CIPP/E Chapter 1 Quiz

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Randy
R
Randy
Community Contributor
Quizzes Created: 2 | Total Attempts: 335
Questions: 31 | Attempts: 239

SettingsSettingsSettings
CIPP/E Chapter 1 Quiz - Quiz

.


Questions and Answers
  • 1. 

    Which was the first legally binding data protection instrument?

    • A.

      Convention 108

    • B.

      OECD Guidelines

    • C.

      Treaty of Libson

    • D.

      Data protection directive

    Correct Answer
    A. Convention 108
    Explanation
    Convention 108 was the first legally binding data protection instrument. It was adopted in 1981 by the Council of Europe and aimed to protect individuals' privacy and personal data. This convention established principles and rules for the collection, processing, and use of personal data by both public and private entities. It also emphasized the importance of individuals' rights and freedoms in relation to their personal data. Convention 108 has been influential in shaping data protection laws and regulations globally, and it continues to be a significant framework for ensuring privacy and data security.

    Rate this question:

  • 2. 

    Which treaty created the EU?

    • A.

      Treaty of Maastricht

    • B.

      Treaty of Libson

    • C.

      Treaty of Rome

    • D.

      Treaty of European Union

    Correct Answer
    A. Treaty of Maastricht
    Explanation
    The Treaty of Maastricht is the correct answer because it is the treaty that officially created the European Union (EU). It was signed in 1992 and came into effect in 1993. The treaty established the EU as a political and economic union, laying the foundation for the creation of the euro currency, the development of a common foreign and security policy, and the expansion of the EU's membership. The Treaty of Maastricht marked a significant step towards European integration and the formation of the EU as we know it today.

    Rate this question:

  • 3. 

    Which treaty promoted the European Charter of Fundamental human rights to the same legal status as other treaties, making it legally binding?

    • A.

      Treaty of Libson

    • B.

      Treaty of Rome

    • C.

      Treaty of European Union

    • D.

      Treaty of Maastricht

    Correct Answer
    A. Treaty of Libson
    Explanation
    The Treaty of Lisbon promoted the European Charter of Fundamental Human Rights to the same legal status as other treaties, making it legally binding. This treaty, signed in 2007 and entered into force in 2009, aimed to streamline and reform the functioning of the European Union. It strengthened the role of the EU institutions, enhanced the decision-making process, and increased the democratic accountability of the Union. One of the key provisions of the Treaty of Lisbon was the elevation of the Charter of Fundamental Human Rights to a legally binding document, ensuring the protection of human rights within the EU.

    Rate this question:

  • 4. 

    Germany requires an organization with at least what number of employees to appoint a DPO?

    • A.

      9

    • B.

      15

    • C.

      50

    • D.

      150

    Correct Answer
    A. 9
    Explanation
    Germany requires an organization with at least 9 employees to appoint a Data Protection Officer (DPO). The DPO is responsible for ensuring compliance with data protection laws and regulations, as well as advising the organization on data protection matters. This requirement is in line with the European Union's General Data Protection Regulation (GDPR), which aims to protect the privacy and personal data of individuals within the EU. By appointing a DPO, organizations can demonstrate their commitment to data protection and ensure that they handle personal data in a responsible and lawful manner.

    Rate this question:

  • 5. 

    Which treaty created the European Economic Area?

    • A.

      Treaty of Maastricht

    • B.

      Treaty of Libson

    • C.

      Treaty of Rome

    • D.

      Treaty of European Union

    Correct Answer
    C. Treaty of Rome
    Explanation
    The Treaty of Rome created the European Economic Area. This treaty, signed in 1957, established the European Economic Community (EEC) which aimed to create a common market among its member states. The EEC aimed to promote economic integration, free movement of goods, services, capital, and labor, and to eliminate trade barriers among its member countries. The Treaty of Rome was a key step in the formation of the European Union and laid the foundation for the development of the single market.

    Rate this question:

  • 6. 

    Which directive requires (and establishes) a data protection authority (DPA) in each member state?

