DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass Your CIPP Certification Questions & Practice Tests, Certified International Purchasing Professional | SPOTO

Achieve success in your CIPP Certification with SPOTO's comprehensive collection of Questions & Practice Tests. Our resources include a variety of exam preparation tools such as practice tests, free tests, online exam questions, sample questions, and exam dumps. With our meticulously crafted mock exams, you can simulate the test environment and assess your readiness effectively. The Certified Information Privacy Professional/Europe (CIPP/E) certification requires a solid understanding of European privacy laws, regulations, and the legal requirements for transferring sensitive personal data across borders. SPOTO's exam materials are designed to equip you with the knowledge and expertise needed to excel in this certification. Utilize our latest practice tests to reinforce your learning and increase your chances of passing the certification exam with confidence. Trust SPOTO as your ultimate partner in achieving your goal of becoming a Certified International Purchasing Professional.

Take other online exams

Question #1
Which of the following is NOT an explicit right granted to data subjects under the GDPR?
A. The right to request access to the personal data a controller holds about them
B. The right to request the deletion of data a controller holds about them
C. The right to opt-out of the sale of their personal data to third parties
D. The right to request restriction of processing of personal data, under certain scenarios
View answer
Correct Answer: A

View The Updated CIPP Exam Questions

SPOTO Provides 100% Real CIPP Exam Questions for You to Pass Your CIPP Exam!

