Under which of the following conditions does the General Data Protection Regulation NOT apply to the processing of personal data?
Under which of the following conditions does the General Data Protection Regulation NOT apply to the processing of personal data?A . When the personal data is processed only in non-electronic formB . When the personal data is collected and then pseudonymised by the controllerC . When the personal data is...
Which of the following does NOT have to be included in the records most processors must maintain in relation to their data processing activities?
Which of the following does NOT have to be included in the records most processors must maintain in relation to their data processing activities?A . Name and contact details of each controller on behalf of which the processor is acting.B . Categories of processing carried out on behalf of each...
What transfer mechanism did ProStorage most likely rely on to transfer Ruth's medical information to the hospital?
SCENARIO Please use the following to answer the next question: ProStorage is a multinational cloud storage provider headquartered in the Netherlands. Its CEO. Ruth Brown, has developed a two-pronged strategy for growth: 1) expand ProStorage s global customer base and 2) increase ProStorage's sales force by efficiently onboarding effective teams....
Which of the following would MOST likely trigger the extraterritorial effect of the GDPR, as specified by Article 3?
Which of the following would MOST likely trigger the extraterritorial effect of the GDPR, as specified by Article 3?A . The behavior of suspected terrorists being monitored by EU law enforcement bodies.B . Personal data of EU citizens being processed by a controller or processor based outside the EU.C ....
In addition to notifying employees about the purpose of the monitoring, the potential uses of their data and their privacy rights, what information should Building Block have provided them before implementing the security measures?
SCENARIO Please use the following to answer the next question: Building Block Inc. is a multinational company, headquartered in Chicago with offices throughout the United States, Asia, and Europe (including Germany, Italy, France and Portugal). Last year the company was the victim of a phishing attack that resulted in a...
In the Planet 49 case, what was the man judgement of the Coon of Justice of the European Union (CJEU) regarding the issue of cookies?
In the Planet 49 case, what was the man judgement of the Coon of Justice of the European Union (CJEU) regarding the issue of cookies?A . If the cookies do not track personal data, then pre-checked boxes are acceptable.B . If the ePrivacy Directive requires consent for cookies, then the...
An organization should perform these steps to do which of the following?
Read the following steps: ✑ Discover which employees are accessing cloud services and from which devices and apps Lock down the data in those apps and devices ✑ Monitor and analyze the apps and devices for compliance ✑ Manage application life cycles ✑ Monitor data sharing An organization should perform...
How is the retention of communications traffic data for law enforcement purposes addressed by European data protection law?
How is the retention of communications traffic data for law enforcement purposes addressed by European data protection law?A . The ePrivacy Directive allows individual EU member states to engage in such data retention.B . The ePrivacy Directive harmonizes EU member states’ rules concerning such data retention.C . The Data Retention...
Which GDPR principle is she following?
Tanya is the Data Protection Officer for Curtains Inc., a GDPR data controller. She has recommended that the company encrypt all personal data at rest. Which GDPR principle is she following?A . AccuracyB . Storage LimitationC . Integrity and confidentialityD . Lawfulness, fairness and transparencyView AnswerAnswer: C Explanation: Reference: https://www.icaew.com/technical/technology/data/data-protection/data-protection-articles/do-i-...
When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?
When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?A . Documenting due diligence steps taken in the pre-contractual stage.B . Conducting a risk assessment to analyze possible outsourcing threats.C . Requiring that...