← Back to exam page

CIPP-E Certified Information Privacy Professional/Europe (CIPP/E)

Loading demo links...

Showing 4–6 of 15 questions

Question 4

When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?

Select an option, then click Submit answer.

  • Documenting due diligence steps taken in the pre-contractual stage.

  • Conducting a risk assessment to analyze possible outsourcing threats.

  • Requiring that the processor directly notify the appropriate supervisory authority.

  • Maintaining evidence that the processor was the best possible market choice available.
Question 5

Which of the following would MOST likely trigger the extraterritorial effect of the GDPR, as specified by Article 3?

Select an option, then click Submit answer.

  • The behavior of suspected terrorists being monitored by EU law enforcement bodies.

  • Personal data of EU citizens being processed by a controller or processor based outside the EU.

  • The behavior of EU citizens outside the EU being monitored by non-EU law enforcement bodies.

  • Personal data of EU residents being processed by a non-EU business that targets EU customers.
Question 6

Under the GDPR, which of the following is true in regard to adequacy decisions involving cross-border transfers?

Select an option, then click Submit answer.

  • The European Commission can adopt an adequacy decision for individual companies.

  • The European Commission can adopt, repeal or amend an existing adequacy decision.

  • EU member states are vested with the power to accept or reject a European Commission adequacy decision.

  • To be considered as adequate, third countries must implement the EU General Data Protection Regulation into their national legislation.