Want to pass your IAPP CIPP-E exam in the very first attempt? Try Exam2pass! It is equally effective for both starters and IT professionals.
Vendor: IAPP
Exam Code: CIPP-E
Exam Name: Certified Information Privacy Professional/Europe (CIPP/E)
Certification Provider: IAPP
Total Questions: 307 Q&A ( View Details)
Updated on: Jul 01, 2026
Note: Product instant download. Please sign in and click My account to download your product.Pursuant to Article 4(5) of the GDPR, data is considered "pseudonymized" if?
A. It cannot be attributed to a data subject without the use of additional information.
B. It cannot be attributed to a person under any circumstances.
C. It can only be attributed to a person by the controller.
D. It can only be attributed to a person by a third party.
SCENARIO
Please use the following to answer the next question:
Jane starts her new role as a Data Protection Officer (DPO) at a Malta-based company that allows anyone to buy and sell cryptocurrencies via its online platform. The company stores and processes the personal data of its customers in a
dedicated data center located in Malta (EU).
People wishing to trade cryptocurrencies are required to open an online account on the platform. They then must successfully pass a Know Your Customer (KYC) due diligence procedure aimed at preventing money laundering and ensuring
compliance with applicable financial regulations.
The non-European customers are also required to waive all their GDPR rights by reading a disclaimer written in bold and ticking a checkbox on a separate page in order to get their account approved on the platform.
All customers must likewise accept the terms of service of the platform. The terms of service also include a privacy policy section, saying, among other things, that if a customer fails the KYC process, its KYC data will be automatically shared
with the national anti-money laundering agency.
The KYC procedure requires customers to answer many questions, including whether they have any criminal convictions, whether they use recreational drugs or have problems with alcohol, and whether they have a terminal illness. While
providing this data, customers see a conspicuous message saying that this data is meant only to prevent fraud and account takeover, and will be never shared with private third parties.
The company regularly conducts external security testing of its online systems by independent cybersecurity companies from the EU. At the final stage of testing, the company provides cybersecurity assessors with access to its central
database to review security permissions, roles and policies. Personal data in the database is encrypted; however, cybersecurity assessors usually have access to the decryption keys obtained while running initial security testing. The
assessors must strictly follow the guidelines imposed by the company during the entire testing and auditing process.
All customer data, including trading activities and all internal communications with technical support, are permanently stored in a secured AWS S3 Glacier cloud data storage, located in Ireland, for backup and compliance purposes. The data
is securely transferred to the cloud and then is properly encrypted while at rest by using AWS-native encryption mechanisms. These mechanisms give AWS the necessary technical means to encrypt and decrypt the data when such is
required by the company. There is no data processing agreement between AWS and the company.
What is potentially wrong with the backup system operated in the AWS cloud?
A. The AWS servers are located in the EU but in a country different than the location of the corporate headquarters.
B. It is unlawful to process any personal data in a cloud unless the cloud is certified as GOPR-compliant by a competent supervisory authority.
C. The data storage period has to be revised, and a data processing agreement w*h AWS must be signed
D. AWS is a U S company, and no personal data of European residents may be transferred to it without explicit written consent from data subjects.
Article 58 of the GDPR describes the power of supervisory authorities. Which of the following is NOT among those granted?
A. Legislative powers.
B. Corrective powers.
C. Investigatory powers.
D. Authorization and advisory powers.
Exam2pass CIPP-E exam dumps are contained with latest CIPP-E real exam questions and answers. Exam2pass CIPP-E PDF and VCE simulator are revised by the most professional CIPP-E expert team. All the CIPP-E exam questions are selected from the latest real exam and answers are revised to be accurate. 100% pass guarantee and money back on exam failure.
Exam2pass has the most skillful CIPP-E experts. Candidates can get timely help when needed. Exam2pass CIPP-E exam PDF and VCE simulator are the most up-to-date and valid. The most professional support service are provided to help the CIPP-E candidates at anytime and anywhere.
Exam2pass CIPP-E exam PDF and VCE simulator are timely updated in 365 days a year. Users can download the update for free for 365 days after payment. Exam2pass CIPP-E exam dumps are updated frequently by the most professional CIPP-E expert team. CIPP-E candidates can have the most valid CIPP-E exam PDF and VCE at any time when needed.
Download free demo of the Exam2pass exam PDF and VCE simulator and try it. Do not need to pay for the whole product before you try the free trial version. Get familiar about the exam questions and exam structure by trying the free sample questions of the exam PDF and VCE simulator. Try before purchase now!