Certified Information Privacy Professional/Europe (CIPP/E) Exam (CIPP) - IAPP Actual Exam Questions
Last updated on May 02, 2026
Company X has entrusted the processing of their payroll data to Provider
The public
Company X
Law enforcement
The supervisory authority
Provider Y stores this encrypted data on its server. The IT department of Provider Y finds out that someone managed to hack into the system and take a copy of the data from its server. In this scenario, whom does Provider Y have the obligation to notify?
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Which kind of privacy notice, originally advocated by the Article 29 Working Party, is commonly recommended tor Al-based technologies because of the way it provides processing information at specific points of data collection?
Privacy dashboard notice
Visualization notice.
Just-in-lime notice.
Layered notice.
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
In 2016’s Guidance, the United Kingdom’s Information Commissioner’s Office (ICO) reaffirmed the importance of using a “layered notice” to provide data subjects with what?
A privacy notice containing brief information whilst offering access to further detail.
A privacy notice explaining the consequences for opting out of the use of cookies on a website.
An explanation of the security measures used when personal data is transferred to a third party.
An efficient means of providing written consent in member states where they are required to do so.
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
In which of the following cases would an organization MOST LIKELY be required to follow both ePrivacy and data protection rules?
When creating an untargeted pop-up ad on a website.
When calling a potential customer to notify her of an upcoming product sale.
When emailing a customer to announce that his recent order should arrive earlier than expected.
When paying a search engine company to give prominence to certain products and services within specific search results.
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
According to the GDPR, when should the processing of photographs be considered processing of special categories of personal data?
When processed with the intent to publish information regarding a natural person on publicly accessible media.
When processed with the intent to proceed to scientific or historical research projects.
When processed with the intent to uniquely identify or authenticate a natural person.
When processed with the intent to comply with a law.
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Finish Practice?
Are you sure you want to finish? This will end your practice session.