CIPP E Certification From IAPP
What is the difference between "data controllers" and "data processors"?
Data controllers determine the purposes and means of processing personal data, while data processors
handle personal data on behalf of the controller, following their instructions. ✔️✔️
What is "purpose limitation" in data protection law?
Purpose limitation means personal data should only be collected for specific, legitimate purposes and
should not be used for unrelated purposes without further consent. ✔️✔️
What does the term "sensitive personal data" mean?
Sensitive personal data includes information such as racial or ethnic origin, political opinions, health
data, and religious beliefs, which require heightened protection. ✔️✔️
What is the significance of "data breach notification" in privacy laws?
Data breach notification requires organizations to inform affected individuals and relevant authorities
within a specified time, often 72 hours, when personal data is compromised. ✔️✔️
What is "data access control"?
Data access control involves restricting access to personal data to authorized individuals only, ensuring
that unauthorized persons cannot view or alter the data. ✔️✔️
What is the "right to object" under GDPR?
The right to object allows individuals to stop the processing of their personal data in certain
circumstances, such as for direct marketing or profiling. ✔️✔️
What does "data minimization" mean in data protection?
Data minimization means that only the minimum amount of personal data necessary to achieve a
specific purpose should be collected and processed. ✔️✔️
, What is the role of "third-party service providers" in data processing?
Third-party service providers process personal data on behalf of an organization and must comply with
data protection laws to ensure the data is handled securely and lawfully. ✔️✔️
What is "data protection by default"?
Data protection by default requires that, by default, organizations only process personal data necessary
for the intended purpose and take steps to minimize risks. ✔️✔️
What is the purpose of "Data Protection Impact Assessments" (DPIA)?
DPIAs help identify and mitigate privacy risks to individuals’ personal data during the planning and
implementation stages of projects or systems. ✔️✔️
What is "anonymization" and how does it differ from pseudonymization?
Anonymization involves removing all identifiable information from data so it cannot be traced back to
individuals, while pseudonymization reduces the link between data and individuals without fully
removing it. ✔️✔️
What does "data security" entail?
Data security includes measures to protect personal data from unauthorized access, disclosure,
destruction, or modification, ensuring its confidentiality, integrity, and availability. ✔️✔️
What is the "right to rectification" under GDPR?
The right to rectification allows individuals to request corrections to inaccurate or incomplete personal
data held by an organization. ✔️✔️
What does "cross-border data transfer" mean in the context of GDPR?
Cross-border data transfer refers to the movement of personal data across borders, which must comply
with GDPR’s requirements to ensure the data is protected adequately. ✔️✔️
What is "privacy by design"?
What is the difference between "data controllers" and "data processors"?
Data controllers determine the purposes and means of processing personal data, while data processors
handle personal data on behalf of the controller, following their instructions. ✔️✔️
What is "purpose limitation" in data protection law?
Purpose limitation means personal data should only be collected for specific, legitimate purposes and
should not be used for unrelated purposes without further consent. ✔️✔️
What does the term "sensitive personal data" mean?
Sensitive personal data includes information such as racial or ethnic origin, political opinions, health
data, and religious beliefs, which require heightened protection. ✔️✔️
What is the significance of "data breach notification" in privacy laws?
Data breach notification requires organizations to inform affected individuals and relevant authorities
within a specified time, often 72 hours, when personal data is compromised. ✔️✔️
What is "data access control"?
Data access control involves restricting access to personal data to authorized individuals only, ensuring
that unauthorized persons cannot view or alter the data. ✔️✔️
What is the "right to object" under GDPR?
The right to object allows individuals to stop the processing of their personal data in certain
circumstances, such as for direct marketing or profiling. ✔️✔️
What does "data minimization" mean in data protection?
Data minimization means that only the minimum amount of personal data necessary to achieve a
specific purpose should be collected and processed. ✔️✔️
, What is the role of "third-party service providers" in data processing?
Third-party service providers process personal data on behalf of an organization and must comply with
data protection laws to ensure the data is handled securely and lawfully. ✔️✔️
What is "data protection by default"?
Data protection by default requires that, by default, organizations only process personal data necessary
for the intended purpose and take steps to minimize risks. ✔️✔️
What is the purpose of "Data Protection Impact Assessments" (DPIA)?
DPIAs help identify and mitigate privacy risks to individuals’ personal data during the planning and
implementation stages of projects or systems. ✔️✔️
What is "anonymization" and how does it differ from pseudonymization?
Anonymization involves removing all identifiable information from data so it cannot be traced back to
individuals, while pseudonymization reduces the link between data and individuals without fully
removing it. ✔️✔️
What does "data security" entail?
Data security includes measures to protect personal data from unauthorized access, disclosure,
destruction, or modification, ensuring its confidentiality, integrity, and availability. ✔️✔️
What is the "right to rectification" under GDPR?
The right to rectification allows individuals to request corrections to inaccurate or incomplete personal
data held by an organization. ✔️✔️
What does "cross-border data transfer" mean in the context of GDPR?
Cross-border data transfer refers to the movement of personal data across borders, which must comply
with GDPR’s requirements to ensure the data is protected adequately. ✔️✔️
What is "privacy by design"?
