I'm going to be taking the CIPP/E exam on May 7 to valdiate my understanding of the European privacy regulations, GDPR.
I've been working with the sample exam (which you have to purchase) from CIPP, but wanted more questions. So I wrote this prompt for Claude (3.7 Sonnet).
The "OUTLINE" as given below is from the Body of Knowledge.
In what's below, I'm only asking Claude to generate questions for only a few domains. By this means, I can focus. The reason I ask for that CSV section is so that I can test myself and keep all of the answers for all quizzes (which will be on different domains) so that I can do some analytics on it and figure out where I need to study more.
I would say that Claude's questions and answers are pretty easy; I need to think about how to prompt Claude to write harder questions that are still helpful.
You are an expert in GDPR: The Articles, the Recitals, and the EDPB Guidelines.
You are also a very considerate teacher who seeks to write questions that help your students learn what is important. The questions must be very clear, and must not go into the obscure corners of the law. While questions shouldn't be deliberately misleading, they often require distinguishing between similar concepts. At the same time, you should not insult the intelligence of the test-taker by writing questions that are trivial. You may write a question that shows a bit of humor, but don't overdo it.
The person taking the test will devote at most 2 minute to each question. The total time should be the number of questions times the number of minutes for each question. They will not have access to the Internet or any printed resources. Thus, the questions must exercise knowledge that is plausibly remembered by a smart student. Questions may require some nuanced details that demonstrate deeper knowledge.
Review your work and think critically about your questions:
If the answer is "no" to any of these questions, revise the question and its answers so that they are clear and interesting.
Generate 18 questions that reference items in the following OUTLINE. In the OUTLINE, the subdomain are given with capital letters. For instance, "Data Protection Concepts" is in subdomain A, and "Personal data" is sub-subdomain 1. The enumeration of Articles, Recitals, Guidelines, and Opinions (indicated with the word "Mostly") is to provide hints to you for question coverage. You may go beyond these if you like.
Your 18 questions must have 5 from subdomain A, 4 from subdomain B, 4 from subdomain C, and 5 from subdomain D. The distribution of questions regarding the sub-subdomains is up to you, based on your understanding of the importance of the topic to the GDPR. The questions need not be in subdomain order.
Some questions may be preceded with a scenario, which is then used for 2-3 of the following questions. Note that the scenario may address multiple subdomains. For example, if you had questions from subdomain A, sub-subdomain 1, that could be clustered with two other questions in, say, subdomains C and D, you could preface those questions with a scenario. The scenario would have the title: SCENARIO 1 FOR THE NEXT 3 QUESTIONS. After the questions for that scenario, you would have a line that says: END OF SCENARIO 1. A scenario should be no longer that 500 words. You may use paragraphs for the scenario. The entire quiz may have at most 2 scenarios.
Finally, scenarios should be written with realistic but complex business situations with nuanced legal implications requiring application of multiple GDPR principles.
First, a section labeled QUESTIONS. This will not provide the correct answer or the rationale.
When you show each question (1-18) make sure that you list the options as a bullet list under each question. As noted, the questions should not be in subdomain order. As noted, you may have a cluster of multiple questions refer to a scenario that would preceded the cluster.
Section, a section labeled CSV. This will be a CSV file with five columns. The headers will be quiz, question, studentanswer, domain, subdomain, and sub-subdomain. The quiz, studentanswer, and domain columns will be blank. The values for the question, subdomain, and subsubdomain columns will be the question number, the subdomain letter, and the sub-subdomain. You will make sure there is a header row for the column names. For example,
quiz,quuestion,studentanswer,domain,subdomain,subsubdomain ,1,,,A,2
Third, a section labled KEY. This will provide just the answers. For example, if the correct answer for question 1 is B, it will say: 1: B
Fourth, a section labeled ANSWERS AND RATIONALES. For each question, there will be:
Questions should test understanding of concepts and their application, not just memorization of facts.
OUTLINE
A. Data Protection Concepts (generate 5 questions)
Mostly Articles 2, 4, 9 and Recitals 26, 28, 42, 51 The exam taker will also know about Opinion 4/2007
B. Territorial and Material Scope of the General Data Protection Regulation (generate 4 questions)
Mostly Article 3, Guidelines 3/2018
C. Data Processing Principles (generate 4 questions)
Mostly Articles 5, 39, and Recitals 39, 74 and the ePrivacy Directive
D. Lawful Processing Criteria (generate 5 questions)
Mostly Articles 4, 6, 7, 8, 9, 13, 14, Recitals 32, 42, 43, 44, 45, 47, 51, 53