CIPP-E Exam QuestionsBrowse all questions from this exam

CIPP-E Exam - Question 13


What type of data lies beyond the scope of the General Data Protection Regulation?

Show Answer
Correct Answer: B

When data is anonymized, it is processed in such a way that it can no longer be used to identify an individual, either directly or indirectly. Once anonymized, the data is no longer considered personal data and thus falls outside the scope of the General Data Protection Regulation (GDPR). The GDPR applies to personal data that can either directly or indirectly identify an individual, which includes pseudonymized, encrypted, and masked data as they can potentially be used to re-identify a person.

Discussion

12 comments
Sign in to comment
JackDoeOption: B
Dec 7, 2022

B is the right one. It still possible to identify a data subject if you decrypt the data.

ZA2022Option: B
Dec 30, 2022

AGREE IT SHOULD BE B

AymanOthmanOption: B
Jan 13, 2023

B. Anonymized

Vanda77Option: B
Feb 9, 2023

Definitely B. Anonymized

EvelynRavioliOption: C
Feb 16, 2023

To all saying B: anonymized data have been specified as a form of data within the GDPR. Encryption has been discussed in te GDPR only as a form of additional security, not as a type of data. Thus when the question is "what type of data lies beyond the scope" it's encrypted data. Hence answer C.

ZeroStatic
Apr 2, 2023

Scope here should refer to what type of data falls under GDPR, not whether it is discussed or not. The GDPR specifically does not apply to data that is not considered personal data, ie.: anonymized data. Encrypted data may still be considered personal data, and as such it should be B.

SnickersnameOption: B
Nov 26, 2023

https://commission.europa.eu/law/law-topic/data-protection/reform/what-personal-data_en#:~:text=Different%20pieces%20of%20information%2C%20which,the%20scope%20of%20the%20GDPR. B. ANONYMIZED Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data. Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the GDPR. Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data. For data to be truly anonymised, the anonymisation must be irreversible.

SecretInvasionOption: B
Oct 21, 2023

https://commission.europa.eu/law/law-topic/data-protection/reform/what-personal-data_en#:~:text=Different%20pieces%20of%20information%2C%20which,the%20scope%20of%20the%20GDPR. B. ANONYMIZED Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data. Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the GDPR. Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data. For data to be truly anonymised, the anonymisation must be irreversible.

loejeeOption: B
Oct 27, 2023

this is 100% B. Not C

SnickersnameOption: B
Nov 28, 2023

B is the right one. It still possible to identify a data subject if you decrypt the data

saffronOption: B
Mar 30, 2024

B is the right answer.

aliblablaOption: B
Apr 1, 2024

It is B, not C

SsouravOption: B
Jul 22, 2024

B. Anonymized Anonymized data is data that has been processed in such a way that it can no longer be used to identify an individual, either directly or indirectly. Once data is truly anonymized, it is no longer considered personal data and falls outside the scope of the GDPR. This is because anonymized data does not pose the same privacy risks as data that can be linked to an individual. Pseudonymized, encrypted, and masked data still fall within the scope of the GDPR because they can potentially be re-identified or decrypted to reveal personal information.