CIPP/E Exam ACTUAL Exam Questions
and CORRECT Answers
Outliers work on their website to company x, employee of Company X steals the data -delete it -
tells boss.
Q: What is company x legally obliged to do? - CORRECT ANSWER - A: NotifyOutliers
Outliers work on their website to company x, employee of Company X steals the data -delete it -
tells boss.
Q: What does Outliers then need to do? - CORRECT ANSWER - A: Nothingas data was
deleted
Outliers work on their website to company x, employee of Company X steals the data -delete it -
tells boss.
Q: Follows on with Cookies question? - CORRECT ANSWER - A: Consentto opt-in to
cookies
Privacy notice for new Health App collecting sensitive data.
Q: What is the problem with the draft? - CORRECT ANSWER - A: Them form is asking
for health information from the outset, which is not legal
Privacy notice for new Health App collecting sensitive data
Q: Potential problem with collecting children data? - CORRECT ANSWER - A: Need to
demonstrate steps to gain parental consent
Anna is lawyer foruniversity tasked with Student Records. Frank is a professor. Four types of
data:Student Data - personal infoEmployee Data - personal infoAlumni Data - personal
infoDepartment of Education Data:demographic data - no personal identifiers (used to see how
first year students progress, etc.)Frank wants to build a database to process data and see how first
year students in his class progressed. Frank builds algorithm to process data without identifiers.
All university systems are encrypted. Takes data to his home laptop which is not encrypted.
Loses laptop
, Q: Which types of data does Anna NOT have to include in her record of processing activities? -
CORRECT ANSWER - Department of Education Records
Q: What should the Anna/DPO checkto confirm he can process those data? - CORRECT
ANSWER - More information about the algorithm he has developed
Q: He losses the data, what should happen next? Should they inform the students? - CORRECT
ANSWER - Yes because potential high risk since data was not encrypted
Case study on guy gets photo taken at a gym in Germany
-consents to them using it for marketing
-Gym HQ in France
-Gyms all over EU
-He lives in UK
-Submits request to ICO in UK
-ICO refers to CNIL (this is the SA in France)
Q: In effort of Cooperation (the lead SA, CNIL, gets their judgement) what should the they do
now? - CORRECT ANSWER - Draft a draft decision and submit to supporting SAs for
their opinion.
What does he have to do for lawsuit? (each location is a controller!) - CORRECT
ANSWER - Answer: Go to each gym branch...
Question on what he should do if he wants tosue - CORRECT ANSWER - Sue ANY
relevant branch as each can be liable for entire damage
ABC Insurance gives data to subsidiary which begins direct marketing to Jason. Jason decides to
switch insurance companies. ABC Insurance is direct marketing to Jason. Jason asks them to stop
but they say that there is a line in the contract he signed saying he consents to direct marketing
and he doesn't stop. Wants to transfer data - they give it to him in PDF format. He asks for them
to transfer and they can't because it's too time-consuming and not feasible.
and CORRECT Answers
Outliers work on their website to company x, employee of Company X steals the data -delete it -
tells boss.
Q: What is company x legally obliged to do? - CORRECT ANSWER - A: NotifyOutliers
Outliers work on their website to company x, employee of Company X steals the data -delete it -
tells boss.
Q: What does Outliers then need to do? - CORRECT ANSWER - A: Nothingas data was
deleted
Outliers work on their website to company x, employee of Company X steals the data -delete it -
tells boss.
Q: Follows on with Cookies question? - CORRECT ANSWER - A: Consentto opt-in to
cookies
Privacy notice for new Health App collecting sensitive data.
Q: What is the problem with the draft? - CORRECT ANSWER - A: Them form is asking
for health information from the outset, which is not legal
Privacy notice for new Health App collecting sensitive data
Q: Potential problem with collecting children data? - CORRECT ANSWER - A: Need to
demonstrate steps to gain parental consent
Anna is lawyer foruniversity tasked with Student Records. Frank is a professor. Four types of
data:Student Data - personal infoEmployee Data - personal infoAlumni Data - personal
infoDepartment of Education Data:demographic data - no personal identifiers (used to see how
first year students progress, etc.)Frank wants to build a database to process data and see how first
year students in his class progressed. Frank builds algorithm to process data without identifiers.
All university systems are encrypted. Takes data to his home laptop which is not encrypted.
Loses laptop
, Q: Which types of data does Anna NOT have to include in her record of processing activities? -
CORRECT ANSWER - Department of Education Records
Q: What should the Anna/DPO checkto confirm he can process those data? - CORRECT
ANSWER - More information about the algorithm he has developed
Q: He losses the data, what should happen next? Should they inform the students? - CORRECT
ANSWER - Yes because potential high risk since data was not encrypted
Case study on guy gets photo taken at a gym in Germany
-consents to them using it for marketing
-Gym HQ in France
-Gyms all over EU
-He lives in UK
-Submits request to ICO in UK
-ICO refers to CNIL (this is the SA in France)
Q: In effort of Cooperation (the lead SA, CNIL, gets their judgement) what should the they do
now? - CORRECT ANSWER - Draft a draft decision and submit to supporting SAs for
their opinion.
What does he have to do for lawsuit? (each location is a controller!) - CORRECT
ANSWER - Answer: Go to each gym branch...
Question on what he should do if he wants tosue - CORRECT ANSWER - Sue ANY
relevant branch as each can be liable for entire damage
ABC Insurance gives data to subsidiary which begins direct marketing to Jason. Jason decides to
switch insurance companies. ABC Insurance is direct marketing to Jason. Jason asks them to stop
but they say that there is a line in the contract he signed saying he consents to direct marketing
and he doesn't stop. Wants to transfer data - they give it to him in PDF format. He asks for them
to transfer and they can't because it's too time-consuming and not feasible.
