CIPM Free Practice Test

What is one obligation that the General Data Protection Regulation (GDPR) imposes on data processors?

1. A. To honor all data access requests from data subjects.
2. B. To inform data subjects about the identity and contact details of the controller.
3. C. To implement appropriate technical and organizational measures that ensure an appropriate level of security.
4. D. To carry out data protection impact assessments in cases where processing is likely to result in high risk to the rights and freedoms of individuals.

Correct Answer: D

What is the main function of the Asia-Pacific Economic Cooperation Privacy Framework?

1. A. Enabling regional data transfers.
2. B. Protecting data from parties outside the region.
3. C. Establishing legal requirements for privacy protection in the region.
4. D. Marketing privacy protection technologies developed in the region.

Correct Answer: A

An organization's business continuity plan or disaster recovery plan does NOT typically include what?

1. A. Recovery time objectives.
2. B. Emergency response guidelines.
3. C. Statement of organizational responsibilities.
4. D. Retention schedule for storage and destruction of information.

Correct Answer: D

What is the key factor that lays the foundation for all other elements of a privacy program?

1. A. The applicable privacy regulations
2. B. The structure of a privacy team
3. C. A privacy mission statement
4. D. A responsible internal stakeholder

Correct Answer: A

In privacy protection, what is a "covered entity"?

1. A. Personal data collected by a privacy organization.
2. B. An organization subject to the privacy provisions of HIPAA.
3. C. A privacy office or team fully responsible for protecting personal information.
4. D. Hidden gaps in privacy protection that may go unnoticed without expert analysis.

Correct Answer: B