CIPM Flashcards Exam 2026 Questions and Answers

CIPM Flashcards Exam 2026 Questions
and Answers

What are the 5 phases of a privacy program audit - Correct answer-Planning,

Preparation, Audit, Report, Followup

What happens during the audit planning phase of PPARF? - Correct answer-Risk

assessment, schedule, selecting auditor, pre-audit questionnaire, preparatory

meeting/visit and checklist

What happens during the Audit Preparation phase of PPARF? - Correct answer-

Confirm schedule, confirm and prepare checklists, sampling criteria and audit plan

What Happens during the Audit phase of PPARF? - Correct answer-Meeting and

audit execution

What happens during the report phase of PPARF? - Correct answer-

Noncompliance records and categories (major/minor), audit report, closing

meeting and distribution




©COPYRIGHT 2025, ALL RIGHTS RESERVED 1

,What happens during the followup phase of PPARF? - Correct answer-Confirm

scope, schedule, methodology and closure

What are the three types of privacy governance models? (privacy governance may

be "___, _____, or ______." - Correct answer-Centralized, Localized, or Hybrid

When creating your privacy office governance model, you should consider what 4

factors? - Correct answer-1. existing organisational structure,

2. position and authority of the privacy team,

3. involvement level of senior leadership and internal stakeholder

4. The development of internal partnerships.

What are the advantages/disadvantages of the hybrid governance model? - Correct

answer-Advantage: Resources of larger centralized org




Disadvantage: Decentralized decision making provides less big picture vision

What are the 5 maturity levels of the GAPP Privacy Maturity Model? - Correct

answer-1. Ad Hoc

2. Repeatable



©COPYRIGHT 2025, ALL RIGHTS RESERVED 2

,3. Defined

4. Managed

5. Optimized (ARDMO)

What are the 5 mechanisms that allow organizations to transfer data across

borders? (there is something else you must also have) - Correct answer-1.

Adequacy Decisions

2. Ad Hoc Contracts

3. Standard Contractual Clauses

4.Binding Corporate Rules

5. Codes of Conduct/Self Certification Mechanisms




(You must also have legal basis for processing data in addition to any of these prior

to transfer)

What are the 5 useful stages of the effective Policy Lifecycle? - Correct answer-1.

Draft practical polices, working with legal, to draft aligned and consistent policies.

2. Get approval from decision makers/stakeholders


©COPYRIGHT 2025, ALL RIGHTS RESERVED 3

, 3. Disseminate to all employees

4. Train and enforce policies

5. Review and revise policies (like after a breach or incident, or merger)

Describe the 5 GAPP program maturity levels in order - Correct answer-1. Ad Hoc

- Process & Procedures: Informal, Incomplete, Inconsistently applied




2. Repeatable - Process & procedures: Not fully complete / Do not cover all

relevant aspects




3. Defined - Process & procedures: Fully Documented, implemented, cover all

relevant aspects




4. Managed - Reviews conducted to assess effectiveness of controls in place




5. Optimized - Regular Reviews / Feedback are used to ensure continual

improvement toward optimisation of a given process


©COPYRIGHT 2025, ALL RIGHTS RESERVED 4