IAPP CIPP E
Q: 1
In the event of a data breach, which type of information are data controllers NOT required to provide
to either the supervisory authorities or the data subjects?
Options
Q: 2
Which sentence best describes proper compliance for an international organization using Binding
Corporate Rules (BCRs) as a controller or processor?
Options
Q: 3
A mobile device application that uses cookies will be subject to the consent requirement of which of
the
following?
Options
Q: 4
What is the MAIN reason GDPR Article 4(22) establishes the concept of the “concerned supervisory
authority”?
Options
Q: 5
Which of the following countries will continue to enjoy adequacy status under the GDPR, pending
any future European Commission decision to the contrary?
Options
Q: 6
Under Article 9 of the GDPR, which of the following categories of data is NOT expressly prohibited
from data processing?
Options
Q: 7
Based on GDPR Article 35, which of the following situations would trigger the need to complete a
DPIA?
Options
Q: 8
What was the aim of the European Data Protection Directive 95/46/EC?
Options
Q: 9
Under Article 30 of the GDPR, controllers are required to keep records of all of the following EXCEPT?
Options
Q: 10
According to Article 14 of the GDPR, how long does a controller have to provide a data subject with
necessary privacy information, if that subject’s personal data has been obtained from other sources?
Options
Question 1 of 10
