DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Prepare Efficiently CIPP Exam Questions, Certified International Purchasing Professional | SPOTO

Prepare efficiently for your CIPP Exam Questions with SPOTO's comprehensive resources for Certified International Purchasing Professionals. Our array of study materials includes practice tests, free tests, online exam questions, sample questions, and exam dumps, meticulously designed to enhance your exam preparation experience. With our mock exams, you can simulate the test environment and assess your readiness effectively. The Certified Information Privacy Professional/Europe (CIPP/E) certification necessitates a robust understanding of European privacy laws, regulations, and the legal intricacies surrounding the transfer of sensitive personal data across borders. SPOTO's exam materials are tailored to equip you with the knowledge and expertise necessary to excel in this certification. Utilize our latest practice tests to optimize your preparation and increase your chances of passing the certification exam with confidence. Trust SPOTO as your ultimate partner in achieving success in your certification journey.
Take other online exams

Question #1
SCENARIO – Please use the following to answer the next question: Zoe is the new Compliance Manager for the Star Hotel Group, which has five hotels across Hong Kong and China. On her first day, she does an inspection of the largest property, StarOne. She starts with the hotel reception desk. Zoe sees the front desk assistant logging in to a database as he is checking in a guest. The hotel manager, Bernard, tells her that all guest data, including passport numbers, credit card numbers, home address, mobile nu
A. Zoe must immediately notify all guests, the police and the Privacy Commissioner of the breach
B. Zoe does not need to do anything as there is no mandatory breach notification requirement in Hong Kong
C. Zoe must report the breach to the Privacy Commissioner and make an action plan together with the Commissioner
D. Zoe should consider if there is a real risk of harm to the guests and take appropriate action based on her assessment
View answer
Correct Answer: B

View The Updated CIPP Exam Questions

SPOTO Provides 100% Real CIPP Exam Questions for You to Pass Your CIPP Exam!

