CIPM CORE MAIN EXAMINATION QUESTIONS
AND ANSWERS SURE A+
✔✔Scope of Privacy Program - ✔✔Defined by data types, jurisdictions, and business
units involved
✔✔Privacy Framework - ✔✔A structured model used to manage and govern privacy
risks
✔✔Privacy Strategy - ✔✔The overall direction and goals of a privacy program
✔✔Privacy by Design - ✔✔Embedding privacy into systems and processes from the
beginning
✔✔Transparency - ✔✔Clear and open communication to individuals about data
practices
✔✔Data Minimization - ✔✔Collecting only the personal data necessary for a specific
purpose
✔✔Purpose Limitation - ✔✔Using personal data only for the specific purpose it was
collected for
✔✔Accuracy - ✔✔Ensuring personal data is correct and kept up to date
✔✔Integrity - ✔✔Protecting personal data from unauthorized access or alteration
✔✔Storage Limitation - ✔✔Retaining personal data only as long as necessary
✔✔Personal Data - ✔✔Any information that can identify an individual directly or
indirectly
✔✔Sensitive Data - ✔✔High-risk data such as health, biometric, or financial information
, ✔✔Lawful Processing - ✔✔Processing personal data based on a valid legal basis
✔✔Fairness - ✔✔Processing data in an ethical and non-deceptive manner
✔✔Compliance - ✔✔Adhering to applicable privacy laws and regulations
✔✔Governance - ✔✔The structure and oversight used to manage a privacy program
✔✔Program Charter - ✔✔A document defining the mission, scope, and objectives of the
privacy program
✔✔Stakeholder Engagement - ✔✔Involving key business and functional stakeholders in
privacy efforts
✔✔Privacy Culture - ✔✔The collective awareness and behavior of employees toward
privacy
✔✔Risk Tolerance - ✔✔The level of risk an organization is willing to accept
✔✔Control - ✔✔A measure implemented to reduce or manage risk
✔✔Preventive Control - ✔✔A control designed to stop an issue before it occurs
✔✔Detective Control - ✔✔A control designed to identify issues after they occur
✔✔Corrective Control - ✔✔A control designed to fix or remediate issues
✔✔Risk Assessment - ✔✔The process of identifying and evaluating risks
✔✔Risk Mitigation - ✔✔Reducing the likelihood or impact of identified risks
✔✔Privacy Notice - ✔✔An external statement explaining how personal data is collected
and used
✔✔Policy - ✔✔A high-level rule defining what must be done and why
✔✔Procedure - ✔✔Detailed steps outlining how to perform a task
✔✔Privacy Program Manager - ✔✔The individual responsible for executing the privacy
program
AND ANSWERS SURE A+
✔✔Scope of Privacy Program - ✔✔Defined by data types, jurisdictions, and business
units involved
✔✔Privacy Framework - ✔✔A structured model used to manage and govern privacy
risks
✔✔Privacy Strategy - ✔✔The overall direction and goals of a privacy program
✔✔Privacy by Design - ✔✔Embedding privacy into systems and processes from the
beginning
✔✔Transparency - ✔✔Clear and open communication to individuals about data
practices
✔✔Data Minimization - ✔✔Collecting only the personal data necessary for a specific
purpose
✔✔Purpose Limitation - ✔✔Using personal data only for the specific purpose it was
collected for
✔✔Accuracy - ✔✔Ensuring personal data is correct and kept up to date
✔✔Integrity - ✔✔Protecting personal data from unauthorized access or alteration
✔✔Storage Limitation - ✔✔Retaining personal data only as long as necessary
✔✔Personal Data - ✔✔Any information that can identify an individual directly or
indirectly
✔✔Sensitive Data - ✔✔High-risk data such as health, biometric, or financial information
, ✔✔Lawful Processing - ✔✔Processing personal data based on a valid legal basis
✔✔Fairness - ✔✔Processing data in an ethical and non-deceptive manner
✔✔Compliance - ✔✔Adhering to applicable privacy laws and regulations
✔✔Governance - ✔✔The structure and oversight used to manage a privacy program
✔✔Program Charter - ✔✔A document defining the mission, scope, and objectives of the
privacy program
✔✔Stakeholder Engagement - ✔✔Involving key business and functional stakeholders in
privacy efforts
✔✔Privacy Culture - ✔✔The collective awareness and behavior of employees toward
privacy
✔✔Risk Tolerance - ✔✔The level of risk an organization is willing to accept
✔✔Control - ✔✔A measure implemented to reduce or manage risk
✔✔Preventive Control - ✔✔A control designed to stop an issue before it occurs
✔✔Detective Control - ✔✔A control designed to identify issues after they occur
✔✔Corrective Control - ✔✔A control designed to fix or remediate issues
✔✔Risk Assessment - ✔✔The process of identifying and evaluating risks
✔✔Risk Mitigation - ✔✔Reducing the likelihood or impact of identified risks
✔✔Privacy Notice - ✔✔An external statement explaining how personal data is collected
and used
✔✔Policy - ✔✔A high-level rule defining what must be done and why
✔✔Procedure - ✔✔Detailed steps outlining how to perform a task
✔✔Privacy Program Manager - ✔✔The individual responsible for executing the privacy
program