    • A.

      Data protection directive

    • B.

      Data retention directive

    • C.

      Convention 108

    • D.

      General data protection regulation

    Correct Answer
    D. General data protection regulation
    Explanation
    The correct answer is the General Data Protection Regulation (GDPR). The GDPR requires and establishes a data protection authority (DPA) in each member state. These DPAs are responsible for enforcing and overseeing the application of the GDPR within their respective countries. They play a crucial role in ensuring the protection of individuals' personal data and promoting compliance with the regulation.

    Rate this question:

  • 7. 

    Which of the following is the Data Protection Directive?

    • A.

      95/46/EC

    • B.

      85/51/EC

    • C.

      71/45/EC

    • D.

      25/31/EC

    Correct Answer
    A. 95/46/EC
    Explanation
    The correct answer is 95/46/EC. This is the Data Protection Directive that was adopted by the European Union in 1995. It sets out the principles and rules for the protection of personal data within the EU member states. The directive aims to harmonize data protection laws across the EU and ensure that individuals' privacy rights are respected. It outlines requirements for the processing, storage, and transfer of personal data, as well as the rights of individuals to access and rectify their personal data.

    Rate this question:

  • 8. 

    When brexit occurs, UK will repeal which act?

    • A.

      European Communities Act (ECA)

    • B.

      Data Protection Act

    • C.

      Magnitsky Act

    • D.

      EU Withdrawal Act

    Correct Answer
    A. European Communities Act (ECA)
    Explanation
    When Brexit occurs, the UK will repeal the European Communities Act (ECA). This act was enacted in 1972 and it incorporated EU law into UK law, giving EU law supremacy over national law. Repealing the ECA will signify the UK's departure from the EU and the end of the supremacy of EU law in the UK.

    Rate this question:

  • 9. 

    Which treaty formally recognized the European Council as a EU institution?

    • A.

      Treaty of Maastricht

    • B.

      Treaty of Libson

    • C.

      Treaty of Rome

    • D.

      Treaty of European Union

    Correct Answer
    B. Treaty of Libson
    Explanation
    The Treaty of Lisbon formally recognized the European Council as a EU institution. The European Council is an important decision-making body within the EU, composed of the heads of state or government of EU member countries, along with the President of the European Commission. The treaty, signed in 2007 and entered into force in 2009, aimed to streamline and strengthen the EU's institutions and decision-making processes. It introduced changes to various EU treaties, including the recognition of the European Council as a formal institution.

    Rate this question:

  • 10. 

    Which of the following are directly applicable to EU member states?

    • A.

      EU regulations

    • B.

      EU Directives

    • C.

      Guidelines

    • D.

      EU precedents

    Correct Answer
    A. EU regulations
    Explanation
    EU regulations are directly applicable to EU member states. Regulations are binding legislative acts that are directly applicable in all EU member states without the need for national implementation. They have a direct effect and are automatically binding and enforceable in each member state. Therefore, EU regulations have a direct impact on the laws and policies of EU member states.

    Rate this question:

  • 11. 

    A data subject requests their data be deleted by an organziation. After reviewing, the organization determines they do not have any data on the data subect. Which is the appropriate response?

    • A.

      Respond and let the subject know they do not have data, and that the subject can contact their DPA to lodge a complaint

    • B.

      Do not respond

    • C.

      Respond and let the subject know they do not have data, and there is nothing more they can do

    • D.

      Respond and let the subject know they do not have data, and the subject can ask for a review but will be charged a nominal fee

    Correct Answer
    A. Respond and let the subject know they do not have data, and that the subject can contact their DPA to lodge a complaint
    Explanation
    The appropriate response in this situation is to inform the data subject that the organization does not have any data on them and advise them to contact their Data Protection Authority (DPA) if they wish to lodge a complaint. This ensures that the data subject is informed about the status of their data and provides them with a recourse to address any concerns they may have.

    Rate this question:

  • 12. 

    Which of the following is not a reason to decline a data subject's request for erasure of their data?