Question #2
SCENARIO – Please use the following to answer the next question: Zoe is the new Compliance Manager for the Star Hotel Group, which has five hotels across Hong Kong and China. On her first day, she does an inspection of the largest property, StarOne. She starts with the hotel reception desk. Zoe sees the front desk assistant logging in to a database as he is checking in a guest. The hotel manager, Bernard, tells her that all guest data, including passport numbers, credit card numbers, home address, mobile nu
A. Decline to turn over the footage as it is not a valid data access request
B. Provide a copy of the footage within 40 days as it is a data access request
C. Provide a copy of the footage to the lawyer under the exemption for legal professional privilege
D. Decline to turn over the footage as there is no basis for it to be disclosed under the exemption for prevention or detection of crime
View answer
Correct Answer: C
Question #3
All of the following common law torts are relevant to employee privacy under US law EXCEPT?
A. Infliction of emotional distress
B. Intrusion upon seclusion
C. Defamation
D. Conversion
View answer
Correct Answer: B
Question #4
SCENARIO – Please use the following to answer the next question: Fitness For Everyone ("FFE") is a gym on Hong Kong Island that is affiliated with a network of gyms throughout Southeast Asia. When prospective members of the gym stop in, call in or submit an inquiry online, they are invited for a free trial session. At first, the gym asks prospective clients only for basic information: a full name, contact number, age and their Hong Kong ID number, so that FFE's senior trainer Kelvin can reach them to arrang
A. FFE's collection of full name from prospective clients
B. FFE affiliates' receipt of Stephen's contact information
C. FFE's collection of age and HKID from prospective clients
D. FFE's collection of Stephen's messenger cell details through Kelvin
View answer
Correct Answer: D
Question #5
SCENARIO – Please use the following to answer the next question: B-Star Limited is a Singapore based construction company with many foreign construction workers. B-Star's HR team maintains two databases. One (the "simple database") contains basic details from a standard in-processing form such as name, local address and mobile number. The other database (the "sensitive database") contains information collected by the HR Department as part of Annual Review Interviews. With the workers' cooperation, this data
A. Yes, because Carl gave his consent for his sensitive personal data to be collected during his employment
B. No, an organization is not allowed to use sensitive personal data without an individual's consent unless absolutely necessary
C. No, because the research is taking place after Carl has left B-Star's employment
D. Yes, if the research is deemed to be in the public interest
View answer
Correct Answer: B
Question #6
Which federal act does NOT contain provisions for preempting stricter state laws?
A. The CAN-SPAM Act
B. The Children’s Online Privacy Protection Act (COPPA)
C. The Fair and Accurate Credit Transactions Act (FACTA)
D. The Telemarketing Consumer Protection and Fraud Prevention Act
View answer
Correct Answer: D
Question #7
Which of the following is commonly required for an entity to be subject to breach notification requirements under most state laws?
A. The entity must conduct business in the state
B. The entity must have employees in the state
C. The entity must be registered in the state
D. The entity must be an information broker
View answer
Correct Answer: A
Question #8
SCENARIO – Please use the following to answer the next question: Fitness For Everyone ("FFE") is a gym on Hong Kong Island that is affiliated with a network of gyms throughout Southeast Asia. When prospective members of the gym stop in, call in or submit an inquiry online, they are invited for a free trial session. At first, the gym asks prospective clients only for basic information: a full name, contact number, age and their Hong Kong ID number, so that FFE's senior trainer Kelvin can reach them to arrang
A. From the FFE retention department, offering a special discount for reactivating membership
B. From health care services provided by Hong Kong's Hospital Authority or Department of Health
C. From an FFE affiliate that provides a mechanism to opt out of further communications by reply-texting "OO
D. From an FFE affiliate in the region Stephen was transferred to, offering services similar to those he purchased previously
View answer
Correct Answer: B
Question #9
SCENARIO – Please use the following to answer the next question: Delilah is seeking employment in the marketing department of Good Mining Private Limited, an industry leader in drilling mines in Singapore. Delilah, while filling in the standard paper application form, is asked to provide details about emergency contacts, medical history, blood type and her insurance policy. These fields need to be filled in no matter which department Delilah applies to. The form also asks Delilah to expressly consent to the
A. Because Delilah "consented" to her business contact information being used by Good Mining by passing it to Evan voluntarily
B. Because any business contact information can be freely used, collected or disclosed by Good Mining
C. Because Good Mining does not export the information to a cloud vendor
D. Because Delilah initiated the relationship with Good Mining
View answer
Correct Answer: C
Question #10
In what way are Hong Kong citizens protected from direct marketing in ways that India and Singapore citizens are not?
A. Subscribers must have explicitly indicated that they did not object to their data being collected and used for marketing purposes
B. Subscribers can opt out of the use of their data for marketing purposes after collection by withdrawing consent
C. Data subjects must be notified on a website if their data is being used for marketing purposes
D. Data subjects are protected from the secondary use of personal data for marketing purposes
View answer
Correct Answer: A
Question #11
California’s SB 1386 was the first law of its type in the United States to do what?
A. Require commercial entities to disclose a security data breach concerning personal information about the state’s residents
B. Require notification of non-California residents of a breach that occurred in California
C. Require encryption of sensitive information stored on servers that are Internet connected
D. Require state attorney general enforcement of federal regulations against unfair and deceptive trade practices
View answer
Correct Answer: A
Question #12
Hong Kong's definition of a data user in the original PDPO applies to all of the following EXCEPT?
A. Trust corporations
B. Third-party processors
C. Private sector organizations
View answer
Correct Answer: D
Question #13
In the Asia-Pacific Economic Cooperation (APEC) Privacy Framework, what exception is allowed to the Access and Correction principle?
A. Paper-based records
B. Publicly-available information
