- All Exams Instant Download
Which of the following Convention 108+ principles, as amended in 2018, is NOT consistent with a principle found in the GDPR?
Which of the following Convention 108+ principles, as amended in 2018, is NOT consistent with a principle found in the GDPR?A . The obligation of companies to declare data breaches.B . The requirement to demonstrate compliance to a supervisory authority.C . The necessity of the bulk collection of personal data...
Why does the Spanish supervisory authority notify the French supervisory authority when it opens an investigation into T-Craze based on Sofia’s complaint?
SCENARIO Please use the following to answer the next question: T-Craze, a German-headquartered specialty t-shirt company, was successfully selling to large German metropolitan cities. However, after a recent merger with another German-based company that was selling to a broader European market, T-Craze revamped its marketing efforts to sell to a...
What is the most realistic step the company could take to address their security concerns and comply with the personal data processing principles set out in Article 5 of the GDPR?
A company in France suffers a robbery over the weekend owing to a faulty alarm system. When it is determined that the break-in involves the loss of a substantial amount of data, the company decides on a CCTV system to monitor for future incidents. Company technicians install cameras in the...
Ben’s collection of additional data from customers created several potential issues for the company, which would most likely require what?
SCENARIO Please use the following to answer the next question: Joe started the Gummy Bear Company in 2000 from his home in Vermont, USA. Today, it is a multi-billion-dollar candy company operating in every continent. All of the company’s IT servers are located in Vermont. This year Joe hires his...
Who-R-U is NOT required to notify the local German DPA about the laptop theft because?
SCENARIO Please use the following to answer the next question: Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees arelocated there. The company offers its services to Canadians only: Its website is in...
Under the GDPR, where personal data is not obtained directly from the data subject, a controller is exempt from directly providing information about processing to the data subject if?
Under the GDPR, where personal data is not obtained directly from the data subject, a controller is exempt from directly providing information about processing to the data subject if?A . The data subject already has information regarding how his data will be usedB . The provision of such information to...
When would a data subject NOT be able to exercise the right to portability?
When would a data subject NOT be able to exercise the right to portability?A . When the processing is necessary to perform a task in the exercise of authority vested in the controller.B . When the processing is carried out pursuant to a contract with the data subject.C . When...
What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?
What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?A . ECHR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot.B . CJEU can force...
Which change was introduced by the 2009 amendments to the e-Privacy Directive 2002/58/EC?
Which change was introduced by the 2009 amendments to the e-Privacy Directive 2002/58/EC?A . A voluntary notification for personal data breaches applicable to all data controllers.B . A voluntary notification for personal data breaches applicable to electronic communication providers.C . A mandatory notification for personal data breaches applicable to all...
What should the employer most likely do in regard to the worker’s personal data?
A worker in a European Union (EU) member state has ceased his employment with a company. What should the employer most likely do in regard to the worker’s personal data?A . Destroy sensitive information and store the rest per applicable data protection rules.B . Store all of the data in...
