CIPP-E EXAM PRACTICE EXAM AND STUDY

• | P a g e

CIPP-E EXAM PRACTICE EXAM AND STUDY

GUIDE NEWEST ACTUAL EXAM 300

QUESTIONS AND CORRECT DETAILED

ANSWERS (VERIFIED ANSWERS) |A+ GRADED

CIPP-E EXAM

What information must be provided to the data subject when the information is obtained INDIRECTLY about the data subject? - ANSWER-- Source of the data must be provided to the data subject

• All information required so data subject could perform direct

collection

• Must occur within a reasonable time after obtaining data (<1

month) or upon first communication with the data subject when the personal data is used to communicate.

What are exceptions to when information must be provided to the data subject when the information is obtained INDIRECTLY 1 / 4

• | P a g e

about the data subject? - ANSWER-- If impossible or requires disproportionate effort or would render impossible or seriously impair the purpose of the data processing

• National or EU law provide protections

• National or EU laws require data to be kept secret

What are the data subject's granted rights under the GDPR? - ANSWER-- Right to access

• Right to rectification

• Right to data portability

• Right to erasure

• Right to restriction

• Right to object to processing
• / 4

• | P a g e

• Right to object to direct marketing

• Right not be subject to fully automated decisions

What does a data subject have the right to be told pursuant to a Subject Access Request (SAR)? - ANSWER-- What personal data is being processed

• The purposes for which the personal data is being processed

• Who, if anyone, the personal data is disclosed to

• The extent to which it is using the personal data for making

automated decisions relating to the data subject and, if so, what logic is being used for that purpose

What does a data subject have the right to receive in terms of actual data pursuant to a Subject Access Request (SAR)? - ANSWER-- Obtain a copy of his personal information being processed

• / 4

• | P a g e

• But not data that would "adversely affect the rights and

freedoms of others"

What are the rules surrounding Subject Access Requests (SARs)? - ANSWER-- Free, unless controller is asked to make extra copies of data

• 30 days to respond and "without undue delay"

• Controller must confirm data subject's identity

What are the rules surrounding the right of rectification? - ANSWER-- Data subject has right of rectification without undue delay (generally, less than one month)

• Data subject may need to submit a supplementary statement if

she wants the controller to ADD data to the system

• If controller does not want to update the data, data subject must

be informed and the data subject may lodge a complaint within one month with the supervisory authority

• / 4