CIPPE Practice Questions Latest Update

CIPP/E Practice Questions Latest Update

• 130 Questions and 100%

Verified Correct Answers Guaranteed A+

A company in France suffers a robbery over the weekend owing to faulty alarm system.When it is determined that the break-in involves the loss of a substanital amount of data, the company decides on a CCTV system to monitor for future incidents. Company technicians install cameras in the entrance of the building, hallways and offices.Footage is recorded continuously, and is monitored by the home office in the US.

What is the most realistic step the company could take to address their security concerns and company with the personal data processing principles set out in Article 5

of the GDPR - CORRECT ANSWER: Restrict camera placement to bilding entrances

only

A company is hesitating between Binding Corporate Rules and Standard Contractual Clauses as a global data transfer solution. Which of the following statements would help

the company make an effective decision? - CORRECT ANSWER: Bindin Corporate

Rules provide a global solution for all the entities of a company that are bound by the intra-group agreement

A company is located in a counrty NOT considered by the EU to have an adequate level of data protection. Which of the following is an obligation of the company if it imports personal data from another organisation in the EEA under standard contractual clauses? - CORRECT ANSWER: Ensure that notice is given to and consent is obtained from data subjects

A key component of the OECD Guidelines is the "Individual Participation Principle".What parts of the GDPR provide the closest equivalent to that principle? - CORRECT

ANSWER: The rights granted to data subects under Articles 12-22

A mobile device application that uses cookies will be subject to the consent requirement

of which of the following? - CORRECT ANSWER: ePrivacy

A Spanish electricity customer calls her local supplier with questions about the company's upcoming merger. Specifically, the customer wants to know the recipients to whom her personal data will be disclosed once the merger is final. According to Article 13 of the GDPR, what must the company do before providing the customer with the reuested information? - CORRECT ANSWER: Verify that the request is aplicable to the data collected before the GDPR entered into force

• / 2

A US based online shop uses sophisticated software to track the browsing behaviour of its EU customers and predict future purchases. It also shares this information with third parties. Under the GDPR, what is the online shop's PRIMARY obligation while engaging in this kind of profiling? - CORRECT ANSWER: It must solicit informed consent through a notice on its website

A well-known video production company based in Spain, but films doumentaries worldwide, has just finished recording several hours of footage, featuring people in Madrid. Under what condition would the company NOT be required to obtain the consent of everyone whose image they use for their documentary? - CORRECT

ANSWER: If the company's status as a documentary provider allows it to claim

legitimate interest.

A worker in the European Union member state has ceased his emplyment with a company. What should the emplyer most likely do in regard to the worker's personal

data? - CORRECT ANSWER: Destroy sensitive infomation and store the rest per

applicable data proctection rules

According to Article 14 of the GDPR, how long does a controller have to provide a data subject with necessary privacy information, if that subject's personal data has been

obtained from other sources? - CORRECT ANSWER: Within a reasonable period after

obtaining the personal data, but no later that one month

According to the E-Commerce Directive, where is the place of the Establishment for a company providing services via an internet website confirmed by the GDPR? -

CORRECT ANSWER: Where the decisions about processing are made

According to the GDPR, hos is pseudonymous personal data defined? - CORRECT ANSWER: Data that can no longer be attributed to a specific data subject without the use of additional information kept separately

After leaving the EU under the terms of Brexit, the UK will seek an adequacy determination. What is the reason for this? - CORRECT ANSWER: UK is a third country now

All people are tested for Covid 19 and the data is manually processed. They do not

have the Personal Data. GDPR does not apply why? - CORRECT ANSWER: Since the

data is not subjected to automated processing

An employee of company X has just noticed a memory stick containing records of client data, including their names, addresses and full contact details has disappeared. The data on the stick is unencrypted and in clear text. It is uncertain what has happened to the stick as this stage, but it likely was lost during the travel of an employee. What

should the company do? - CORRECT ANSWER: Notify as soon as possible the data

protection supervisory authority that a data breach may have taken place

• / 2