgement of the Court of Justice of the European Union (CJEU) regarding the issue of cookies?

According to the EDPB Guidelines 01/2021 on Examples regarding Personal Data Breach Notification, if exfiltration of job application data (submitted through online application form...

ISO 31700 has set forth requirements relating to consumer products and services. In particular, this international standard focuses on the implementation of which of the following?

In the wake of the Schrems II ruling, which of the following actions has been recommended by the EDPB for companies transferring personal data to third countries?