    • A.

      For the performance of a service

    • B.

      For legal claims (e.g. court cases)

    • C.

      For exercising the right of freedom of expression and information

    • D.

      For performance of a task carried out in public interest (research, public health, public interest)

    Correct Answer
    A. For the performance of a service
    Explanation
    The reason "For the performance of a service" is not a valid reason to decline a data subject's request for erasure of their data because the right to erasure, also known as the right to be forgotten, allows individuals to request the deletion or removal of their personal data when there is no compelling reason for its continued processing. The performance of a service does not qualify as a legitimate reason to retain someone's personal data against their request for erasure.

    Rate this question:

  • 13. 

    Which of the following is not a reason to decline a data subject's request for erasure of their data?

    • A.

      For social media purposes

    • B.

      For compliance with a legal obligation

    • C.

      For exercising the right of freedom of expression and information

    • D.

      For archiving purposes in public interest (research, scientific, statistical purposes)

    Correct Answer
    A. For social media purposes
    Explanation
    The reason "For social media purposes" is not a valid reason to decline a data subject's request for erasure of their data because social media purposes do not outweigh an individual's right to have their personal data erased. The right to erasure is a fundamental right under data protection laws, and social media purposes do not fall under any of the exceptions mentioned in the question. Therefore, a data subject's request for erasure should be honored regardless of social media purposes.

    Rate this question:

  • 14. 

    Which reason below is not a reason to not notify data subjects of a data breach?

    • A.

      Controller cannot prove data breach occurred

    • B.

      Controller has ensured the high risk from the data breach is likely to not materialize

    • C.

      Controller implemented appropriate protection methods to render data unintelligible to unauthorized users (e.g. encryption)

    • D.

      It would involve disproportionate effort

    Correct Answer
    A. Controller cannot prove data breach occurred
    Explanation
    The reason "Controller cannot prove data breach occurred" is not a valid reason to not notify data subjects of a data breach because notification should be made regardless of whether the controller can prove the breach occurred. The purpose of notifying data subjects is to inform them about the breach and any potential risks or consequences they may face. Even if the controller is unable to provide concrete evidence of the breach, it is still important to notify data subjects in order to maintain transparency and allow them to take any necessary actions to protect their personal data.

    Rate this question:

  • 15. 

    Who bust approve Binding Corporate Rules (BCRs) before they can be used?

    • A.

      Data Protection Authority

    • B.

      Executive Team

    • C.

      Outside Legal Counsel

    • D.

      The government where corporate HQ is located

    Correct Answer
    A. Data Protection Authority
    Explanation
    Binding Corporate Rules (BCRs) are a set of legally binding internal rules that govern the transfer of personal data within a multinational company. These rules must be approved by the Data Protection Authority before they can be implemented. The Data Protection Authority is responsible for ensuring that the BCRs comply with applicable data protection laws and regulations, and that they provide adequate safeguards for the protection of personal data. Therefore, the Data Protection Authority must review and approve the BCRs before they can be used by the company.

    Rate this question:

  • 16. 

    In which scenario is biometric data not covered under article 9?

    • A.

      Granting access

    • B.

      Identifying a person

    • C.

      Determining gender

    • D.

      Categorizing the individual

    Correct Answer
    A. Granting access
    Explanation
    Biometric data is not covered under Article 9 in the scenario of granting access. Article 9 of the General Data Protection Regulation (GDPR) prohibits the processing of special categories of personal data, including biometric data, unless certain conditions are met. However, when it comes to granting access, biometric data may be processed as it is necessary for authentication and security purposes. Therefore, in this scenario, the processing of biometric data is exempted from the restrictions of Article 9.

    Rate this question:

  • 17. 

    Which of the following is not a power the DPA has?

    • A.

      Adjudicative power

    • B.

      Investigatory power

    • C.

      Corrective Power

    • D.

