IAPP CIPP-E Certified Information Privacy Professional/Europe (CIPP/E) Online Training
IAPP CIPP-E Online Training
The questions for CIPP-E were last updated at Apr 21,2025.
- Exam Code: CIPP-E
- Exam Name: Certified Information Privacy Professional/Europe (CIPP/E)
- Certification Provider: IAPP
- Latest update: Apr 21,2025
Which EU institution is vested with the competence to propose new data protection legislation on its own initiative?
- A . The European Council
- B . The European Parliament
- C . The European Commission
- D . The Council of the European Union
What is the main task of the European Data Protection Board?
- A . To assess adequacy of data protection in third countries
- B . To ensure consistent application of the GDPR.
- C . To proactively prevent disputes between national supervisory authorities.
- D . To publish guidelines tor data subjects on how to property enforce their rights
An entity’s website stores text files on EU users’ computer and mobile device browsers.
Prior to doing so, the entity is required to provide users with notices containing information and consent under which of the following frameworks?
- A . General Data Protection Regulation 2016/679.
- B . E-Privacy Directive 2002/58/EC.
- C . E-Commerce Directive 2000/31/EC.
- D . Data Protection Directive 95/46/EC.
Which of the following Convention 108+ principles, as amended in 2018, is NOT consistent with a principle found in the GDPR?
- A . The obligation of companies to declare data breaches.
- B . The requirement to demonstrate compliance to a supervisory authority.
- C . The necessity of the bulk collection of personal data by the government.
Which of the following was the first to implement national law for data protection in 1973?
- A . France
- B . Sweden
- C . Germany
- D . United Kingdom
Under Article 58 of the GDPR, which of the following describes a power of supervisory authorities in European Union (EU) member states?
- A . The ability to enact new laws by executive order.
- B . The right to access data for investigative purposes.
- C . The discretion to carry out goals of elected officials within the member state.
- D . The authority to select penalties when a controller is found guilty in a court of law.
According to the E-Commerce Directive 2000/31/EC, where is the place of “establishment” for a company providing services via an Internet website confirmed by the GDPR?
- A . Where the technology supporting the website is located
- B . Where the website is accessed
- C . Where the decisions about processing are made
- D . Where the customer’s Internet service provider is located
Article 29 Working Party has emphasized that the GDPR forbids “forum shopping”, which occurs when companies do what?
- A . Choose the data protection officer that is most sympathetic to their business concerns.
- B . Designate their main establishment in member state with the most flexible practices.
- C . File appeals of infringement judgments with more than one EU institution simultaneously.
- D . Select third-party processors on the basis of cost rather than quality of privacy protection.
When is data sharing agreement MOST likely to be needed?
- A . When anonymized data is being shared.
- B . When personal data is being shared between commercial organizations acting as joint data controllers.
- C . When personal data is being proactively shared by a controller to support a police investigation.
- D . When personal data is being shared with a public authority with powers to require the personal data to be disclosed.
SCENARIO
Please use the following to answer the next question:
Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees are located there. The company offers its services to
Canadians only: Its website is in English and French, it accepts only Canadian currency, and it blocks internet traffic from outside of Canada (although this solution doesn’t prevent all non-Canadian traffic). It also declines to process orders that request the DNA report to be sent outside of Canada, and returns orders that show a non-Canadian return address.
Bob, the President of Who-R-U, thinks there is a lot of interest for the product in the EU, and the company is exploring a number of plans to expand its customer base.
The first plan, collegially called We-Track-U, will use an app to collect information about its current Canadian customer base. The expansion will allow its Canadian customers to use the app while traveling abroad. He suggests that the company use this app to gather location information. If the plan shows promise, Bob proposes to use push notifications and text messages to encourage existing customers to pre-register for an EU version of the service. Bob calls this work plan, We-Text-U. Once the company has gathered enough pre-registrations, it will develop EU-specific content and services.
Another plan is called Customer for Life. The idea is to offer additional services through the company’s app, like storage and sharing of DNA information with other applications and medical providers. The company’s contract says that it can keep customer DNA indefinitely, and use it to offer new services and market them to customers. It also says that customers agree not to withdraw direct marketing consent. Paul, the marketing director, suggests that the company should fully exploit these provisions, and that it can work around customers’ attempts to withdraw consent because the contract invalidates them.
The final plan is to develop a brand presence in the EU. The company has already begun this process. It is in the process of purchasing the naming rights for a building in Germany, which would come with a few offices that Who-R-U executives can use while traveling internationally. The office doesn’t include any technology or infrastructure; rather, it’s simply a room with a desk and some chairs.
On a recent trip concerning the naming-rights deal, Bob’s laptop is stolen. The laptop held unencrypted DNA reports on 5,000 Who-R-U customers, all of whom are residents of Canada. The reports include customer name, birthdate, ethnicity, racial background, names of relatives, gender, and occasionally health information.
If Who-R-U decides to track locations using its app, what must it do to comply with the GDPR?
- A . Get consent from the app users.
- B . Provide a transparent notice to users.
- C . Anonymize the data and add latency so it avoids disclosing real time locations.
- D . Obtain a court order because location data is a special category of personal data.
Latest CIPP-E Dumps Valid Version with 157 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
