DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Prepare for CIPP Exams Questions & Study Materials, Certified International Purchasing Professional | SPOTO

Prepare thoroughly for your CIPP Exams with SPOTO's comprehensive collection of Questions & Study Materials. Our resources encompass a wide array of exam preparation tools including practice tests, free tests, online exam questions, sample questions, and exam dumps. With our mock exams, you can simulate the test environment and evaluate your readiness effectively. The Certified Information Privacy Professional/Europe (CIPP/E) certification demands a solid understanding of European privacy laws, regulations, and the legal intricacies involved in transferring sensitive personal data across borders. SPOTO's exam materials are meticulously designed to equip you with the knowledge and expertise required to excel in this certification. Utilize our latest practice tests to enhance your preparation and increase your chances of success in passing the certification exam. Trust SPOTO as your ultimate partner in achieving your goal of becoming a Certified International Purchasing Professional.

Take other online exams

Question #1
An organization receives a request multiple times from a data subject seeking to exercise his rights with respect to his own personal data. Under what condition can the organization charge the data subject a fee for processing the request?
A. Only where the organization can show that it is reasonable to do so because more than one request was made
B. Only to the extent this is allowed under the restrictions on data subjects’ rights introduced under Art 23 of GDPR
C. Only where the administrative costs of taking the action requested exceeds a certain threshold
D. Only if the organization can demonstrate that the request is clearly excessive or misguided
View answer
Correct Answer: B

View The Updated CIPP Exam Questions

SPOTO Provides 100% Real CIPP Exam Questions for You to Pass Your CIPP Exam!