C. Foreign intelligence
D. Unreasonable expense
View answer
Correct Answer: B
Question #14
Increases in which of the following were a major reason for the enactment of Hong Kong's Amendment Ordinance in 2012?
A. Direct marketing practices
B. Law enforcement requests
C. Biometric authentication
D. Data breach reports
View answer
Correct Answer: A
Question #15
What type of material is exempt from an individual’s right to disclosure under the Privacy Act?
A. Material requires by statute to be maintained and used solely for research purposes
B. Material reporting investigative efforts to prevent unlawful persecution of an individual
C. Material used to determine potential collaboration with foreign governments in negotiation of trade deals
D. Material reporting investigative efforts pertaining to the enforcement of criminal law
View answer
Correct Answer: C
Question #16
SCENARIO – Please use the following to answer the next question: Singabank is a boutique bank in Singapore. After being notified during the hiring process, Singabank employees are subject to constant and thorough monitoring and tracking through CCTV cameras, computer monitoring software and keyboard loggers. Singabank does this to ensure its employees are complying with Singabank's data security policy. Bigbank is now considering acquiring Singabank's retail banking division. As part of its due diligence, B
A. If the employees did not explicitly consent to it
B. If the bank's data security policy was being overhauled
C. If the bank collected employees' sensitive personal information
D. If the employees were not provided contact information to ask questions about the monitoring
View answer
Correct Answer: D
Question #17
In which of the following cases would a Singaporean be prevented from accessing information about herself from an organization?
A. The information was collected in the previous 12 months
B. The information is related to an individual's credit rating
C. The cost of providing the information proved to be unreasonable
D. Any personal information about others has been deleted from the document
View answer
Correct Answer: A
Question #18
SCENARIO – Please use the following to answer the next question: Singabank is a boutique bank in Singapore. After being notified during the hiring process, Singabank employees are subject to constant and thorough monitoring and tracking through CCTV cameras, computer monitoring software and keyboard loggers. Singabank does this to ensure its employees are complying with Singabank's data security policy. Bigbank is now considering acquiring Singabank's retail banking division. As part of its due diligence, B
A. No, because Jimmy is not in the division that Bigbank seeks to acquire
B. No, because the data was collected for the express purpose of complying with Singabank's privacy policies
C. Yes, if Singabank informs Jimmy of the disclosure of his personal data before it occurs
D. Yes, if Jimmy's personal data is necessary for Bigbank to determine whether to proceed with the acquisition
View answer
Correct Answer: B
Question #19
What is the most likely reason that states have adopted their own data breach notification laws?
A. Many states have unique types of businesses that require specific legislation
B. Many lawmakers believe that federal enforcement of current laws has not been effective
C. Many types of organizations are not currently subject to federal laws regarding breaches
D. Many large businesses have intentionally breached the personal information of their customers
View answer
Correct Answer: B
Question #20
SCENARIO – Please use the following to answer the next question: Fitness For Everyone ("FFE") is a gym on Hong Kong Island that is affiliated with a network of gyms throughout Southeast Asia. When prospective members of the gym stop in, call in or submit an inquiry online, they are invited for a free trial session. At first, the gym asks prospective clients only for basic information: a full name, contact number, age and their Hong Kong ID number, so that FFE's senior trainer Kelvin can reach them to arrang
A. Retain the data of members who have been suspended for non-payment, in the event that the data is needed to seek compensation in a court of law
B. Retain all member data and documents in original form for two years after account termination, to better inform marketing efforts focused on re-activating accounts of former customers
C. Retain an anonymous data set after account termination indicating dates of membership, age, and other statistical data, to be included in aggregate reports about gym membership trends
D. Retain copies of files of customers who utilized personal trainer services for six months after account termination, to allow trainers to respond to inquiries from personal physicians about training-related injuries
View answer
Correct Answer: C
Question #21
Which of the following principles of the OECD guidelines and Council of European Convention principles does Singapore's PDPA incorporate?
A. Disclosures to third parties included in access requests
B. Additional protections for sensitive personal data
C. The ability to opt-out from direct marketing
D. The right of deletion of data on request
View answer
Correct Answer: D
Question #22
Global Manufacturing Co’s Human Resources department recently purchased a new software tool. This tool helps evaluate future candidates for executive roles by scanning emails to see what those candidates say and what is said about them. This provides the HR department with an automated “360 review” that lets them know how the candidate thinks and operates, what their peers and direct reports say about them, and how well they interact with each other. What is the most important step for the Human Resources D
A. Making sure that the software does not unintentionally discriminate against protected groups
B. Ensuring that the software contains a privacy notice explaining that employees have no right to privacy as long as they are running this software on organization systems to scan email systems
C. Confirming that employees have read and signed the employee handbook where they have been advised that they have no right to privacy as long as they are using the organization’s systems, regardless of the protected group or laws enforced by EEOC
D. Providing notice to employees that their emails will be scanned by the software and creating automated profiles
View answer
Correct Answer: A
Question #23
SCENARIO – Please use the following to answer the next question: Fitness For Everyone ("FFE") is a gym on Hong Kong Island that is affiliated with a network of gyms throughout Southeast Asia. When prospective members of the gym stop in, call in or submit an inquiry online, they are invited for a free trial session. At first, the gym asks prospective clients only for basic information: a full name, contact number, age and their Hong Kong ID number, so that FFE's senior trainer Kelvin can reach them to arrang
A. No penalty, as FFE and the new employer are the responsible parties
