CIPP-E

Which aspect of the GDPR will likely have the most impact on the consistent implementation of data protection laws throughout the European Union?A . That it essentially functions as a one-stop shop mechanismB . That it takes the form of a Regulation as opposed to a DirectiveC . That it...

Which institution has the power to adopt findings that confirm the adequacy of the data protection level in a non-EU country?A . The European ParliamentB . The European CommissionC . The Article 29 Working PartyD . The European CouncilView AnswerAnswer: B Explanation: Reference: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

What is one major goal that the OECD Guidelines, Convention 108 and the Data Protection Directive (Directive 95/46/EC) all had in common but largely failed to achieve in Europe?A . The establishment of a list of legitimate data processing criteriaB . The creation of legally binding data protection principlesC ....

What type of data lies beyond the scope of the General Data Protection Regulation?A . PseudonymizedB . AnonymizedC . EncryptedD . MaskedView AnswerAnswer: B Explanation: Reference: https://www.datainspektionen.se/other-lang/in-english/the-general-data-protection-regulation-gdpr/the-purposes-and-scope-of-the-general-data-protection-regulation/

What is the consequence if a processor makes an independent decision regarding the purposes and means of processing it carries out on behalf of a controller?A . The controller will be liable to pay an administrative fineB . The processor will be liable to pay compensation to affected data subjectsC...

When collecting personal data in a European Union (EU) member state, what must a company do if it collects personal data from a source other than the data subjects themselves?A . Inform the subjects about the collectionB . Provide a public notice regarding the dataC . Upgrade security to match...

How is the retention of communications traffic data for law enforcement purposes addressed by European data protection law?A . The ePrivacy Directive allows individual EU member states to engage in such data retention.B . The ePrivacy Directive harmonizes EU member states’ rules concerning such data retention.C . The Data Retention...

When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?A . Documenting due diligence steps taken in the pre-contractual stage.B . Conducting a risk assessment to analyze possible outsourcing threats.C . Requiring that...

Which of the following would NOT be relevant when determining if a processing activity would be considered profiling?A . If the processing is to be performed by a third-party vendorB . If the processing involves data that is considered personal dataC . If the processing of the data is done...

A Spanish electricity customer calls her local supplier with questions about the company’s upcoming merger. Specifically, the customer wants to know the recipients to whom her personal data will be disclosed once the merger is final. According to Article 13 of the GDPR, what must the company do before providing...