.png){kind=logo}
CIPP/e questions Latest Update - Actual Exam 180 Questions and 100% Verified Correct Answers Guaranteed A+
A company is located in a country NOT considered by the European Union (EU) to have an adequate level of data protection. Which of the following is an obligation of the company if it imports personal data from another organization in the European Economic Area (EEA) under standard contractual clauses?
(A). Submit the contract to its own government authority.(B). Ensure that notice is given to and consent is obtained from data subjects.(C). Supply any information requested by a data protection authority (DPA) within 30 days.(D). Ensure that local laws do not impede the company from meeting its contractual
obligations. - CORRECT ANSWER: A). Submit the contract to its own government
authority.
A company plans to transfer employee health information between two of its entities in France. To maintain the security of the processing, what would be the most important security measure to apply to the health data transmission?
(A). Inform the data subject of the security measures in place.(B). Ensure that the receiving entity has signed a data processing agreement.(C). Encrypt the transferred data in transit and at rest.
(D). Conduct a data protection impact assessment. - CORRECT ANSWER: A). Inform
the data subject of the security measures in place.
A German data subject was the victim of an embarrassing prank 20 years ago. A newspaper website published an article about the prank at the time, and the article is still available on the newspaper's website. Unfortunately, the prank is the top search result when a user searches on the victim's name. The data subject requests that SearchCo delist this result. SearchCo agrees, and instructs its technology team to avoid scanning or indexing the article.
What else must SearchCo do?
- / 4
(A). Notify the newspaper that its article it is delisting the article.(B). Fully erase the URL to the content, as opposed to delist which is mainly based on data subject's name.(C). Identify other controllers who are processing the same information and inform them of the delisting request.(D). Prevent the article from being listed in search results no matter what search terms are entered into the search engine. - CORRECT ANSWER: (A). Notify the newspaper that its article it is delisting the article.
A key component of the OECD Guidelines is the "Individual Participation Principle".What parts of the General Data Protection Regulation (GDPR) provide the closest equivalent to that principle?
(A). The lawful processing criteria stipulated by Articles 6 to 9 (B). The information requirements set out in Articles 13 and 14 (C). The breach notification requirements specified in Articles 33 and 34 (D). The rights granted to data subjects under Articles 12 to 22 - CORRECT ANSWER: (D). The rights granted to data subjects under Articles 12 to 22
A mobile device application that uses cookies will be subject to the consent requirement of which of the following?
(A). The ePrivacy Directive (B). The E-Commerce Directive (C). The Data Retention Directive (D). The EU Cybersecurity Directive - CORRECT ANSWER: A). The ePrivacy Directive
A Spanish electricity customer calls her local supplier with Questions: about the company's upcoming merger. Specifically, the customer wants to know the recipients to whom her personal data will be disclosed once the merger is final. According to Article 13 of the GDPR, what must the company do before providing the customer with the requested information?
(A). Verify that the request is applicable to the data collected before the GDPR entered into force.(B). Verify that the purpose of the request from the customer is in line with the GDPR.(C). Verify that the personal data has not already been sent to the customer. 2 / 4
(D). Verify that the identity of the customer can be proven by other means. - CORRECT ANSWER: A). Verify that the request is applicable to the data collected before the GDPR entered into force.
A U.S.-based online shop uses sophisticated software to track the browsing behavior of its European customers and predict future purchases. It also shares this information with third parties.Under the GDPR, what is the online shop's PRIMARY obligation while engaging in this kind of profiling?
(A). It must solicit informed consent through a notice on its website (B). It must seek authorization from the European supervisory authorities (C). It must be able to demonstrate a prior business relationship with the customers (D). It must prove that it uses sufficient security safeguards to protect customer data -
CORRECT ANSWER: (A). It must solicit informed consent through a notice on its
website
A worker in a European Union (EU) member state has ceased his employment with a company. What should the employer most likely do in regard to the worker's personal data?
- Destroy sensitive information and store the rest per applicable data protection rules
- Store all the data
- Securely store the data that is required by law
D) Provide the employee the reason for retaining the data - CORRECT ANSWER: A)
Destroy sensitive information and store the rest per applicable data protection rules
According to Article 14 of the GDPR, how long does a controller have to provide a data subject with necessary privacy information, if that subject's personal data has been obtained from other sources?
(A). As soon as possible after obtaining the personal data.(B). As soon as possible after the first communication with the data subject.(C). Within a reasonable period after obtaining the personal data, but no later than one month.(D). Within a reasonable period after obtaining the personal data, but no later than eight
weeks. - CORRECT ANSWER: A). As soon as possible after obtaining the personal
data.
According to Article 84 of the GDPR, the rules on penalties applicable to infringements shall be laid down by?
(A). The local Data Protection Supervisory Authorities. 3 / 4
(B). The European Data Protection Board.(C). The EU Commission.
(D). The Member States. - CORRECT ANSWER: D). The Member States.
According to the E-Commerce Directive 2000/31/EC, where is the place of "establishment" for a company providing services via an Internet website confirmed by the GDPR?
(A). Where the technology supporting the website is located (B). Where the website is accessed (C). Where the decisions about processing are made (D). Where the customer's Internet service provider is located - CORRECT ANSWER: (D). Where the customer's Internet service provider is located
According to the GDPR, what is the main task of a Data Protection Officer (DPO)?
(A). To create and maintain records of processing activities.(B). To conduct Privacy Impact Assessments on behalf of the controller or processor.(C). To monitor compliance with other local or European data protection provisions.(D). To create procedures for notification of personal data breaches to competent supervisory
authorities. - CORRECT ANSWER: B). To conduct Privacy Impact Assessments on
behalf of the controller or processor.
According to the GDPR, when should the processing of photographs be considered processing of special categories of personal data?
(A). When processed with the intent to publish information regarding a natural person on publicly accessible media.(B). When processed with the intent to proceed to scientific or historical research projects.(C). When processed with the intent to uniquely identify or authenticate a natural person.(D). When processed with the intent to comply with a law. - CORRECT ANSWER: (C).When processed with the intent to uniquely identify or authenticate a natural person.
An employee of company ABCD has just noticed a memory stick containing records of client data, including their names, addresses and full contact details has disappeared. The data on the stick is unencrypted and in clear text. It is uncertain what has happened to the stick at this stage, but it likely was lost during the travel of an employee. What should the company do?
- / 4
.png)