Certified Information Privacy Professional/Europe (CIPP/E)


    UPDATION DATE : 2023-03-28





$65 $84.5


$55 $71.5


$45 $58.5


CIPP-E exam has grabbed the interest of IT students with its rising need and importance in the field. In spite of being a hard core IT exam, it can easily be passed with the help of CIPP-E dumps material.This highly demanded and results-producing authentic dumps material can be obtained from Exam4help.com. When you will prepare under the guidance of veterans by using additional facilitating services, your certification is stamped with success.

As a favor to our students, we have availed free of cost demo version for quick quality check before going forward. You get here trust, find satisfaction and meet your success with expertly verified CIPP-E questions answer. You can download PDF study guide right now at very cheap and attractive price and pursue your career with fast pace. Further, it is the place where you get money back guarantee in case of, though not expected, unfortunate happening and you fail to get your desired result in your final exam. In short, you are promised for definite success with student-friendly preparatory solutions. Just join our hands and leap for your successful career.

Sample Questions

Question 1

Please use the following to answer the next question:
Javier is a member of the fitness club EVERFIT. This company has branches in many EU member states, but
for the purposes of the GDPR maintains its primary establishment in France. Javier lives in Newry, Northern
Ireland (part of the U.K.), and commutes across the border to work in Dundalk, Ireland. Two years ago while
on a business trip, Javier was photographed while working out at a branch of EVERFIT in Frankfurt,
Germany. At the time, Javier gave his consent to being included in the photograph, since he was told that it
would be used for promotional purposes only. Since then, the photograph has been used in the club’s U.K.
brochures, and it features in the landing page of its U.K. website. However, the fitness club has recently fallen
into disrepute due to widespread mistreatment of members at various branches of the club in several EU
member states. As a result, Javier no longer feels comfortable with his photograph being publicly associated
with the fitness club.
After numerous failed attempts to book an appointment with the manager of the local branch to discuss this
matter, Javier sends a letter to EVETFIT requesting that his image be removed from the website and all
promotional materials. Months pass and Javier, having received no acknowledgment of his request, becomes
very anxious about this matter. After repeatedly failing to contact EVETFIT through alternate channels, he
decides to take action against the company.
Javier contacts the U.K. Information Commissioner’s Office (‘ICO’ – the U.K.’s supervisory authority) to
lodge a complaint about this matter. The ICO, pursuant to Article 56 (3) of the GDPR, informs the CNIL (i.e.
the supervisory authority of EVERFIT’s main establishment) about this matter. Despite the fact that EVERFIT
has an establishment in the U.K., the CNIL decides to handle the case in accordance with Article 60 of the
GDPR. The CNIL liaises with the ICO, as relevant under the cooperation procedure. In light of issues amongst
the supervisory authorities to reach a decision, the European Data Protection Board becomes involved and,
pursuant to the consistency mechanism, issues a binding decision.
Additionally, Javier sues EVERFIT for the damages caused as a result of its failure to honor his request to
have his photograph removed from the brochure and website.
Assuming that multiple EVETFIT branches across several EU countries are acting as separate data
controllers, and that each of those branches were responsible for mishandling Javier’s request, how may Javier
proceed in order to seek compensation?

A. He will have to sue the EVETFIT’s head office in France, where EVETFIT has its main establishment.

B. He will be able to sue any one of the relevant EVETFIT branches, as each one may be held liable for the entire damage.

C. He will have to sue each EVETFIT branch so that each branch provides proportionate compensation commensurate with its contribution to the damage or distress suffered by Javier.

D. He will be able to apply to the European Data Protection Board in order to determine which particular EVETFIT branch is liable for damages, based on the decision that was made by the board.


Question 2

Please use the following to answer the next question:
Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company
is headquartered in Montreal, and all of its employees are located there. The company offers its services to
Canadians only: Its website is in English and French, it accepts only Canadian currency, and it blocks internet
traffic from outside of Canada (although this solution doesn’t prevent all non-Canadian traffic). It also declines
to process orders that request the DNA report to be sent outside of Canada, and returns orders that show a
non-Canadian return address.
Bob, the President of Who-R-U, thinks there is a lot of interest for the product in the EU, and the company is
exploring a number of plans to expand its customer base.
The first plan, collegially called We-Track-U, will use an app to collect information about its current Canadian
customer base. The expansion will allow its Canadian customers to use the app while traveling abroad. He
suggests that the company use this app to gather location information. If the plan shows promise, Bob
proposes to use push notifications and text messages to encourage existing customers to pre-register for an EU
version of the service. Bob calls this work plan, We-Text-U. Once the company has gathered enough preregistrations, it will develop EU-specific content and services.
Another plan is called Customer for Life. The idea is to offer additional services through the company’s app,
like storage and sharing of DNA information with other applications and medical providers. The company’s
contract says that it can keep customer DNA indefinitely, and use it to offer new services and market them to
customers. It also says that customers agree not to withdraw direct marketing consent. Paul, the marketing
director, suggests that the company should fully exploit these provisions, and that it can work around
customers’ attempts to withdraw consent because the contract invalidates them.
The final plan is to develop a brand presence in the EU. The company has already begun this process. It is in
the process of purchasing the naming rights for a building in Germany, which would come with a few offices
that Who-R-U executives can use while traveling internationally. The office doesn’t include any technology or
infrastructure; rather, it’s simply a room with a desk and some chairs.
On a recent trip concerning the naming-rights deal, Bob’s laptop is stolen. The laptop held unencrypted DNA
reports on 5,000 Who-R-U customers, all of whom are residents of Canada. The reports include customer
name, birthdate, ethnicity, racial background, names of relatives, gender, and occasionally health information.
If Who-R-U adopts the We-Track-U pilot plan, why is it likely to be subject to the territorial scope of the

A. Its plan would be in the context of the establishment of a controller in the Union.

B. It would be offering goods or services to data subjects in the Union.

C. It is engaging in commercial activities conducted in the Union.

D. It is monitoring the behavior of data subjects in the Union.


Question 3

In which of the following cases, cited as an example by a WP29 guidance, would conducting a single data
protection impact assessment to address multiple processing operations be allowed?

A. A medical organization that wants to begin genetic testing to support earlier research for which they have performed a DPIA.

B. A data controller who plans to use a new technology product that has already undergone a DPIA by the product’s provider.

C. A marketing team that wants to collect mailing addresses of customers for whom they already have email addresses.

D. A railway operator who plans to evaluate the same video surveillance in all the train stations of his company.


Question 4

What type of data lies beyond the scope of the General Data Protection Regulation?

A. Pseudonymized

B. Anonymized

C. Encrypted

D. Masked


Question 5

Read the following steps:
Discover which employees are accessing cloud services and from which devices and apps Lock down
the data in those apps and devices
Monitor and analyze the apps and devices for compliance
Manage application life cycles
Monitor data sharing
An organization should perform these steps to do which of the following?

A. Pursue a GDPR-compliant Privacy by Design process.

B. Institute a GDPR-compliant employee monitoring process.

C. Maintain a secure Bring Your Own Device (BYOD) program.

D. Ensure cloud vendors are complying with internal data use policies.


Related exams