      Authorization and advisory power

    Correct Answer
    A. Adjudicative power
    Explanation
    The correct answer is "Adjudicative power." The DPA, or Data Protection Authority, is an organization responsible for enforcing data protection laws. Adjudicative power refers to the authority to make legal judgments and decisions. However, the DPA's main powers include investigatory power (conducting investigations into data breaches or privacy violations), corrective power (imposing fines or penalties for non-compliance), and authorization and advisory power (granting permissions or providing guidance on data protection matters). Adjudicative power, which involves making legal judgments, is not within the scope of the DPA's responsibilities.

    Rate this question:

  • 18. 

    Which of the following is not considered employee monitoring?

    • A.

      Unique computer logins

    • B.

      Using a DLP tool

    • C.

      Setting up CCTV cameras in the office

    • D.

      Reviewing badge access

    Correct Answer
    A. Unique computer logins
    Explanation
    Unique computer logins are not considered employee monitoring because they are a basic security measure that allows employees to access their own computers and protect sensitive information. It is a standard practice for employees to have their own login credentials to ensure accountability and prevent unauthorized access. Employee monitoring, on the other hand, refers to the tracking and surveillance of employees' activities, such as monitoring their internet usage, email communications, or screen recording.

    Rate this question:

  • 19. 

    Which EU institutions are responsible for voting on legislation?

    • A.

      The Council

    • B.

      European Parliament

    • C.

      European Commission

    • D.

      The Council of Europe

    Correct Answer(s)
    A. The Council
    B. European Parliament
    Explanation
    The European Parliament and the Council of the European Union (often simply referred to as "The Council") are the two main institutions responsible for voting on and adopting legislation in the European Union. The European Commission proposes legislation, but it is the Parliament and the Council that debate, amend, and ultimately vote on the proposed laws. The Council of Europe is not an EU institution and does not have legislative powers in the EU.

    Rate this question:

  • 20. 

    Which EU institution defines EU priorities and sets political direction?

    • A.

      European Council

    • B.

      European Commission

    • C.

      European Parliament

    • D.

      The Council

    Correct Answer
    A. European Council
    Explanation
    The European Council is the correct answer because it is the EU institution that defines EU priorities and sets the political direction. It is made up of the heads of state or government of EU member countries, along with the President of the European Council and the President of the European Commission. The European Council meets regularly to discuss and make decisions on important issues and policies for the EU.

    Rate this question:

  • 21. 

    Which is not a responsibility of the European Data Protection Supervisor?

    • A.

      Levies disciplinary actions against EU company management who violate privacy rules

    • B.

      Supervises the EU administration's processing of personal data to ensure compliance with privacy rules

    • C.

      Advises EU institutions and bodies on all aspects of personal data processing and related policies and legislation

    • D.

      Works with the national authorities of EU countries to ensure consistency in data protection

    Correct Answer
    A. Levies disciplinary actions against EU company management who violate privacy rules
    Explanation
    The European Data Protection Supervisor is responsible for supervising the EU administration's processing of personal data to ensure compliance with privacy rules, advising EU institutions and bodies on personal data processing and related policies and legislation, and working with national authorities of EU countries to ensure consistency in data protection. However, levying disciplinary actions against EU company management who violate privacy rules is not a responsibility of the European Data Protection Supervisor.

    Rate this question:

  • 22. 

    Which European law harmonized data protection laws across member states?

    • A.

      Data Protection Directive

    • B.

      Convention 108

    • C.

      Data Privacy Directive

    • D.

      General Data Protection Regulation

    Correct Answer
    D. General Data Protection Regulation
    Explanation
    The General Data Protection Regulation (GDPR) is a European law that standardizes data protection regulations across EU member states. It aims to protect the personal data of individuals within the EU by regulating how organizations collect, process, and store such data, enhancing privacy rights and ensuring data security and transparency.

    Rate this question:

  • 23. 

    Which court oversees the 27 EU member states of the EU?

    • A.

      European Court of Justice

    • B.

      European Court of Human Rights

    • C.

      European Criminal Court of Justice

    • D.

