CIPP/E Exam 132 Questions and
Answers | Complete Review with
Detailed Rationales | Grade A+
• How many member states in the European Union? -✓✓28 member states
• What is the European Economic Area composed of? -✓✓EU member states +
Iceland + Liechtenstien + Norway
• What are the key characteristics of the Data Protection Directive? -✓✓- Places
obligations on member states
- Is transposed into 28 national laws in the EU
- Differs across member states
- Formed the Article 29 Working Party
• In what ways is the GDPR different from the Data Protection Directive? -✓✓The
GDPR:
- is directly applicable and enforceable as law
- provides one set of data protection rules for all
- allows member states a degree of tailoring
- forms the European Data Protection Board (EDPB)
• What are the special categories of personal data? -✓✓- racial origin
- ethic origin
- political opinions
- religious beliefs
,- philosophical beliefs
- trade-union membership
- genetic data
- biometric data
- health data
- sex life
- sexual orientation
(- criminal convictions and offences can only be processed by authorities with
safeguards)
• What is a supervisory authority? -✓✓A Data Protection Authority (DPA) - an
entity appointed to enforce privacy or data protection laws and regulation in a
particular jurisdiction.
• What is the definition of data processing? -✓✓Any operation or set of operations
which is performed on personal data or on sets of personal data, whether or not by
automated means.
• What are the GDPR data processing principles? -✓✓- Lawfulness, fairness, and
transparency of processing
- Purpose limitation
- Data minimization and proportionality
- Data quality and accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
, • What are the two types of scope needed for the GDPR to apply? -✓✓- territorial
scope
- material scope
• When is territorial scope satisfied? -✓✓GDPR applies if a controller or
processor:
(1) is established in the EU,
(2) offers goods or services to EU residents,
(3) monitors behavior of EU residents,
(4) is outside the EU, but EU member state law applies
Companies without presence in the EU need to comply!
• What is outside the material scope of the GDPR? -✓✓- Activities outside the
scope of EU law
- Investigating and detecting crimes
- Law enforcement, national security, and defense
- Purely personal or household activities
• What are the lawful bases for processing data? -✓✓- Consent
- Contract
- Legal obligation
- Vital interests
- Public interest or official authority
- Legitimate interests
Answers | Complete Review with
Detailed Rationales | Grade A+
• How many member states in the European Union? -✓✓28 member states
• What is the European Economic Area composed of? -✓✓EU member states +
Iceland + Liechtenstien + Norway
• What are the key characteristics of the Data Protection Directive? -✓✓- Places
obligations on member states
- Is transposed into 28 national laws in the EU
- Differs across member states
- Formed the Article 29 Working Party
• In what ways is the GDPR different from the Data Protection Directive? -✓✓The
GDPR:
- is directly applicable and enforceable as law
- provides one set of data protection rules for all
- allows member states a degree of tailoring
- forms the European Data Protection Board (EDPB)
• What are the special categories of personal data? -✓✓- racial origin
- ethic origin
- political opinions
- religious beliefs
,- philosophical beliefs
- trade-union membership
- genetic data
- biometric data
- health data
- sex life
- sexual orientation
(- criminal convictions and offences can only be processed by authorities with
safeguards)
• What is a supervisory authority? -✓✓A Data Protection Authority (DPA) - an
entity appointed to enforce privacy or data protection laws and regulation in a
particular jurisdiction.
• What is the definition of data processing? -✓✓Any operation or set of operations
which is performed on personal data or on sets of personal data, whether or not by
automated means.
• What are the GDPR data processing principles? -✓✓- Lawfulness, fairness, and
transparency of processing
- Purpose limitation
- Data minimization and proportionality
- Data quality and accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
, • What are the two types of scope needed for the GDPR to apply? -✓✓- territorial
scope
- material scope
• When is territorial scope satisfied? -✓✓GDPR applies if a controller or
processor:
(1) is established in the EU,
(2) offers goods or services to EU residents,
(3) monitors behavior of EU residents,
(4) is outside the EU, but EU member state law applies
Companies without presence in the EU need to comply!
• What is outside the material scope of the GDPR? -✓✓- Activities outside the
scope of EU law
- Investigating and detecting crimes
- Law enforcement, national security, and defense
- Purely personal or household activities
• What are the lawful bases for processing data? -✓✓- Consent
- Contract
- Legal obligation
- Vital interests
- Public interest or official authority
- Legitimate interests