B. Violation of the terms of his employment agreement
C. A maximum $500,000 HKD fine
D. Up to five years imprisonment
View answer
Correct Answer: C
Question #24
How can the privacy principles issued in 1980 by the Organisation for Economic Cooperation and Development (OECD) be defined?
A. Guidelines governing the protection of privacy and trans-border data flows issued in collaboration with the Federal Trade Commission
B. Guidelines governing the protection of privacy and trans-border data flows of personal data in states that are members
C. Mandatory rules governing the protection of privacy and trans-border data flows within the European Union
D. Mandatory rules governing the protection of privacy and trans-border data flows among binding member states
View answer
Correct Answer: B
Question #25
SCENARIO – Please use the following to answer the next question: Delilah is seeking employment in the marketing department of Good Mining Private Limited, an industry leader in drilling mines in Singapore. Delilah, while filling in the standard paper application form, is asked to provide details about emergency contacts, medical history, blood type and her insurance policy. These fields need to be filled in no matter which department Delilah applies to. The form also asks Delilah to expressly consent to the
A. It is not available in an electronic format
B. It does not contain the contact information for the HR manager
C. It asks for Delilah's consent to use and disclose her personal data
D. It asks for details that are not relevant to the job Delilah is applying for
View answer
Correct Answer: B
Question #26
Hong Kong's Personal Data (Privacy) Ordinance (PDPO) was primarily inspired by which of the following?
A. Asia's APEC Privacy Framework
B. Macau's Personal Data Protection Act
C. South Korea's Public Agency Data Protection Act
D. Europe's Data Protection Directive (Directive 95/46/EC)
View answer
Correct Answer: D
Question #27
John, a California resident, receives notification that a major corporation with $500 million in annual revenue has experienced a data breach. John’s personal information in their possession has been stolen, including his full name and social security numb. John also learns that the corporation did not have reasonable cybersecurity measures in place to safeguard his personal information. Which of the following answers most accurately reflects John’s ability to pursue a legal claim against the corporation un
A. John has no right to sue the corporation because the CCPA does not address any data breach rights
B. John cannot sue the corporation for the data breach because only the state’s Attoney General has authority to file suit under the CCPA
C. John can sue the corporation for the data breach but only to recover monetary damages he actually suffered as a result of the data breach
D. John can sue the corporation for the data breach to recover monetary damages suffered as a result of the data breach, and in some circumstances seek statutory damages irrespective of whether he suffered any financial harm
View answer
Correct Answer: C
Question #28
Which of the following best describes the ASIA-Pacific Economic Cooperation (APEC) principles?
A. A bill of rights for individuals seeking access to their personal information
B. A code of responsibilities for medical establishments to uphold privacy laws
C. An international court ruling on personal information held in the commercial sector
D. A baseline of marketers’ minimum responsibilities for providing opt-out mechanisms
View answer
Correct Answer: A
Question #29
Federal laws establish which of the following requirements for collecting personal information of minors under the age of 13?
A. Implied consent from a minor’s parent or guardian, or affirmative consent from the minor
B. Affirmative consent from a minor’s parent or guardian before collecting the minor’s personal information online
C. Implied consent from a minor’s parent or guardian before collecting a minor’s personal information online, such as when they permit the minor to use the internet
D. Affirmative consent of a parent or guardian before collecting personal information of a minor offline (e
View answer
Correct Answer: B
Question #30
Hong Kong's New Guidance on Direct Marketing clarified that direct marketing rules under the new regime do NOT apply if what condition exists?
A. The data subject’s personal data is collected from public registers or third parties
B. The products or services are being offered by the organization's parent company
C. The data subject has already given consent for other services offered by the company
D. The products or services are being offered for the exclusive use of an individual's organization
View answer
Correct Answer: A
Question #31
SCENARIO – Please use the following to answer the next question: Zoe is the new Compliance Manager for the Star Hotel Group, which has five hotels across Hong Kong and China. On her first day, she does an inspection of the largest property, StarOne. She starts with the hotel reception desk. Zoe sees the front desk assistant logging in to a database as he is checking in a guest. The hotel manager, Bernard, tells her that all guest data, including passport numbers, credit card numbers, home address, mobile nu
A. Inform the staff that Relax Ltd can transfer the data to StarOne given they are in the same premises and guests would reasonably expect that
B. Inform the staff that Relax Ltd should not transfer the data to StarOne without a privacy notice identifying StarOne as a class of transferee
C. Inform the staff that Relax Ltd should not transfer the data to StarOne without the guest's opt-in consent to do so
D. Inform the staff that Relax Ltd can transfer the data as Section 33 is not in force
View answer
Correct Answer: B
Question #32
SCENARIO – Please use the following to answer the next question: Zoe is the new Compliance Manager for the Star Hotel Group, which has five hotels across Hong Kong and China. On her first day, she does an inspection of the largest property, StarOne. She starts with the hotel reception desk. Zoe sees the front desk assistant logging in to a database as he is checking in a guest. The hotel manager, Bernard, tells her that all guest data, including passport numbers, credit card numbers, home address, mobile nu
A. Consent of the guest in writing to the transfer
B. Amending StarOne's privacy policy to refer to the transfer
C. Putting in place Model Clauses between the relevant entities
D. China being included as a "White List" country for data transfer
View answer
Correct Answer: C
Question #33
What term is defined by the European Commission to mean any data that relates to an identified or identifiable individual?
A. Personally identifiable information
B. Sensitive information
C. Personal data
D. Identified data
View answer
Correct Answer: B

View The Updated IAPP Exam Questions

SPOTO Provides 100% Real IAPP Exam Questions for You to Pass Your IAPP Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: