All Practice Exams

117+ Free ICS CDPP Practice Questions

Pass your ICS Certified Data Protection Practitioner (CDPP, Ireland) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
117+ Questions
100% Free

Loading practice questions...

Same family resources

Explore More Irish Computer Society Professional

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

2026 Statistics

Key Facts: ICS CDPP Exam

40 questions

Official ICS CDPP multiple-choice exam length

ICS — Certified Data Protection Practitioner

45 minutes

Time allowed for the Prometric CDPP exam

ICS — Certified Data Protection Practitioner

70% pass mark

Candidates need 28 out of 40 correct answers

ICS — Certified Data Protection Practitioner

€1,890–€2,100

ICS member and non-member course fees including first exam

ICS — Certified Data Protection Practitioner

DPC

Data Protection Commission — Ireland's GDPR supervisory authority

Data Protection Act 2018

72 hours

Default window to notify the supervisory authority of a breach when feasible

GDPR Article 33

Annual CPD

CDPP certification is renewed yearly on verified continuing professional development

ICS — Certified Data Protection Practitioner

100

Free original practice MCQs on OpenExamPrep with Irish GDPR context

OpenExamPrep

ICS CDPP certifies practical GDPR and Irish DPA 2018 competence for data-protection professionals. The live Prometric exam has 40 MCQs in 45 minutes; you need 70% (28/40) to pass. Course fees are €1,890 (members) or €2,100 (non-members), including the first exam. This free 100-question bank adds Irish DPC context for extra practice.

Sample ICS CDPP Practice Questions

Try these sample questions to test your ICS CDPP exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 117+ question experience with AI tutoring.

1Why did the EU replace the 1995 Data Protection Directive with the General Data Protection Regulation (GDPR)?
A.To harmonise stronger data protection rules across Member States and increase individual control over personal data
B.To abolish national supervisory authorities in favour of a single EU court
C.To permit unrestricted commercial profiling without consent in the digital economy
D.To transfer all data protection enforcement exclusively to the European Court of Justice
Explanation: The GDPR (Regulation (EU) 2016/679) modernised EU data protection by replacing the 1995 Directive with directly applicable rules, stronger rights, and consistent enforcement. Ireland gives further national effect through the Data Protection Act 2018.
2In Ireland, which statute primarily gives further national effect to the GDPR alongside directly applicable EU law?
A.The Data Protection Act 2018
B.The Freedom of Information Act 2014
C.The Electronic Commerce Act 2000
D.The Companies Act 2014
Explanation: The Data Protection Act 2018 is Ireland's principal national data protection legislation. It establishes the Data Protection Commission, addresses law-enforcement processing, and supplements GDPR provisions where Member States may legislate.
3A US-based SaaS vendor stores personal data of customers who registered through its Dublin sales office. Which concept BEST explains why GDPR likely applies?
A.Establishment of an EU branch or office triggering Article 3(1) territorial scope
B.Automatic exemption because the parent company is incorporated outside the EU
C.GDPR applies only when data is stored on servers physically located in Ireland
D.Territorial scope is determined solely by the data subject's citizenship
Explanation: Article 3(1) GDPR applies to processing in the context of an establishment in the Union. A Dublin office can bring processing into GDPR scope even if servers are elsewhere. Physical server location alone does not determine applicability.
4Under Article 3(2) GDPR, a Canadian e-commerce site targets Irish consumers with Euro pricing and Irish delivery. Which outcome is MOST accurate?
A.GDPR may apply to the processing of those Irish customers' personal data
B.GDPR never applies to non-EU businesses regardless of targeting
C.GDPR applies only if the company has more than 250 employees
D.GDPR applies only to special category data in this scenario
Explanation: Article 3(2) extends GDPR to non-EU controllers or processors offering goods or services to individuals in the Union or monitoring their behaviour. Targeting Irish consumers can trigger obligations even without an EU establishment.
5Which statement BEST describes the relationship between GDPR and the Irish Data Protection Act 2018 for general (non-law-enforcement) processing?
A.GDPR applies directly and the 2018 Act supplements it with national provisions and establishes the DPC
B.The 2018 Act replaces GDPR entirely for Irish organisations
C.GDPR applies only to public bodies; private firms follow the 2018 Act alone
D.The 2018 Act applies only to manual filing systems created before 2018
Explanation: GDPR has direct effect in Ireland. The Data Protection Act 2018 fills gaps where Member States may legislate, creates the DPC, and addresses specific national contexts including law-enforcement processing in later Parts.
6A Galway charity processes donor contact details for fundraising. Which legal framework governs this activity in Ireland?
A.GDPR together with the Data Protection Act 2018
B.Charity law exclusively, with no data protection rules
C.GDPR only for charities with annual income above €1 million
D.The 2018 Act only; GDPR does not apply to non-profit organisations
Explanation: Non-profit organisations processing personal data are subject to GDPR and the Data Protection Act 2018 when they determine purposes and means of processing. Charity status does not exempt data protection law.
7An Irish health insurer argues that EU data protection law should not apply to its processing because it predates GDPR. Which response is MOST legally sound?
A.GDPR applies to ongoing processing from 25 May 2018 regardless of when processing began
B.Pre-2018 processing is permanently grandfathered outside GDPR
C.Only processing started after 2018 requires a lawful basis
D.Irish insurers are exempt under the Data Protection Act 2018 Part 2
Explanation: GDPR applies to processing activities from its application date. Organisations must align legacy processing with GDPR principles, lawful bases, and accountability requirements rather than relying on pre-2018 practices.
8Which GDPR provision sets out the core processing principles for personal data, including accountability?
A.Article 5
B.Article 6
C.Article 9
D.Article 30
Explanation: Article 5 GDPR establishes seven principles: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; plus accountability under Article 5(2).
9Which GDPR chapter primarily addresses the rights of data subjects?
A.Chapter III
B.Chapter II
C.Chapter IV
D.Chapter IX
Explanation: Chapter III GDPR (Articles 12–23) sets out transparency obligations and individual rights including access, rectification, erasure, and objection. Chapter II covers principles; Chapter IV covers controller and processor obligations.
10A Limerick fintech maps its GDPR compliance programme. Which Article group should it consult for processor contract requirements?
A.Article 28
B.Article 17
C.Article 35
D.Article 83
Explanation: Article 28 GDPR mandates written contracts between controllers and processors, specifying subject matter, duration, nature and purpose of processing, data types, and obligations on security and sub-processing.

About the ICS CDPP Exam

The ICS Certified Data Protection Practitioner (CDPP) is a three-day professional programme certifying practical knowledge of GDPR, the Data Protection Act 2018, and organisational data protection practice in Ireland. The course covers legislation background, key definitions, processing principles, lawful bases, data subject rights, transparency, breaches, key roles, supervisory authority functions, organisational responsibilities, DPIAs, enforcement, and international transfers. Candidates sit a 45-minute, 40-question closed-book multiple-choice exam proctored by Prometric. CDPP certification is renewed annually through verified CPD. Successful completion meets the knowledge requirement for ADPO Practitioner membership and assists entry to DCU's Graduate Certificate in Data Protection.

Assessment

Single closed-book Prometric exam with 40 multiple-choice questions. Unanswered questions are marked incorrect. Valid government-issued photo ID is required at the test centre.

Time Limit

45 minutes for the official CDPP certification exam.

Passing Score

70% — candidates must answer at least 28 of 40 multiple-choice questions correctly to earn the CDPP certification.

Exam Fee

Course fee includes the first exam attempt: €1,890 (ICS members) or €2,100 (non-members). Exam rewrite fee: €300 per attempt. (Irish Computer Society (ICS) in partnership with the Association of Data Protection Officers (ADPO))

ICS CDPP Exam Content Outline

15%

Legislation & GDPR Framework

Evolution of data protection law, GDPR territorial scope, Data Protection Act 2018 structure, and relationship between EU and Irish rules.

15%

Key Terms & Principles

Personal data, special categories, pseudonymisation, controllers, processors, and Article 5 accountability principles.

15%

Lawful Bases & Transparency

Article 6 bases, consent conditions, privacy notices, and layered transparency under Articles 12–14.

15%

Data Subject Rights & SARs

Rights of access, rectification, erasure, restriction, portability, objection, and SAR response timelines.

15%

Roles, Accountability & Organisational Duties

DPO designation, Article 28 processor terms, records of processing, policies, and governance frameworks.

15%

Breaches, DPIAs & Risk

Breach assessment, 72-hour DPC notification, individual notification, DPIA triggers, and risk mitigation.

10%

Enforcement, Fines & International Transfers

DPC investigation powers, GDPR fine tiers, infringement factors, adequacy decisions, and transfer safeguards.

How to Pass the ICS CDPP Exam

What You Need to Know

  • Passing score: 70% — candidates must answer at least 28 of 40 multiple-choice questions correctly to earn the CDPP certification.
  • Assessment: Single closed-book Prometric exam with 40 multiple-choice questions. Unanswered questions are marked incorrect. Valid government-issued photo ID is required at the test centre.
  • Time limit: 45 minutes for the official CDPP certification exam.
  • Exam fee: Course fee includes the first exam attempt: €1,890 (ICS members) or €2,100 (non-members). Exam rewrite fee: €300 per attempt.

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

ICS CDPP Study Tips from Top Performers

1Work through Brendan Quinn's Data Protection Implementation Guide provided on the ICS CDPP course.
2Memorise the six Article 6 lawful bases and match each to realistic Irish organisational scenarios.
3Know DSAR response timelines (one month, extendable by two) and when the DPC must be consulted on high-risk DPIAs.
4Understand controller vs processor duties and mandatory Article 28 contract clauses.
5Review the 72-hour breach-notification window to the DPC and criteria for notifying affected individuals.
6Take timed 45-minute practice sessions with 40 questions to simulate the official Prometric exam pace.

Frequently Asked Questions

How many questions are on the official ICS CDPP exam?

The CDPP exam contains 40 multiple-choice questions delivered in a 45-minute closed-book session at a Prometric test centre.

What score do I need to pass the CDPP exam?

You must answer at least 70% correctly — 28 out of 40 questions. Any unanswered question is marked incorrect.

How is the CDPP exam delivered?

The exam is computer-based and live-proctored by Prometric at an approved testing centre. You must present valid government-issued photo identification.

What does the CDPP course cover?

The three-day programme covers GDPR, the Data Protection Act 2018, key definitions, principles, lawful bases, data subject rights, transparency, breaches, organisational roles, DPIAs, enforcement, and international transfers, using Brendan Quinn's Data Protection Implementation Guide as the primary reference text.

How much does CDPP training cost?

ICS lists €1,890 per person for members and €2,100 for non-members, including the exam fee. An exam rewrite costs €300 per attempt.

Are these the official CDPP exam questions?

No. These are original OpenExamPrep multiple-choice items for extra drill. The live CDPP exam is a separate closed-book Prometric assessment after completing ICS training.