      Convention 108

    Correct Answer
    A. European Court of Justice
    Explanation
    European Court of Human Rights is part of the Council of Europe, which has 47 members states (including Russia)

    Rate this question:

  • 24. 

    Which of the following is the eCommerce Directive??

    • A.

      2000/31/EC

    • B.

      2002/58/EC

    • C.

      95/48/EC

    • D.

      2002/56/EC

    Correct Answer
    A. 2000/31/EC
    Explanation
    The correct answer is 2000/31/EC. This directive, also known as the eCommerce Directive, is a European Union law that establishes certain legal rules for online services and electronic commerce in the internal market. It covers various aspects such as information society services, liability of intermediaries, electronic contracts, and electronic marketing. It aims to create a harmonized legal framework for online businesses and promote the development of the digital economy within the EU.

    Rate this question:

  • 25. 

    The eCommerce Directive protects all of the following except which from illegal acts of their users

    • A.

      Application Developers

    • B.

      Telecoms

    • C.

      Social Networks

    • D.

      Website Operators

    Correct Answer
    A. Application Developers
    Explanation
    The eCommerce Directive protects telecoms, social networks, and website operators from illegal acts of their users. However, it does not extend the same protection to application developers. This means that application developers can be held liable for any illegal activities or content that users engage in or share through their applications.

    Rate this question:

  • 26. 

    An email provider would be legally protected if one of it's users threatened a policitician for a political decision under eCommerce Directive

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    eCommerce Directive only applies to online economic activity. Using an email system to threaten a politician is not economic activity.

    Rate this question:

  • 27. 

    Which is not an example of something performed by a data processor?

    • A.

      Defining personal data

    • B.

      Collecting personal data

    • C.

      Storing personal data

    • D.

      Deleting personal data

    Correct Answer
    A. Defining personal data
    Explanation
    A data processor is responsible for processing and managing personal data, such as collecting, storing, and deleting it. However, defining personal data is not a task performed by a data processor. Defining personal data is typically done by the data controller, who determines what types of data are considered personal and how they should be processed.

    Rate this question:

  • 28. 

    Processors have fewer legal requirements than controllers

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    Processors have fewer legal requirements than controllers because processors are entities that process personal data on behalf of the controller, whereas controllers determine the purposes and means of the processing. Controllers have more legal obligations and responsibilities under data protection laws, including the requirement to obtain consent from data subjects, implement appropriate security measures, and ensure compliance with data protection principles. Processors, on the other hand, have fewer direct legal obligations and primarily have to follow the instructions of the controller and implement appropriate security measures.

    Rate this question:

  • 29. 

    Which data processing principal is least reliable?

    • A.

      Consent

    • B.

      Public Interest

    • C.

      Legitimate interest

    • D.

      Legal obligation

    Correct Answer
    A. Consent
    Explanation
    Consent is most unreliable because the data subject may withdraw consent at any time.

    Rate this question:

  • 30. 

    A company can charge for responses to data subjects's exercise of rights

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    If the subjects' requests are unfounded or excessive (repetitive), the controller may charge a reasonable fee or refuse the request. Controller bears the burden of proof

    Rate this question:

  • 31. 

    Which is the first law to require and establish DPAs in each member state?

    • A.

      Data protection directive

    • B.

      General data protection regulation

    • C.

      ECommerce directive

    • D.

      Convention 108

    Correct Answer
    A. Data protection directive
    Explanation
    The Data Protection Directive is the correct answer because it was the first law to require and establish Data Protection Authorities (DPAs) in each member state. This directive, adopted in 1995, aimed to protect individuals' personal data and ensure its free movement within the European Union. It established the framework for data protection laws in EU member states and required each state to set up an independent DPA to enforce and oversee compliance with the directive's provisions. The General Data Protection Regulation (GDPR) replaced the Data Protection Directive in 2018, further strengthening data protection laws in the EU.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Jun 28, 2024
    Quiz Edited by
    ProProfs Editorial Team
  • Apr 28, 2020
    Quiz Created by
    Randy
Back to Top Back to top
Advertisement