Free IAPP CIPP-E Actual Exam Questions - Question 5 Discussion

Not buying D since GDPR doesn’t set a max payout; it’s open-ended. D

A/B? D seems wrong since GDPR doesn’t cap compensation like that. B is off because you can sue multiple parties, so A fits better with GDPR’s shared liability rules.

I agree C sounds off since processors can be liable too. B seems unlikely because GDPR lets you go after multiple parties. D looks made up — GDPR doesn’t cap compensation like that, right? So A looks more plausible, no?

A/C? Option C can’t be right since processors can also be liable under GDPR, not just controllers. A makes sense because if the controller or processor proves no responsibility, they’re exempt from liability.

B, since GDPR allows claims against multiple parties, not just one.

It’s A because GDPR allows data controllers or processors to avoid liability if they prove no responsibility. D is off since GDPR doesn’t cap compensation amounts like that.

A/B? Option B seems wrong since GDPR allows claims against multiple parties, not just one, so it can’t preclude recourse. A fits better because it talks about proving no responsibility as an exemption, which makes sense.

Maybe D is off because the GDPR doesn’t set a specific max amount for compensation, so that limit feels made up. Options ruling out processors like C don’t fit with what I know either.

A/C? Option A makes some sense since liability can be avoided if there’s no fault, but C is wrong because processors can also be held liable, not just controllers. So A seems better here.

This question feels kinda tricky-none of these options sound totally right to me. Can someone clarify if the GDPR really limits liability or excludes processors in this way?