Free IAPP CIPP-E Actual Exam Questions - Question 3 Discussion
principle found in the GDPR?
C imo, bulk collection totally clashes with GDPR’s data minimization rule.
It’s A. Breach notification is in GDPR but only when risk is high, so a blanket obligation like in 108+ doesn’t fully match GDPR’s more nuanced approach. That makes A less consistent than C.
C, since bulk collection directly contradicts GDPR’s core principles.
Maybe A. The GDPR requires breach notification, but it’s not exactly an “obligation to declare” in all cases—there are thresholds and timing rules that might differ from 108+. C definitely goes against GDPR’s minimization, and B fits well with GDPR’s accountability. So A could be the one that’s not perfectly aligned with GDPR principles, especially if 108+ has a broader or different breach reporting requirement.
A/B? While breach notification (A) is in GDPR, the exact scope might differ, so maybe it’s not fully aligned. B about showing compliance matches GDPR’s accountability principle, so less likely the odd one out.
Probably C, bulk collection definitely clashes with GDPR’s data minimization rule.
Maybe A, since GDPR requires notifying authorities only for breaches likely to cause risk, not all breaches. So the blanket obligation in A might differ from GDPR’s more nuanced rule.
Not A, since breach notification is a core GDPR rule too. The bulk collection in C clearly contradicts GDPR’s principles on limiting data gathered, so C is the one not consistent here.
C/B? Bulk data collection (C) clearly goes against GDPR principles, but the requirement to prove compliance (B) is also a GDPR key. So C sticks out more as not consistent here.
A/C? Breach notification (A) and compliance proof (B) are definitely GDPR-aligned. Bulk collection (C) totally contradicts GDPR’s data minimization, so C makes the most sense as the odd one out.
A/B? GDPR definitely requires breach notification and proving compliance. Bulk collection by governments (C) doesn’t align with GDPR’s core principle of data minimization, so that seems like the odd one out here.
Makes sense to go with C here. GDPR is all about limiting data collection to what’s necessary, so bulk government collection clashes with that. Options A and B are clearly part of GDPR’s framework—breach reporting and accountability are key. So, C stands out as the one that doesn’t fit.
A/B? Breach notification (A) and compliance proof (B) are definitely GDPR staples. Bulk collection (C) feels way off since GDPR stresses data minimization, not mass gathering by governments.
Probably C here too. Both A and B are pretty aligned with GDPR—breach notification and showing compliance are core parts there. GDPR doesn’t really support the idea of bulk data collection by governments as a principle; it’s more about minimizing data and protecting privacy. So C stands out as not fitting with GDPR’s approach.
Option C seems off for me. Bulk collection by the government isn't something I associate with GDPR principles, which focus more on limiting data processing and protecting individual rights. The other two options fit better with the transparency and accountability themes in GDPR. Not sure if there's a trick here, but C stands out as inconsistent.