CIPP E EXAM PREP 2026 EXAMINATION
TEST COMPLETE QUESTIONS AND 100%
CORRECT ANSWERS VERIFIED GRADED A+
⩥ When does the minimum age rule of consent apply? Answer: 1. for
information society services offered directly to the child; and
2. where the controller does not rely on another legal means for
processing.
⩥ What doesn't fall within the "legal obligation to which a controller is
subject"? Answer: 1. a contract with a third party that has an obligation
in it;
2. legal requirement of a non-member country
⩥ What does the "vital interests of the data subject or other natural
person" apply to? Answer: Life or death
⩥ Who can't rely on the legitimate interest basis? Answer: Public
authorities
⩥ Factors to satisfy legitimate interest basis? Answer: 1. The processing
must be necessary for the purpose.
2. The purpose must be a legitimate interest of the controller or a third
party.
,3. The legitimate interest cannot be overridden by the data subject's
interests or fundamental rights and freedoms.
⩥ Examples of legitimate interests set forth in the recitals: Answer: 1.
Preventing fraud
2. Direct marketing purposes
3. Sharing within group companies to a centralized system for
administrative purposes
4. to ensure network and information security
⩥ For legal obligations and public interest basis, what can member states
determine? Answer: 1. specifications for determining the controller,
2. type of personal data that is subject to the processing,
3. data subjects concerned,
4. entities to which the personal data may be disclosed,
5. purpose limitations,
6. storage period and other measures.
7. whether the controller must additionally be a public authority or not.
⩥ What 2 articles must you comply with for sensitive data? Answer:
Article 6 and 9
⩥ Exceptions to the general prohibition on processing sensitive data?
Answer: 1. Explicit consent, except where prohibited by law
,2. Necessary to carry out obligation or specific rights of controller or
subject in employment or social security or social protection law.
3. Necessary to protect vital interests of subject or other natural person
where incapable of giving consent
4. Carried out in course of legitimate activities with safeguards by a
foundation, assn or non-profit with a political philosophical, religious or
trade union purpose.
5. Relates to personal data made public by data subject
6. Processing is necessary to establish, exercise or defend legal claims.
7. Processing is necessary for reasons of substantial public interest under
member law.
8. Processing necessary for medicine, diagnosis, or provisions of
medical services.
9. Public interest in public health issues.
10. Processing necessary for archiving scientific or historical research.
⩥ What does German law require for consent to process sensitive data?
Answer: Specific reference to the data to be processed
⩥ What is required for the exception to processing sensitive data by a
foundation, association, etc.? Answer: Processing must relate solely to
the members, former members or people with regular contact in
connection with foundation's purpose and not disclosed to outsiders
without consent.
, ⩥ What requirements must member states meet when establishing laws
that allow for processing of sensitive data? Answer: 1. Suitable
safeguards
2. Proportionate to the aim pursued
3. Respect for the essence of the right to data protection
⩥ Examples of member laws allowing processing of sensitive data.
Answer: Italy- activities carried out by the National Health Services
UK- purposes of preventing or detecting any unlawful act or to
discharge any function designed to protect the public against dishonesty,
seriously improper conduct or mismanagement in the administration of
any organisation or association.
⩥ When can sensitive information be processed for medical reasons?
Answer: 1. For medical treatment purposes
2. Assessment of working capacity of employee
3. Provision of social care under member law;
4. Pursuant to contact with health professional
⩥ What is required under the sensitive data exception for archiving
scientific or historical research? Answer: 1. Proportionate to the aim
pursued
2. Respect the essence of the right to data protection
3. suitable safeguards
TEST COMPLETE QUESTIONS AND 100%
CORRECT ANSWERS VERIFIED GRADED A+
⩥ When does the minimum age rule of consent apply? Answer: 1. for
information society services offered directly to the child; and
2. where the controller does not rely on another legal means for
processing.
⩥ What doesn't fall within the "legal obligation to which a controller is
subject"? Answer: 1. a contract with a third party that has an obligation
in it;
2. legal requirement of a non-member country
⩥ What does the "vital interests of the data subject or other natural
person" apply to? Answer: Life or death
⩥ Who can't rely on the legitimate interest basis? Answer: Public
authorities
⩥ Factors to satisfy legitimate interest basis? Answer: 1. The processing
must be necessary for the purpose.
2. The purpose must be a legitimate interest of the controller or a third
party.
,3. The legitimate interest cannot be overridden by the data subject's
interests or fundamental rights and freedoms.
⩥ Examples of legitimate interests set forth in the recitals: Answer: 1.
Preventing fraud
2. Direct marketing purposes
3. Sharing within group companies to a centralized system for
administrative purposes
4. to ensure network and information security
⩥ For legal obligations and public interest basis, what can member states
determine? Answer: 1. specifications for determining the controller,
2. type of personal data that is subject to the processing,
3. data subjects concerned,
4. entities to which the personal data may be disclosed,
5. purpose limitations,
6. storage period and other measures.
7. whether the controller must additionally be a public authority or not.
⩥ What 2 articles must you comply with for sensitive data? Answer:
Article 6 and 9
⩥ Exceptions to the general prohibition on processing sensitive data?
Answer: 1. Explicit consent, except where prohibited by law
,2. Necessary to carry out obligation or specific rights of controller or
subject in employment or social security or social protection law.
3. Necessary to protect vital interests of subject or other natural person
where incapable of giving consent
4. Carried out in course of legitimate activities with safeguards by a
foundation, assn or non-profit with a political philosophical, religious or
trade union purpose.
5. Relates to personal data made public by data subject
6. Processing is necessary to establish, exercise or defend legal claims.
7. Processing is necessary for reasons of substantial public interest under
member law.
8. Processing necessary for medicine, diagnosis, or provisions of
medical services.
9. Public interest in public health issues.
10. Processing necessary for archiving scientific or historical research.
⩥ What does German law require for consent to process sensitive data?
Answer: Specific reference to the data to be processed
⩥ What is required for the exception to processing sensitive data by a
foundation, association, etc.? Answer: Processing must relate solely to
the members, former members or people with regular contact in
connection with foundation's purpose and not disclosed to outsiders
without consent.
, ⩥ What requirements must member states meet when establishing laws
that allow for processing of sensitive data? Answer: 1. Suitable
safeguards
2. Proportionate to the aim pursued
3. Respect for the essence of the right to data protection
⩥ Examples of member laws allowing processing of sensitive data.
Answer: Italy- activities carried out by the National Health Services
UK- purposes of preventing or detecting any unlawful act or to
discharge any function designed to protect the public against dishonesty,
seriously improper conduct or mismanagement in the administration of
any organisation or association.
⩥ When can sensitive information be processed for medical reasons?
Answer: 1. For medical treatment purposes
2. Assessment of working capacity of employee
3. Provision of social care under member law;
4. Pursuant to contact with health professional
⩥ What is required under the sensitive data exception for archiving
scientific or historical research? Answer: 1. Proportionate to the aim
pursued
2. Respect the essence of the right to data protection
3. suitable safeguards
