CIPP-E Free Practice Test

A U.S. company’s website sells widgets. Which of the following factors would NOT in itself subject the company to the GDPR?

1. A. The widgets are offered in EU and priced in euro.
2. B. The website is in English and French, and is accessible in France.
3. C. An affiliate office is located in France but the processing is in the U.S.
4. D. The website places cookies to monitor the EU website user behavior.

Correct Answer: B

According to the GDPR, what is the main task of a Data Protection Officer (DPO)?

1. A. To create and maintain records of processing activities.
2. B. To conduct Privacy Impact Assessments on behalf of the controller or processor.
3. C. To monitor compliance with other local or European data protection provisions.
4. D. To create procedures for notification of personal data breaches to competent supervisory authorities.

Correct Answer: B

Which of the following would most likely NOT be covered by the definition of “personal data” under the GDPR?

1. A. The payment card number of a Dutch citizen
2. B. The U.
3. C. social security number of an American citizen living in France
4. D. The unlinked aggregated data used for statistical purposes by an Italian company
5. E. The identification number of a German candidate for a professional examination in Germany

Correct Answer: D

What is true of both the General Data Protection Regulation (GDPR) and the Council of Europe Convention 108?

1. A. Both govern international transfers of personal data
2. B. Both govern the manual processing of personal data
3. C. Both only apply to European Union countries
4. D. Both require notification of processing activities to a supervisory authority

Correct Answer: D

After leaving the EU under the terms of Brexit, the United Kingdom will seek an adequacy determination. What is the reason for this?

1. A. The Insurance Commissioner determined that an adequacy determination is required by the Data Protection Act.
2. B. Adequacy determinations automatically lapse when a Member State leaves the EU.
3. C. The UK is now a third country because it’s no longer subject to the GDPR.
4. D. The UK is less trustworthy now that its not part of the Union.

Correct Answer: C