CIPP/EIAPP PRACTICE QUESTIONS 2024/2025.

Which of the following data protection milestones is a treaty among member states of the Council of Europe: -Data Retention Directive -Charter of Fundamental Rights -Convention 108 -e-Privacy Directive -GDPR - AnswersConvention 108 Which of the following data protection milestones applies to public electronics communications services and networks? -Data Retention Directive -Charter of Fundamental Rights -Convention 108 -e-Privacy Directive -GDPR - Answerse-Privacy Directive The Universal Declaration of Human Rights is a product of which institution? -The United Nations -The Council of Europe -The European Union - AnswersThe United Nations Which European institutions is composed of 47 member states? -The Council of Europe -The European Union -The European Economic Area - AnswersThe Council of Europe Chose the characteristic that describes the European Parliament. -Is responsible for legislative development, supervisory oversight of other institutions, and development of the budget -Defines the EU priorities and sets the political direction for the EU. - AnswersDefines the EU priorities and sets the political direction for the EU Choose the characteristic that describes the European Council. -Sets the overall political agenda of the EU -Negotiates and adopts laws - AnswersSets the overall political agenda of the EU. Choose the characteristic that describes the Council of the EU -Is sometimes described as the executive body of the EU -Is one of the main decision-making bodies of the EU - AnswersIs one of the main decision making bodies of the EU. Choose the characteristic that describes the European Commission. -Has the power to propose legislation -Is composed of a directly elected body - AnswersHas the power to propose legislation Choose the characteristic that describes the Court of Justice of the EU -Makes decisions on issues of EU law -Is based in Strasbourg - AnswersMakes decisions on issues of EU law. What is the function of the 4 step test? -Determine if data qualifies as personal data -Determine i personal data is anonymous -Determine if personal date belongs to special categories -Determine if personal data is pseudonymous. - AnswersDetermine if data qualifies as personal data Which criteria are used to identify personal data? Select all that apply -natural person -an identified or identifiable -any information -relating to - or anonymous - AnswersAll EXCEPT "or anonymous Select the types of personal data elements that belong to special categories under the GDPR. -Personal data revealing religious or philosophical beliefs -Data relating to personal interests and hobbies -Data concerning health -Personal data revealing political opinions -Personal data revealing financial information -Genetic data used to uniquely identify a natural person - AnswersAll EXCEPT -personal interests and hobbies -financial information True or False: Personal data either belongs to special categories or does not. There is no grey area. - AnswersFalse True or False: Anonymising personal data is always possible. - AnswersFalse True or false: Pseudonymous data is protected by the GDPR. - AnswersTrue True or false: A data controller may be a natural person or a legal entity, while a data processor must be a legal entity. - AnswersFalse True or false: a contract protects a processor from being held to the same legal obligations as the controller. - AnswersFalse True or False: A processor may decide wehre and how to process personal data. - AnswersFalse True or false: When personal data is being processed, there is always a controller. - AnswersTrue What is data processing: -Any action involved in securing and protecting data -Any action performed upon data -Any action involved in collecting personal data -Any action that adapts or alters data. - AnswersAny action performed upon data. What are the criteria used to determine the territorial scope of the GDPR: Select all that apply. -Processing of personal data of EU subjects relating to offering goods or services or monitoring behaviour -Processing of personal data by a controller not established in the EU but in a place where member state law applies -Processing of personal data when a controller or processor is established in the EU - AnswersAll. Which of the following fall under the material scope of the GDPR? Select all that apply. -processing personal data without human intervention -processing anonymous data -Processing personal data that forms part of a filing system. - AnswersAll EXCEPT anonymous data Exclusions to the material scope of GDPR should be interpreted broadly. True or false? - AnswersFalse