Question #2
SCENARIO Please use the following to answer the next question: Louis, a long-time customer of Bedrock Insurance, was involved in a minor car accident a few months ago. Although no one was hurt, Louis has been plagued by texts and calls from a company called Accidentable offering to help him recover compensation for personal injury. Louis has heard about insurance companies selling customers’ data to third parties, and he’s convinced that Accidentable must have gotten his information from Bedrock Insurance.
A. If Accidentable is entitled to use of the data as an affiliate of Bedrock
B. If Accidentable also uses the data to conduct public health research
C. If the data becomes necessary to defend Accidentable’s legal rights
D. If the accuracy of the data is not an aspect that Louis is disputing
View answer
Correct Answer: D
Question #3
SCENARIO Please use the following to answer the next question: ABC Hotel Chain and XYZ Travel Agency are U.S.-based multinational companies. They use an internet-based common platform for collecting and sharing their customer data with each other, in order to integrate their marketing efforts. Additionally, they agree on the data to be stored, how reservations will be booked and confirmed, and who has access to the stored data. Mike, an EU resident, has booked travel itineraries in the past through XYZ Trav
A. Not more than one month of receipt of Mike’s request
B. Not more than two months after verifying Mike’s identity
C. When all the information about Mike has been collected
D. Not more than thirty days after submission of Mike’s request
View answer
Correct Answer: A
Question #4
According to the GDPR, how is pseudonymous personal data defined?
A. Data that can no longer be attributed to a specific data subject without the use of additional information kept separately
B. Data that can no longer be attributed to a specific data subject, with no possibility of re-identifying the data
C. Data that has been rendered anonymous in such a manner that the data subject is no longer identifiable
D. Data that has been encrypted or is subject to other technical safeguards
View answer
Correct Answer: C
Question #5
SCENARIO Please use the following to answer the next question: Liem, an online retailer known for its environmentally friendly shoes, has recently expanded its presence in Europe. Anxious to achieve market dominance, Liem teamed up with another eco friendly company, EcoMick, which sells accessories like belts and bags. Together the companies drew up a series of marketing campaigns designed to highlight the environmental and economic benefits of their products. After months of planning, Liem and EcoMick ente
A. Liem is a controller and EcoMick is a processor because Liem provides specific instructions regarding how the marketing campaigns should be rolled out
B. EcoMick and JaphSoft are is a controller and Liem is a processor because EcoMick is sharing its marketing data with Liem for contacts in Europe
C. JaphSoft is the sole processor because it processes personal data on behalf of its clients
D. Liem and EcoMick are joint controllers because they carry out joint marketing activities
View answer
Correct Answer: D
Question #6
Which of the following would MOST likely trigger the extraterritorial effect of the GDPR, as specified by Article 3?
A. The behavior of suspected terrorists being monitored by EU law enforcement bodies
B. Personal data of EU citizens being processed by a controller or processor based outside the EU
C. The behavior of EU citizens outside the EU being monitored by non-EU law enforcement bodies
D. Personal data of EU residents being processed by a non-EU business that targets EU customers
View answer
Correct Answer: D
Question #7
SCENARIO Please use the following to answer the next question: Joe started the Gummy Bear Company in 2000 from his home in Vermont, USA. Today, it is a multi-billion-dollar candy company operating in every continent. All of the company’s IT servers are located in Vermont. This year Joe hires his son Ben to join the company and head up Project Big, which is a major marketing strategy to triple gross revenue in just 5 years. Ben graduated with a PhD in computer software from a top university. Ben decided to j
A. New corporate governance and code of conduct
B. A data protection impact assessment
C. A comprehensive data inventory
D. Hiring a data protection officer
View answer
Correct Answer: D
Question #8
SCENARIO Please use the following to answer the next question: Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees are located there. The company offers its services to Canadians only: Its website is in English and French, it accepts only Canadian currency, and it blocks internet traffic from outside of Canada (although this solution doesn’t prevent all non-Canadian traffic). It also declines to proces
A. The company isn’t a controller established in the Union
B. The laptop belonged to a company located in Canada
C. The data isn’t considered personally identifiable financial information
D. There is no evidence that the thieves have accessed the data on the laptop
View answer
Correct Answer: B
Question #9
Which of the following describes a mandatory requirement for a group of undertakings that wants to appoint a single data protection officer?
A. The group of undertakings must obtain approval from a supervisory authority
B. The group of undertakings must be comprised of organizations of similar sizes and functions
C. The data protection officer must be located in the country where the data controller has its main establishment
D. The data protection officer must be easily accessible from each establishment where the undertakings are located
View answer
Correct Answer: A
Question #10
Based on GDPR Article 35, which of the following situations would trigger the need to complete a DPIA?
A. A company wants to combine location data with other data in order to offer more personalized service for the customer
B. A company wants to use location data to infer information on a person’s clothes purchasing habits
C. A company wants to build a dating app that creates candidate profiles based on location data and data from third-party sources
D. A company wants to use location data to track delivery trucks in order to make the routes more efficient
View answer
Correct Answer: D
Question #11
If a company chooses to ground an international data transfer on the contractual route, which of the following is NOT a valid set of standard contractual clauses?
A. Decision 2001/497/EC (EU controller to non-EU or EEA controller)
B. Decision 2004/915/EC (EU controller to non-EU or EEA controller)
C. Decision 2007/72/EC (EU processor to non-EU or EEA controller)
D. Decision 2010/87/EU (Non-EU or EEA processor from EU controller)
View answer
Correct Answer: C
Question #12
SCENARIO Please use the following to answer the next question: Anna and Frank both work at Granchester University. Anna is a lawyer responsible for data protection, while Frank is a lecturer in the engineering department. The University maintains a number of types of records: Student records, including names, student numbers, home addresses, pre-university information, university attendance and performance records, details of special educational needs and financial information. Staff records, including auto
A. More information about Frank’s data protection training
B. More information about the extent of the information loss
C. More information about the algorithm Frank used to mask student numbers
D. More information about what students have been told and how the research will be used
View answer
Correct Answer: D
Question #13
Bioface is a company based in the United States. It has no servers, personnel or assets in the European Union. By collecting photographs from social media and other web-based services, such as newspapers and blogs, it uses machine learning to develop a facial recognition algorithm. The algorithm identifies individuals in photographs who are not in its data set based the algorithm and its existing data. The service collects photographs of data subjects in the European Union and will identify them if presente
A. It collects data from European Union websites, which constitutes an establishment in the EuropeanUnion
B. It offers services in the European Union by identifying data subjects in the European Union
C. It collects data from subjects and uses it for automated processing
D. It monitors the behavior of data subjects in the European Union
View answer
Correct Answer: A
Question #14
SCENARIO Please use the following to answer the next question: T-Craze, a German-headquartered specialty t-shirt company, was successfully selling to large German metropolitan cities. However, after a recent merger with another German-based company that was selling to a broader European market, T-Craze revamped its marketing efforts to sell to a wider audience. These efforts included a complete redesign of its logo to reflect the recent merger, and improvements to its website meant to capture more informati
A. T-Craze has a French affiliate
B. The French affiliate procured the services of Right Target
C. T-Craze conducts its marketing and sales activities in France
D. The Spanish supervisory authority is providing a courtesy notification not required under the GDPR
View answer
Correct Answer: A
Question #15
In addition to the European Commission, who can adopt standard contractual clauses, assuming that all required conditions are met?
A. Approved data controllers
B. The Council of the European Union
C. National data protection authorities
D. The European Data Protection Supervisor
View answer
Correct Answer: C
Question #16
SCENARIO Please use the following to answer the next question: Louis, a long-time customer of Bedrock Insurance, was involved in a minor car accident a few months ago. Although no one was hurt, Louis has been plagued by texts and calls from a company called Accidentable offering to help him recover compensation for personal injury. Louis has heard about insurance companies selling customers’ data to third parties, and he’s convinced that Accidentable must have gotten his information from Bedrock Insurance.
A. Bedrock does not have a duty to transfer Louis’s data to Zantrum if doing so is legitimately not technically feasible
B. Bedrock does not have to transfer Louis’s data to Zantrum because the right to data portability does not apply where personal data are processed in order to carry out tasks in the public interest
C. Bedrock has failed to comply with the duty to transfer Louis’s data to Zantrum because the duty applies wherever personal data are processed by automated means and necessary for the performance of a contract with the customer
D. Bedrock has failed to comply with the duty to transfer Louis’s data to Zantrum because it has an obligation to develop commonly used, machine-readable and interoperable formats so that all customer data can be ported to other insurers on request
View answer
Correct Answer: A
Question #17
Which marketing-related activity is least likely to be covered by the provisions of Privacy and Electronic Communications Regulations (Directive 2002/58/EC)?
A. Advertisements passively displayed on a website
B. The use of cookies to collect data about an individual
C. A text message to individuals from a company offering concert tickets for sale
D. An email from a retail outlet promoting a sale to one of their previous customer
View answer
Correct Answer: D
Question #18
Which of the following is NOT recognized as being a common characteristic of cloud-computing services?
A. The service’s infrastructure is shared among the supplier’s customers and can be located in a number of countries
B. The supplier determines the location, security measures, and service standards applicable to the processing
C. The supplier allows customer data to be transferred around the infrastructure according to capacity
D. The supplier assumes the vendor’s business risk associated with data processed by the supplier
View answer
Correct Answer: D
Question #19
What is the most frequently used mechanism for legitimizing cross-border data transfer?
A. Standard Contractual Clauses
B. Approved Code of Conduct
C. Binding Corporate Rules
D. Derogations
View answer
Correct Answer: B

View The Updated IAPP Exam Questions

SPOTO Provides 100% Real IAPP Exam Questions for You to Pass Your IAPP Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: