CIPP/E IAPP Practice Questions ALL
ANSWERS 100% CORRECT SPRING
FALL 2023/24 LATEST SOLUTION
GUARANTEED GRADE A+
Which of the following data protection milestones is a treaty among member states of
the Council of Europe:
-Data Retention Directive
-Charter of Fundamental Rights
-Convention 108
-e-Privacy Directive
-GDPR
Convention 108
Which of the following data protection milestones applies to public electronics
communications services and networks?
-Data Retention Directive
-Charter of Fundamental Rights
-Convention 108
-e-Privacy Directive
-GDPR
e-Privacy Directive
The Universal Declaration of Human Rights is a product of which institution?
-The United Nations
-The Council of Europe
-The European Union
The United Nations
Which European institutions is composed of 47 member states?
-The Council of Europe
-The European Union
-The European Economic Area
The Council of Europe
Chose the characteristic that describes the European Parliament.
-Is responsible for legislative development, supervisory oversight of other institutions,
and development of the budget
-Defines the EU priorities and sets the political direction for the EU.
Defines the EU priorities and sets the political direction for the EU
Choose the characteristic that describes the European Council.
-Sets the overall political agenda of the EU
-Negotiates and adopts laws
,Sets the overall political agenda of the EU.
Choose the characteristic that describes the Council of the EU
-Is sometimes described as the executive body of the EU
-Is one of the main decision-making bodies of the EU
Is one of the main decision making bodies of the EU.
Choose the characteristic that describes the European Commission.
-Has the power to propose legislation
-Is composed of a directly elected body
Has the power to propose legislation
Choose the characteristic that describes the Court of Justice of the EU
-Makes decisions on issues of EU law
-Is based in Strasbourg
Makes decisions on issues of EU law.
What is the function of the 4 step test?
-Determine if data qualifies as personal data
-Determine i personal data is anonymous
-Determine if personal date belongs to special categories
-Determine if personal data is pseudonymous.
Determine if data qualifies as personal data
Which criteria are used to identify personal data? Select all that apply
-natural person
-an identified or identifiable
-any information
-relating to
- or anonymous
All EXCEPT "or anonymous
Select the types of personal data elements that belong to special categories under the
GDPR.
-Personal data revealing religious or philosophical beliefs
-Data relating to personal interests and hobbies
-Data concerning health
-Personal data revealing political opinions
-Personal data revealing financial information
-Genetic data used to uniquely identify a natural person
All EXCEPT
-personal interests and hobbies
-financial information
00:0201:22
True or False: Personal data either belongs to special categories or does not. There is
no grey area.
False
True or False: Anonymising personal data is always possible.
False
True or false: Pseudonymous data is protected by the GDPR.
, True
True or false: A data controller may be a natural person or a legal entity, while a data
processor must be a legal entity.
False
True or false: a contract protects a processor from being held to the same legal
obligations as the controller.
False
True or False: A processor may decide wehre and how to process personal data.
False
True or false: When personal data is being processed, there is always a controller.
True
What is data processing:
-Any action involved in securing and protecting data
-Any action performed upon data
-Any action involved in collecting personal data
-Any action that adapts or alters data.
Any action performed upon data.
What are the criteria used to determine the territorial scope of the GDPR: Select all that
apply.
-Processing of personal data of EU subjects relating to offering goods or services or
monitoring behaviour
-Processing of personal data by a controller not established in the EU but in a place
where member state law applies
-Processing of personal data when a controller or processor is established in the EU
All.
Which of the following fall under the material scope of the GDPR? Select all that apply.
-processing personal data without human intervention
-processing anonymous data
-Processing personal data that forms part of a filing system.
All EXCEPT anonymous data
Exclusions to the material scope of GDPR should be interpreted broadly. True or false?
False
True or false: At least three of the legitimate processing criteria within the GDPR must
ve met for personal data to be processed legally.
False
Read the following and select all the GDPR principles that have been violated: An
access control system used by an organization's maintenance team for building security
is later used by a manager in a different department to determine if employees are
arriving late for work. The employees are not informed of this new processing action,
and the manager does not create consistent records of the processing activities.
-Integrity and confidentiality
-Accountability
-Data quality and accuracy
ANSWERS 100% CORRECT SPRING
FALL 2023/24 LATEST SOLUTION
GUARANTEED GRADE A+
Which of the following data protection milestones is a treaty among member states of
the Council of Europe:
-Data Retention Directive
-Charter of Fundamental Rights
-Convention 108
-e-Privacy Directive
-GDPR
Convention 108
Which of the following data protection milestones applies to public electronics
communications services and networks?
-Data Retention Directive
-Charter of Fundamental Rights
-Convention 108
-e-Privacy Directive
-GDPR
e-Privacy Directive
The Universal Declaration of Human Rights is a product of which institution?
-The United Nations
-The Council of Europe
-The European Union
The United Nations
Which European institutions is composed of 47 member states?
-The Council of Europe
-The European Union
-The European Economic Area
The Council of Europe
Chose the characteristic that describes the European Parliament.
-Is responsible for legislative development, supervisory oversight of other institutions,
and development of the budget
-Defines the EU priorities and sets the political direction for the EU.
Defines the EU priorities and sets the political direction for the EU
Choose the characteristic that describes the European Council.
-Sets the overall political agenda of the EU
-Negotiates and adopts laws
,Sets the overall political agenda of the EU.
Choose the characteristic that describes the Council of the EU
-Is sometimes described as the executive body of the EU
-Is one of the main decision-making bodies of the EU
Is one of the main decision making bodies of the EU.
Choose the characteristic that describes the European Commission.
-Has the power to propose legislation
-Is composed of a directly elected body
Has the power to propose legislation
Choose the characteristic that describes the Court of Justice of the EU
-Makes decisions on issues of EU law
-Is based in Strasbourg
Makes decisions on issues of EU law.
What is the function of the 4 step test?
-Determine if data qualifies as personal data
-Determine i personal data is anonymous
-Determine if personal date belongs to special categories
-Determine if personal data is pseudonymous.
Determine if data qualifies as personal data
Which criteria are used to identify personal data? Select all that apply
-natural person
-an identified or identifiable
-any information
-relating to
- or anonymous
All EXCEPT "or anonymous
Select the types of personal data elements that belong to special categories under the
GDPR.
-Personal data revealing religious or philosophical beliefs
-Data relating to personal interests and hobbies
-Data concerning health
-Personal data revealing political opinions
-Personal data revealing financial information
-Genetic data used to uniquely identify a natural person
All EXCEPT
-personal interests and hobbies
-financial information
00:0201:22
True or False: Personal data either belongs to special categories or does not. There is
no grey area.
False
True or False: Anonymising personal data is always possible.
False
True or false: Pseudonymous data is protected by the GDPR.
, True
True or false: A data controller may be a natural person or a legal entity, while a data
processor must be a legal entity.
False
True or false: a contract protects a processor from being held to the same legal
obligations as the controller.
False
True or False: A processor may decide wehre and how to process personal data.
False
True or false: When personal data is being processed, there is always a controller.
True
What is data processing:
-Any action involved in securing and protecting data
-Any action performed upon data
-Any action involved in collecting personal data
-Any action that adapts or alters data.
Any action performed upon data.
What are the criteria used to determine the territorial scope of the GDPR: Select all that
apply.
-Processing of personal data of EU subjects relating to offering goods or services or
monitoring behaviour
-Processing of personal data by a controller not established in the EU but in a place
where member state law applies
-Processing of personal data when a controller or processor is established in the EU
All.
Which of the following fall under the material scope of the GDPR? Select all that apply.
-processing personal data without human intervention
-processing anonymous data
-Processing personal data that forms part of a filing system.
All EXCEPT anonymous data
Exclusions to the material scope of GDPR should be interpreted broadly. True or false?
False
True or false: At least three of the legitimate processing criteria within the GDPR must
ve met for personal data to be processed legally.
False
Read the following and select all the GDPR principles that have been violated: An
access control system used by an organization's maintenance team for building security
is later used by a manager in a different department to determine if employees are
arriving late for work. The employees are not informed of this new processing action,
and the manager does not create consistent records of the processing activities.
-Integrity and confidentiality
-Accountability
-Data quality and accuracy
