Dumps4free
Discount Offer
Go Back on CIPP-E Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99



Pass exam with Dumps4free or we will provide you with three additional months of access for FREE.

CIPP-E Practice Test

Whether you're a beginner or brushing up on skills, our CIPP-E practice exam is your key to success. Our comprehensive question bank covers all key topics, ensuring you’re fully prepared.


Page 6 out of 42 Pages

Which type of personal data does the GDPR define as a “special category” of personal
data?


A.

Educational history.


B.

Trade-union membership.


C.

Closed Circuit Television (CCTV) footage.


D.

Financial information.





B.   

Trade-union membership.



Reference: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-thegeneral-
data-protection- regulation-gdpr/lawful-basis-for-processing/special-categorydata/#:~:
text=The-GDPR-defines%
20special-category-data-as%3A&text=personal-data-revealing-trade
-union,used% 20for-identification-purposes)%3B

An organization conducts body temperature checks as a part of COVID-19 monitoring. Body temperature is measured manually and is not followed by registration, documentation
or other processing of an individual’s personal data.
Which of the following best explain why this practice would NOT be subject to the GDPR?


A.

Bdy temperature is not considered personal data.


B.

The practice does not involve completion by automated means.


C.

Body temperature is considered pseudonymous data.


D.

The practice is for the purpose of alleviating extreme risks to public health





B.   

The practice does not involve completion by automated means.



Under Article 30 of the GDPR, controllers are required to keep records of all of the
following EXCEPT?


A.

Incidents of personal data breaches, whether disclosed or not.


B.

Data inventory or data mapping exercises that have been conducted.


C.

Categories of recipients to whom the personal data have been disclosed.


D.

Retention periods for erasure and deletion of categories of personal data.





D.   

Retention periods for erasure and deletion of categories of personal data.



Explanation: Section: (none)
Explanation
Reference: https://medium.com/golden-data/what-records-must-controllers-andprocessors-
keep-to-comply- with-eu-data-protection-law-3e8bac177695

What is true of both the General Data Protection Regulation (GDPR) and the Council of Europe Convention 108?


A.

Both govern international transfers of personal data


B.

Both govern the manual processing of personal data


C.

Both only apply to European Union countries


D.

Both require notification of processing activities to a supervisory authority





D.   

Both require notification of processing activities to a supervisory authority



A company is located in a country NOT considered by the European Union (EU) to have an
adequate level of data protection. Which of the following is an obligation of the company if it
imports personal data from another
organization in the European Economic Area (EEA) under standard contractual clauses?


A.

Submit the contract to its own government authority.


B.

Ensure that notice is given to and consent is obtained from data subjects.


C.

Supply any information requested by a data protection authority (DPA) within 30 days.


D.

Ensure that local laws do not impede the company from meeting its contractual
obligations.





A.   

Submit the contract to its own government authority.




Page 6 out of 42 Pages
Previous