Question #2
SCENARIO Please use the following to answer the next question: Dynaroux Fashion (‘Dynaroux’) is a successful international online clothing retailer that employs approximately 650 people at its headquarters based in Dublin, Ireland. Ronan is their recently appointed data protection officer, who oversees the company’s compliance with the General Data Protection Regulation (GDPR) and other privacy legislation. The company offers both male and female clothing lines across all age demographics, including childre
A. The company will be undertaking processing activities involving sensitive data categories such as financial and children’s data
B. The company employs approximately 650 people and will therefore be carrying out extensive processing activities
C. The company plans to undertake profiling of its customers through analysis of their purchasing patterns
D. The company intends to shift their business model to rely more heavily on online shopping
View answer
Correct Answer: B
Question #3
A grade school is planning to use facial recognition to track student attendance. Which of the following may provide a lawful basis for this processing?
A. The school places a notice near each camera
B. The school gets explicit consent from the students
C. Processing is necessary for the legitimate interests pursed by the school
D. A state law requires facial recognition to verify attendance
View answer
Correct Answer: A
Question #4
In which of the following cases, cited as an example by a WP29 guidance, would conducting a single data protection impact assessment to address multiple processing operations be allowed?
A. A medical organization that wants to begin genetic testing to support earlier research for which they have performed a DPIA
B. A data controller who plans to use a new technology product that has already undergone a DPIA by the product’s provider
C. A marketing team that wants to collect mailing addresses of customers for whom they already have email addresses
D. A railway operator who plans to evaluate the same video surveillance in all the train stations of his company
View answer
Correct Answer: C
Question #5
How does the GDPR now define “processing”?
A. Any act involving the collecting and recording of personal data
B. Any operation or set of operations performed on personal data or on sets of personal data
C. Any use or disclosure of personal data compatible with the purpose for which the data was collected
D. Any operation or set of operations performed by automated means on personal data or on sets of personal data
View answer
Correct Answer: D
Question #6
SCENARIO Please use the following to answer the next question: Anna and Frank both work at Granchester University. Anna is a lawyer responsible for data protection, while Frank is a lecturer in the engineering department. The University maintains a number of types of records: Student records, including names, student numbers, home addresses, pre-university information, university attendance and performance records, details of special educational needs and financial information. Staff records, including auto
A. The data subjects are no longer current students of Frank’s
B. The processing will not negatively affect the rights of the data subjects
C. The algorithms that Frank uses for the processing are technologically sound
D. The data subjects gave their unambiguous consent for the original processing
View answer
Correct Answer: A
Question #7
SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular t
A. The NFC portal can read any data stored in the action figures
B. The information about the data processing involved has not been specified
C. The cloud service provider is in a country that has not been deemed adequate
D. The RFID tag in the action figures has the potential for misuse because of the toy’s evolving capabilities
View answer
Correct Answer: C
Question #8
Which area of privacy is a lead supervisory authority’s (LSA) MAIN concern?
A. Data subject rights
B. Data access disputes
C. Cross-border processing
D. Special categories of data
View answer
Correct Answer: C
Question #9
A well-known video production company, based in Spain but specializing in documentaries filmed worldwide, has just finished recording several hours of footage featuring senior citizens in the streets of Madrid. Under what condition would the company NOT be required to obtain the consent of everyone whose image they use for their documentary?
A. If obtaining consent is deemed to involve disproportionate effort
B. If obtaining consent is deemed voluntary by local legislation
C. If the company limits the footage to data subjects solely of legal age
D. If the company’s status as a documentary provider allows it to claim legitimate interest
View answer
Correct Answer: C
Question #10
Which of the following is NOT considered a fair processing practice in relation to the transparency principle?
A. Providing a multi-layered privacy notice, in a website environment
B. Providing a QR code linking to more detailed privacy notice, in a CCTV sign
C. Providing a hyperlink to the organization’s home page, in a hard copy application form
D. Providing a “just-in-time” contextual pop-up privacy notice, in an online application from field
View answer
Correct Answer: A
Question #11
Under the Data Protection Law Enforcement Directive of the EU, a government can carry out covert investigations involving personal data, as long it is set forth by law and constitutes a measure that is both necessary and what?
A. Prudent
B. Important
C. Proportionate
D. DPA-approved
View answer
Correct Answer: A
Question #12
Which of the following would require designating a data protection officer?
A. Processing is carried out by an organization employing 250 persons or more
B. Processing is carried out for the purpose of providing for-profit goods or services to individuals in the EU
C. The core activities of the controller or processor consist of processing operations of financial information or information relating to children
D. The core activities of the controller or processor consist of processing operations that require systematic monitoring of data subjects on a large scale
View answer
Correct Answer: D
Question #13
SCENARIO Please use the following to answer the next question: The fitness company Vigotron has recently developed a new app called M-Health, which it wants to market on its website as a free download. Vigotron’s marketing manager asks his assistant Emily to create a webpage that describes the app and specifies the terms of use. Emily, who is new at Vigotron, is excited about this task. At her previous job she took a data protection class, and though the details are a little hazy, she recognizes that Vigotr
A. It is not legal to include fields requiring information regarding health status without consent
B. Processing health data requires explicit consent, but the form does not ask for explicit consent
C. Direct marketing requires explicit consent, whereas the registration form only provides for a right to object
D. The provision of the fitness app should be made conditional on the consent to the data processing for direct marketing
View answer
Correct Answer: A
Question #14
To receive a preliminary interpretation on provisions of the GDPR, a national court will refer its case to which of the following?
A. The Court of Justice of the European Union
B. The European Data Protection Supervisor
C. The European Court of Human Rights
D. The European Data Protection Board
View answer
Correct Answer: B
Question #15
SCENARIO Please use the following to answer the next question: The fitness company Vigotron has recently developed a new app called M-Health, which it wants to market on its website as a free download. Vigotron’s marketing manager asks his assistant Emily to create a webpage that describes the app and specifies the terms of use. Emily, who is new at Vigotron, is excited about this task. At her previous job she took a data protection class, and though the details are a little hazy, she recognizes that Vigotr
A. Provide the user with logs of data collected through use of the app
B. Erase any data collected from the time the app was first used
C. Inform any third parties of the user’s withdrawal of consent
D. Cease processing any data collected through use of the app
View answer
Correct Answer: B
Question #16
Which GDPR principle would a Spanish employer most likely depend upon to annually send the personal data of its employees to the national tax authority?
A. The consent of the employees
B. The legal obligation of the employer
C. The legitimate interest of the public administration
D. The protection of the vital interest of the employees
View answer
Correct Answer: D
Question #17
SCENARIO Please use the following to answer the next question: BHealthy, a company based in Italy, is ready to launch a new line of natural products, with a focus on sunscreen. The last step prior to product launch is for BHealthy to conduct research to decide how extensively to market its new line of sunscreens across Europe. To do so, BHealthy teamed up with Natural Insight, a company specializing in determining pricing for natural products. BHealthy decided to share its existing customer information – na
A. If Natural Insight uses BHealthy’s data for improving price point predictions only for BHealthy
B. If Natural Insight receives express contractual instructions from BHealthy to use its data for improving its algorithms
C. If Natural Insight agrees to be fully liable for its use of BHealthy’s customer information in its product improvement activities
D. If Natural Insight satisfies the transparency requirement by notifying BHealthy’s customers of its plans to use their information for its product improvement activities
View answer
Correct Answer: A

View The Updated IAPP Exam Questions

SPOTO Provides 100% Real IAPP Exam Questions for You to Pass Your IAPP Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: