CIPP/E IAPP PRACTICE QUESTIONS &
ANSWERS
Which of the following data protection milestones is a treaty among member states of
the Council of Europe:
-Data Retention Directive
-Charter of Fundamental Rights
-Convention 108
-e-Privacy Directive
-GDPR - ANSWERConvention 108
Which of the following data protection milestones applies to public electronics
communications services and networks?
-Data Retention Directive
-Charter of Fundamental Rights
-Convention 108
-e-Privacy Directive
-GDPR - ANSWERe-Privacy Directive
The Universal Declaration of Human Rights is a product of which institution?
-The United Nations
-The Council of Europe
-The European Union - ANSWERThe United Nations
Which European institutions is composed of 47 member states?
-The Council of Europe
-The European Union
-The European Economic Area - ANSWERThe Council of Europe
Chose the characteristic that describes the European Parliament.
-Is responsible for legislative development, supervisory oversight of other institutions,
and development of the budget
-Defines the EU priorities and sets the political direction for the EU. - ANSWERDefines
the EU priorities and sets the political direction for the EU
Choose the characteristic that describes the European Council.
-Sets the overall political agenda of the EU
-Negotiates and adopts laws - ANSWERSets the overall political agenda of the EU.
Choose the characteristic that describes the Council of the EU
-Is sometimes described as the executive body of the EU
-Is one of the main decision-making bodies of the EU - ANSWERIs one of the main
decision making bodies of the EU.
,Choose the characteristic that describes the European Commission.
-Has the power to propose legislation
-Is composed of a directly elected body - ANSWERHas the power to propose legislation
Choose the characteristic that describes the Court of Justice of the EU
-Makes decisions on issues of EU law
-Is based in Strasbourg - ANSWERMakes decisions on issues of EU law.
What is the function of the 4 step test?
-Determine if data qualifies as personal data
-Determine i personal data is anonymous
-Determine if personal date belongs to special categories
-Determine if personal data is pseudonymous. - ANSWERDetermine if data qualifies as
personal data
Which criteria are used to identify personal data? Select all that apply
-natural person
-an identified or identifiable
-any information
-relating to
- or anonymous - ANSWERAll EXCEPT "or anonymous
Select the types of personal data elements that belong to special categories under the
GDPR.
-Personal data revealing religious or philosophical beliefs
-Data relating to personal interests and hobbies
-Data concerning health
-Personal data revealing political opinions
-Personal data revealing financial information
-Genetic data used to uniquely identify a natural person - ANSWERAll EXCEPT
-personal interests and hobbies
-financial information
True or False: Personal data either belongs to special categories or does not. There is
no grey area. - ANSWERFalse
True or False: Anonymising personal data is always possible. - ANSWERFalse
True or false: Pseudonymous data is protected by the GDPR. - ANSWERTrue
True or false: A data controller may be a natural person or a legal entity, while a data
processor must be a legal entity. - ANSWERFalse
, True or false: a contract protects a processor from being held to the same legal
obligations as the controller. - ANSWERFalse
True or False: A processor may decide wehre and how to process personal data. -
ANSWERFalse
True or false: When personal data is being processed, there is always a controller. -
ANSWERTrue
What is data processing:
-Any action involved in securing and protecting data
-Any action performed upon data
-Any action involved in collecting personal data
-Any action that adapts or alters data. - ANSWERAny action performed upon data.
What are the criteria used to determine the territorial scope of the GDPR: Select all that
apply.
-Processing of personal data of EU subjects relating to offering goods or services or
monitoring behaviour
-Processing of personal data by a controller not established in the EU but in a place
where member state law applies
-Processing of personal data when a controller or processor is established in the EU -
ANSWERAll.
Which of the following fall under the material scope of the GDPR? Select all that apply.
-processing personal data without human intervention
-processing anonymous data
-Processing personal data that forms part of a filing system. - ANSWERAll EXCEPT
anonymous data
Exclusions to the material scope of GDPR should be interpreted broadly. True or false?
- ANSWERFalse
True or false: At least three of the legitimate processing criteria within the GDPR must
ve met for personal data to be processed legally. - ANSWERFalse
Read the following and select all the GDPR principles that have been violated: An
access control system used by an organization's maintenance team for building security
is later used by a manager in a different department to determine if employees are
arriving late for work. The employees are not informed of this new processing action,
and the manager does not create consistent records of the processing activities.
-Integrity and confidentiality
-Accountability
ANSWERS
Which of the following data protection milestones is a treaty among member states of
the Council of Europe:
-Data Retention Directive
-Charter of Fundamental Rights
-Convention 108
-e-Privacy Directive
-GDPR - ANSWERConvention 108
Which of the following data protection milestones applies to public electronics
communications services and networks?
-Data Retention Directive
-Charter of Fundamental Rights
-Convention 108
-e-Privacy Directive
-GDPR - ANSWERe-Privacy Directive
The Universal Declaration of Human Rights is a product of which institution?
-The United Nations
-The Council of Europe
-The European Union - ANSWERThe United Nations
Which European institutions is composed of 47 member states?
-The Council of Europe
-The European Union
-The European Economic Area - ANSWERThe Council of Europe
Chose the characteristic that describes the European Parliament.
-Is responsible for legislative development, supervisory oversight of other institutions,
and development of the budget
-Defines the EU priorities and sets the political direction for the EU. - ANSWERDefines
the EU priorities and sets the political direction for the EU
Choose the characteristic that describes the European Council.
-Sets the overall political agenda of the EU
-Negotiates and adopts laws - ANSWERSets the overall political agenda of the EU.
Choose the characteristic that describes the Council of the EU
-Is sometimes described as the executive body of the EU
-Is one of the main decision-making bodies of the EU - ANSWERIs one of the main
decision making bodies of the EU.
,Choose the characteristic that describes the European Commission.
-Has the power to propose legislation
-Is composed of a directly elected body - ANSWERHas the power to propose legislation
Choose the characteristic that describes the Court of Justice of the EU
-Makes decisions on issues of EU law
-Is based in Strasbourg - ANSWERMakes decisions on issues of EU law.
What is the function of the 4 step test?
-Determine if data qualifies as personal data
-Determine i personal data is anonymous
-Determine if personal date belongs to special categories
-Determine if personal data is pseudonymous. - ANSWERDetermine if data qualifies as
personal data
Which criteria are used to identify personal data? Select all that apply
-natural person
-an identified or identifiable
-any information
-relating to
- or anonymous - ANSWERAll EXCEPT "or anonymous
Select the types of personal data elements that belong to special categories under the
GDPR.
-Personal data revealing religious or philosophical beliefs
-Data relating to personal interests and hobbies
-Data concerning health
-Personal data revealing political opinions
-Personal data revealing financial information
-Genetic data used to uniquely identify a natural person - ANSWERAll EXCEPT
-personal interests and hobbies
-financial information
True or False: Personal data either belongs to special categories or does not. There is
no grey area. - ANSWERFalse
True or False: Anonymising personal data is always possible. - ANSWERFalse
True or false: Pseudonymous data is protected by the GDPR. - ANSWERTrue
True or false: A data controller may be a natural person or a legal entity, while a data
processor must be a legal entity. - ANSWERFalse
, True or false: a contract protects a processor from being held to the same legal
obligations as the controller. - ANSWERFalse
True or False: A processor may decide wehre and how to process personal data. -
ANSWERFalse
True or false: When personal data is being processed, there is always a controller. -
ANSWERTrue
What is data processing:
-Any action involved in securing and protecting data
-Any action performed upon data
-Any action involved in collecting personal data
-Any action that adapts or alters data. - ANSWERAny action performed upon data.
What are the criteria used to determine the territorial scope of the GDPR: Select all that
apply.
-Processing of personal data of EU subjects relating to offering goods or services or
monitoring behaviour
-Processing of personal data by a controller not established in the EU but in a place
where member state law applies
-Processing of personal data when a controller or processor is established in the EU -
ANSWERAll.
Which of the following fall under the material scope of the GDPR? Select all that apply.
-processing personal data without human intervention
-processing anonymous data
-Processing personal data that forms part of a filing system. - ANSWERAll EXCEPT
anonymous data
Exclusions to the material scope of GDPR should be interpreted broadly. True or false?
- ANSWERFalse
True or false: At least three of the legitimate processing criteria within the GDPR must
ve met for personal data to be processed legally. - ANSWERFalse
Read the following and select all the GDPR principles that have been violated: An
access control system used by an organization's maintenance team for building security
is later used by a manager in a different department to determine if employees are
arriving late for work. The employees are not informed of this new processing action,
and the manager does not create consistent records of the processing activities.
-Integrity and confidentiality
-Accountability
