CIPP E IAPP Practice Questions
Which of the following data protection milestones is a treaty among member states of the Council of
Europe:
-Data Retention Directive
-Charter of Fundamental Rights
-Convention 108
-e-Privacy Directive
-GDPR ✔️✔️Convention 108
What is the "right to object" under GDPR?
The right to object allows individuals to oppose the processing of their personal data for certain
purposes, such as direct marketing or profiling. ✔️✔️
What does "cross-border data transfer" involve under privacy laws?
Cross-border data transfer refers to the movement of personal data from one jurisdiction to another,
and it must comply with data protection laws to ensure the data’s safety. ✔️✔️
What is the "data protection by design" principle?
Data protection by design means integrating data protection measures into the development of
business processes and systems from the outset, ensuring privacy is maintained. ✔️✔️
What is the "data subject access request" (DSAR)?
A DSAR is a request made by an individual to access the personal data an organization holds about them,
as well as information on how it is processed. ✔️✔️
What does "accountability" in data protection mean?
Accountability refers to an organization's responsibility to ensure compliance with data protection
regulations and to demonstrate how they protect personal data. ✔️✔️
,What is a "Privacy Impact Assessment" (PIA)?
A Privacy Impact Assessment is an evaluation of the privacy risks of a project or system and the steps
needed to mitigate those risks before data processing begins. ✔️✔️
What is the difference between "anonymization" and "pseudonymization"?
Anonymization irreversibly removes identifiable information from data, while pseudonymization
replaces identifying details with pseudonyms but allows for re-identification if necessary. ✔️✔️
What does "data minimization" mean?
Data minimization means collecting and processing only the personal data necessary for a specific
purpose, avoiding excessive or unnecessary data collection. ✔️✔️
What is a "third-party processor" in data protection?
A third-party processor is an external entity contracted by a data controller to process personal data on
their behalf, and must comply with data protection agreements and laws. ✔️✔️
What is "purpose limitation" under GDPR?
Purpose limitation means that personal data should only be collected for specific, legitimate purposes
and should not be further processed in a way that is incompatible with those purposes. ✔️✔️
What does "data breach" mean in privacy regulations?
A data breach is an event where personal data is accessed, disclosed, lost, or altered without
authorization, potentially impacting data security and privacy. ✔️✔️
What are "special categories of personal data" under GDPR?
Special categories of personal data include sensitive data like racial or ethnic origin, political opinions,
religious beliefs, and health data, which require heightened protection. ✔️✔️
What does "data encryption" help protect?
,Data encryption helps protect personal data by transforming it into a format that is unreadable without
the decryption key, ensuring privacy and security during storage or transfer. ✔️✔️
What does "data retention" mean?
Data retention refers to how long personal data is stored, with the requirement that it should only be
kept for as long as necessary for the purposes it was collected. ✔️✔️
What is the "right to rectification" under GDPR?
The right to rectification allows individuals to request corrections to inaccurate or incomplete personal
data that an organization holds about them. ✔️✔️
What does "cloud computing" mean in relation to data privacy?
Cloud computing involves storing and processing data on remote servers, and requires organizations to
ensure that appropriate privacy and security measures are in place for data stored in the cloud. ✔️✔️
What is "data governance"?
Data governance refers to the set of processes, policies, and standards that ensure data is managed,
protected, and used in compliance with privacy laws and organizational goals. ✔️✔️
What is the "right to erasure" under GDPR?
The right to erasure, also known as the "right to be forgotten," allows individuals to request that their
personal data be deleted when it is no longer necessary or when they withdraw consent. ✔️✔️
What is the role of a Data Protection Officer (DPO)?
A DPO oversees an organization’s data protection strategy, ensures compliance with privacy laws, and
serves as a point of contact for data subjects and regulators. ✔️✔️
What are "cookies" in the context of data protection?
Cookies are small data files stored on a user’s device by websites, and they must be disclosed through a
cookie policy, with user consent to track or collect data. ✔️✔️
, What is "data access control"?
Data access control involves restricting access to personal data based on the user’s role and need to
know, ensuring that unauthorized individuals do not access sensitive data. ✔️✔️
What is the purpose of a "Data Processing Agreement" (DPA)?
A DPA is a legal contract between a data controller and data processor that outlines how personal data
will be handled, processed, and protected. ✔️✔️
What is the "right to data portability" under GDPR?
The right to data portability allows individuals to obtain their personal data in a structured, machine-
readable format and transfer it to another service provider. ✔️✔️
What is "data segregation"?
Data segregation involves storing personal data in a separate or isolated manner from other types of
data to reduce the risk of unauthorized access or exposure. ✔️✔️
What is the "data subject"?
A data subject is an individual whose personal data is collected, processed, or stored by an organization,
and whose privacy rights must be respected. ✔️✔️
What is "privacy by default"?
Privacy by default means that an organization’s systems, processes, and policies are designed to collect
and process only the minimum amount of personal data necessary for the specific purpose. ✔️✔️
What is a "privacy breach"?
A privacy breach is the unauthorized access, loss, alteration, or disclosure of personal data, which can
lead to harm to the individuals involved and may require notification to authorities. ✔️✔️
What does "data portability" refer to under GDPR?
