Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. IAPP
  5. CIPP-E

IAPP CIPP-E Exam
Certified Information Privacy Professional/Europe (CIPP/E) (Page 7 )

Updated On: 1-Feb-2026
Page 7 of 55
PDF with 307 Questions

Which of the following was the first to implement national law for data protection in 1973?

  1. France
  2. Sweden
  3. Germany
  4. United Kingdom

Answer(s): B


Reference:

https://scandinavianlaw.se/pdf/47-18.pdf
Sweden was the first country to enact a national data protection law in 1973, called the Data Act. It went into effect on 1 July 1974 and required licenses by the Swedish Data Protection Authority for information systems handling personal data. The law was a result of public concern about the use of computers and the potential abuse of personal data by the government and other entities. The law was later superseded by the Personal Data Act in 1998, which implemented the EU Data Protection Directive.

Data Act (Sweden) - Wikipedia, Data Privacy Act: A Brief History of Modern Data Privacy Laws - eperi, Swedish Authority for Privacy Protection - Wikipedia Learn more
1en.wikipedia.org2blog.eperi.c



The GDPR forbids the practice of "forum shopping", which occurs when companies do what?

  1. Choose the data protection officer that is most sympathetic to their business concerns.
  2. Designate their main establishment in member state with the most flexible practices.
  3. File appeals of infringement judgments with more than one EU institution simultaneously.
  4. Select third-party processors on the basis of cost rather than quality of privacy protection.

Answer(s): B



What is the most frequently used mechanism for legitimizing cross-border data transfer?

  1. Standard Contractual Clauses.
  2. Approved Code of Conduct.
  3. Binding Corporate Rules.
  4. Derogations.

Answer(s): A


Reference:

https://www.dataguidance.com/opinion/international-eu-us-cross-border-data-transfers



If a French controller has a car-sharing app available only in Morocco, Algeria and Tunisia, but the data processing activities are carried out by the appointed processor in Spain, the GDPR will apply to the processing of the personal data so long as?

  1. The individuals are European citizens or residents.
  2. The data processing activities are in Spain.
  3. The data controller is in France.
  4. The EU individuals are targeted.

Answer(s): D



Select the answer below that accurately completes the following:
"The right to compensation and liability under the GDPR...

  1. ...provides for an exemption from liability if the data controller (or data processor) proves that it is not in any way responsible for the event giving rise to the damage."
  2. ...precludes any subsequent recourse proceedings against other controllers or processors involved in the same processing."
  3. ...can only be exercised against the data controller, even if a data processor was involved in the same processing."
  4. ...is limited to a maximum amount of EUR 20 million per event of damage or loss."

Answer(s): B


Reference:

https://gdpr-info.eu/art-82-gdpr/



Viewing page 7 of 55
Viewing questions 31 - 35 out of 307 questions



Post your Comments and Discuss IAPP CIPP-E exam prep with other Community members:

Join the CIPP-E Discussion