CIPP-E Free Practice Test

The GDPR requires controllers to supply data subjects with detailed information about the processing of their data. Where a controller obtains data directly from data subjects, which of the following items of information does NOT legally have to be supplied?

1. A. The recipients or categories of recipients.
2. B. The categories of personal data concerned.
3. C. The rights of access, erasure, restriction, and portability.
4. D. The right to lodge a complaint with a supervisory authority.

Correct Answer: B

Which of the following would NOT be relevant when determining if a processing activity would be considered profiling?

1. A. If the processing is to be performed by a third-party vendor
2. B. If the processing involves data that is considered personal data
3. C. If the processing of the data is done through automated means
4. D. If the processing is used to predict the behavior of data subjects

Correct Answer: D

WP29’s “Guidelines on Personal data breach notification under Regulation 2016/679’’ provides examples of ways to communicate data breaches transparently. Which of the following was listed as a method that would NOT be effective for communicating a breach to data subjects?

1. A. A postal notification
2. B. A direct electronic message
3. C. A notice on a corporate blog
4. D. A prominent advertisement in print media

Correct Answer: C

In the event of a data breach, which type of information are data controllers NOT required to provide to either the supervisory authorities or the data subjects?

1. A. The predicted consequences of the breach.
2. B. The measures being taken to address the breach.
3. C. The type of security safeguards used to protect the data.
4. D. The contact details of the appropriate data protection officer.

Correct Answer: D

In 2016’s Guidance, the United Kingdom’s Information Commissioner’s Office (ICO) reaffirmed the importance of using a “layered notice” to provide data subjects with what?

1. A. A privacy notice containing brief information whilst offering access to further detail.
2. B. A privacy notice explaining the consequences for opting out of the use of cookies on a website.
3. C. An explanation of the security measures used when personal data is transferred to a third party.
4. D. An efficient means of providing written consent in member states where they are required to do so.

Correct Answer: A