Data portability refers to the right of individuals to obtain and transfer their personal data from one
organization to another in a structured and machine-readable format. ✔️✔️
Which of the following data protection milestones is a treaty among member states of the Council of
Europe:
-Data Retention Directive
-Charter of Fundamental Rights
-Convention 108
-e-Privacy Directive
-GDPR ✔️✔️Convention 108
What is the "right to object" under GDPR?
The right to object allows individuals to oppose the processing of their personal data for certain
purposes, such as direct marketing or profiling. ✔️✔️
What does "cross-border data transfer" involve under privacy laws?
Cross-border data transfer refers to the movement of personal data from one jurisdiction to another,
and it must comply with data protection laws to ensure the data’s safety. ✔️✔️
What is the "data protection by design" principle?
Data protection by design means integrating data protection measures into the development of
business processes and systems from the outset, ensuring privacy is maintained. ✔️✔️
What is the "data subject access request" (DSAR)?
A DSAR is a request made by an individual to access the personal data an organization holds about them,
as well as information on how it is processed. ✔️✔️
What does "accountability" in data protection mean?
Accountability refers to an organization's responsibility to ensure compliance with data protection
regulations and to demonstrate how they protect personal data. ✔️✔️
,What is a "Privacy Impact Assessment" (PIA)?
A Privacy Impact Assessment is an evaluation of the privacy risks of a project or system and the steps
needed to mitigate those risks before data processing begins. ✔️✔️
What is the difference between "anonymization" and "pseudonymization"?
Anonymization irreversibly removes identifiable information from data, while pseudonymization
replaces identifying details with pseudonyms but allows for re-identification if necessary. ✔️✔️
What does "data minimization" mean?
Data minimization means collecting and processing only the personal data necessary for a specific
purpose, avoiding excessive or unnecessary data collection. ✔️✔️
What is a "third-party processor" in data protection?
A third-party processor is an external entity contracted by a data controller to process personal data on
their behalf, and must comply with data protection agreements and laws. ✔️✔️
What is "purpose limitation" under GDPR?
Purpose limitation means that personal data should only be collected for specific, legitimate purposes
and should not be further processed in a way that is incompatible with those purposes. ✔️✔️
What does "data breach" mean in privacy regulations?
A data breach is an event where personal data is accessed, disclosed, lost, or altered without
authorization, potentially impacting data security and privacy. ✔️✔️
What are "special categories of personal data" under GDPR?
Special categories of personal data include sensitive data like racial or ethnic origin, political opinions,
religious beliefs, and health data, which require heightened protection. ✔️✔️
What does "data encryption" help protect?
,Data encryption helps protect personal data by transforming it into a format that is unreadable without
the decryption key, ensuring privacy and security during storage or transfer. ✔️✔️
What does "data retention" mean?
Data retention refers to how long personal data is stored, with the requirement that it should only be
kept for as long as necessary for the purposes it was collected. ✔️✔️
What is the "right to rectification" under GDPR?
The right to rectification allows individuals to request corrections to inaccurate or incomplete personal
data that an organization holds about them. ✔️✔️
What does "cloud computing" mean in relation to data privacy?
Cloud computing involves storing and processing data on remote servers, and requires organizations to
ensure that appropriate privacy and security measures are in place for data stored in the cloud. ✔️✔️
What is "data governance"?
Data governance refers to the set of processes, policies, and standards that ensure data is managed,
protected, and used in compliance with privacy laws and organizational goals. ✔️✔️
What is the "right to erasure" under GDPR?
The right to erasure, also known as the "right to be forgotten," allows individuals to request that their
personal data be deleted when it is no longer necessary or when they withdraw consent. ✔️✔️
What is the role of a Data Protection Officer (DPO)?
A DPO oversees an organization’s data protection strategy, ensures compliance with privacy laws, and
serves as a point of contact for data subjects and regulators. ✔️✔️
What are "cookies" in the context of data protection?
Cookies are small data files stored on a user’s device by websites, and they must be disclosed through a
cookie policy, with user consent to track or collect data. ✔️✔️
, What is "data access control"?
Data access control involves restricting access to personal data based on the user’s role and need to
know, ensuring that unauthorized individuals do not access sensitive data. ✔️✔️
What is the purpose of a "Data Processing Agreement" (DPA)?
A DPA is a legal contract between a data controller and data processor that outlines how personal data
will be handled, processed, and protected. ✔️✔️
What is the "right to data portability" under GDPR?
The right to data portability allows individuals to obtain their personal data in a structured, machine-
readable format and transfer it to another service provider. ✔️✔️
What is "data segregation"?
Data segregation involves storing personal data in a separate or isolated manner from other types of
data to reduce the risk of unauthorized access or exposure. ✔️✔️
What is the "data subject"?
A data subject is an individual whose personal data is collected, processed, or stored by an organization,
and whose privacy rights must be respected. ✔️✔️
What is "privacy by default"?
Privacy by default means that an organization’s systems, processes, and policies are designed to collect
and process only the minimum amount of personal data necessary for the specific purpose. ✔️✔️
What is a "privacy breach"?
A privacy breach is the unauthorized access, loss, alteration, or disclosure of personal data, which can
lead to harm to the individuals involved and may require notification to authorities. ✔️✔️
What does "data portability" refer to under GDPR?
Data portability refers to the right of individuals to obtain and transfer their personal data from one
organization to another in a structured and machine-readable format. ✔️✔️
