IAPP CIPP-E Certified Information Privacy Professional/Europe (CIPP/E) Online Training
IAPP CIPP-E Online Training
The questions for CIPP-E were last updated at Apr 26,2025.
- Exam Code: CIPP-E
- Exam Name: Certified Information Privacy Professional/Europe (CIPP/E)
- Certification Provider: IAPP
- Latest update: Apr 26,2025
Which of the following is NOT an explicit right granted to data subjects under the GDPR?
- A . The right to request access to the personal data a controller holds about them.
- B . The right to request the deletion of data a controller holds about them.
- C . The right to opt-out of the sale of their personal data to third parties.
- D . The right to request restriction of processing of personal data, under certain scenarios.
A U.S. company’s website sells widgets.
Which of the following factors would NOT in itself subject the company to the GDPR?
- A . The widgets are offered in EU and priced in euro.
- B . The website is in English and French, and is accessible in France.
- C . An affiliate office is located in France but the processing is in the U.S.
- D . The website places cookies to monitor the EU website user behavior.
Under the GDPR, which of the following is true in regard to adequacy decisions involving cross-border transfers?
- A . The European Commission can adopt an adequacy decision for individual companies.
- B . The European Commission can adopt, repeal or amend an existing adequacy decision.
- C . EU member states are vested with the power to accept or reject a European Commission adequacy decision.
- D . To be considered as adequate, third countries must implement the EU General Data Protection Regulation into their national legislation.
For which of the following operations would an employer most likely be justified in requesting the data subject’s consent?
- A . Posting an employee’s bicycle race photo on the company’s social media.
- B . Processing an employee’s health certificate in order to provide sick leave.
- C . Operating a CCTV system on company premises.
- D . Assessing a potential employee’s job application.
SCENARIO
Please use the following to answer the next question:
Jane Stan’s her new role as a Data Protection Officer (DPO) at a Malta-based company that allows anyone to buy and sell cryptocurrencies via its online platform. The company stores and processes the personal data of its customers in a dedicated data center located in Malta (EU).
People wishing to trade cryptocurrencies are required to open an online account on the platform. They then must successfully pass a KYC due diligence procedure aimed at preventing money laundering and ensuring compliance with applicable financial regulations.
The non-European customers are also required to waive all their GDPR rights by reading a disclaimer written in bold and belong a checkbox on a separate page in order to get their account approved on the platform.
The customers must likewise accept the terms of service of the platform. The terms of service also include a privacy policy section, saying, among other things, that if a Are the cybersecurity assessors required to sign a data processing agreement with the company in order to comply with the GDPR”
- A . No, the assessors do not quality as data processors as they only have access to encrypted data.
- B . No. the assessors do not quality as data processors as they do not copy the data to their facilities.
- C . Yes. the assessors a-e considered to be joint data controllers and must sign a mutual data processing agreement.
- D . Yes, the assessors are data processors and their processing of personal data must be governed by a separate contract or other legal act.
Which of the following is NOT considered a fair processing practice in relation to the transparency principle?
- A . Providing a multi-layered privacy notice, in a website environment.
- B . Providing a QR code linking to more detailed privacy notice, in a CCTV sign.
- C . Providing a hyperlink to the organization’s home page, in a hard copy application form.
- D . Providing a “just-in-time” contextual pop-up privacy notice, in an online application from field.
In the Planet 49 case, what was the man judgement of the Coon of Justice of the European Union (CJEU) regarding the issue of cookies?
- A . If the cookies do not track personal data, then pre-checked boxes are acceptable.
- B . If the ePrivacy Directive requires consent for cookies, then the GDPR’s consent requirements apply.
- C . If a website’s cookie notice makes clear the information gathered and the lifespan of the cookie, then pre-checked boxes are acceptable.
- D . If a data subject continues to scroll through a website after reading a cookie banner, this activity constitutes valid consent for the tracking described in the cookie banner.
In the Planet 49 case, what was the man judgement of the Coon of Justice of the European Union (CJEU) regarding the issue of cookies?
- A . If the cookies do not track personal data, then pre-checked boxes are acceptable.
- B . If the ePrivacy Directive requires consent for cookies, then the GDPR’s consent requirements apply.
- C . If a website’s cookie notice makes clear the information gathered and the lifespan of the cookie, then pre-checked boxes are acceptable.
- D . If a data subject continues to scroll through a website after reading a cookie banner, this activity constitutes valid consent for the tracking described in the cookie banner.
In the Planet 49 case, what was the man judgement of the Coon of Justice of the European Union (CJEU) regarding the issue of cookies?
- A . If the cookies do not track personal data, then pre-checked boxes are acceptable.
- B . If the ePrivacy Directive requires consent for cookies, then the GDPR’s consent requirements apply.
- C . If a website’s cookie notice makes clear the information gathered and the lifespan of the cookie, then pre-checked boxes are acceptable.
- D . If a data subject continues to scroll through a website after reading a cookie banner, this activity constitutes valid consent for the tracking described in the cookie banner.
In the Planet 49 case, what was the man judgement of the Coon of Justice of the European Union (CJEU) regarding the issue of cookies?
- A . If the cookies do not track personal data, then pre-checked boxes are acceptable.
- B . If the ePrivacy Directive requires consent for cookies, then the GDPR’s consent requirements apply.
- C . If a website’s cookie notice makes clear the information gathered and the lifespan of the cookie, then pre-checked boxes are acceptable.
- D . If a data subject continues to scroll through a website after reading a cookie banner, this activity constitutes valid consent for the tracking described in the cookie banner.
Latest CIPP-E Dumps Valid Version with 157 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
