CIPPE EXAM 2 LATEST VERSION S VERSION A AND

• | P a g e

CIPP/E EXAM 2 LATEST VERSION S (VERSION A AND

B) - ACTUAL EXAM 200 QUESTIONS AND

CORRECT DETAILED ANSWERS WITH (VERIFIED

ANSWERS) |ALREADY GRADED A +

CIPP/E EXAM VERSION A

Under Article 58 of the GDPR, which of the following describes a power of supervisory authorities in European Union (EU) member states?

(A). The ability to enact new laws by executive order.(B). The right to access data for investigative purposes.(C). The discretion to carry out goals of elected officials within the member state.(D). The authority to select penalties when a controller is found guilty in a court of law. - ANSWER- B). The right to access data for investigative purposes.

Which of the following would MOST likely trigger the extraterritorial effect of the GDPR, as specified by Article 3?

• / 4

• | P a g e

• The behavior of suspected terrorists being monitored by EU

law enforcement

• Personal data of EU Citizens being processed by a controller

or processor based outside the EU

• Behavior of EU citizens outside the EU

D)Personal data of EU residents by a non-EU business that targets EU customers - ANSWER- B) Personal data of EU Citizens being processed by a controller or processor based outside the EU

What must a data controller do in order to make personal data pseudonymous?

(A). Separately hold any information that would allow linking the data to the data subject.(B). Encrypt the data in order to prevent any unauthorized access or modification.(C). Remove all indirect data identifiers and dispose of them securely.(D). Use the data only in aggregated form for research purposes.

• ANSWER- A). Separately hold any information that would

allow linking the data to the data subject.

• / 4

• | P a g e

Which EU institution is vested with the competence to propose new data protection legislation on its own initiative?

(A). The European Council (B). The European Parliament (C). The European Commission (D). The Council of the European Union - ANSWER- D). The Council of the European Union

What is a reason the European Court of Justice declared the Data Retention Directive invalid in 2014?

(A). The requirements affected individuals without exception.(B). The requirements were financially burdensome to EU businesses.(C). The requirements specified that data must be held within the EU.(D). The requirements had limitations on how national authorities could use data. - ANSWER- D). The requirements had limitations on how national authorities could use data

• / 4

• | P a g e

Which GDPR requirement will present the most significant challenges for organizations with Bring Your Own Device (BYOD) programs?

(A). Data subjects must be sufficiently informed of the purposes for which their personal data is processed.(B). Processing of special categories of personal data on a large scale requires appointing a DPO.(C). Personal data of data subjects must always be accurate and kept up to date.(D). Data controllers must be in control of the data they hold at all times. - ANSWER- (D). Data controllers must be in control of the data they hold at all times.

What is the MAIN reason GDPR Article 4(22) establishes the concept of the "concerned supervisory authority"?

(A). To encourage the consistency of local data processing activity.(B). To give corporations a choice about who their supervisory authority will be.(C). To ensure the GDPR covers controllers that do not have an establishment in the EU but have a

• / 4