According to Article 14 of the GDPR, how long does a controller have to provide a data subject with necessary privacy information, if that subject’s personal data has been obtained from other sources?
According to Article 14 of the GDPR, how long does a controller have to provide a data subject with necessary privacy information, if that subject’s personal data has been obtained from other sources?A . As soon as possible after obtaining the personal data.B . As soon as possible after the...
Which of the following is the weakest lawful basis for processing employee personal data?
Which of the following is the weakest lawful basis for processing employee personal data?A . Processing based on fulfilling an employment contract.B . Processing based on employee consent.C . Processing based on legitimate interests.D . Processing based on legal obligation.View AnswerAnswer: B Explanation: Reference: https://www.itgovernance.co.uk/blog/gdpr-lawful-bases-for-processing-with-examples
Which of the following Convention 108+ principles, as amended in 2018, is NOT consistent with a principle found in the GDPR?
Which of the following Convention 108+ principles, as amended in 2018, is NOT consistent with a principle found in the GDPR? A. The obligation of companies to declare data breaches. B. The requirement to demonstrate compliance to a supervisory authority. C. The necessity of the bulk collection of personal data...
An organization should perform these steps to do which of the following?
Read the following steps: ✑ Discover which employees are accessing cloud services and from which devices and apps Lock down the data in those apps and devices ✑ Monitor and analyze the apps and devices for compliance ✑ Manage application life cycles ✑ Monitor data sharing An organization should perform...
Who-R-U is NOT required to notify the local German DPA about the laptop theft because?
SCENARIO Please use the following to answer the next question: Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees arelocated there. The company offers its services to Canadians only: Its website is in...
What obligation does a data controller or processor have after appointing a data protection officer?
What obligation does a data controller or processor have after appointing a data protection officer?A . To ensure that the data protection officer receives sufficient instructions regarding the exercise of his or her defined tasks.B . To provide resources necessary to carry out the defined tasks of the data protection...
As per the GDPR, which legal basis would be the most appropriate for an online shop that wishes to process personal data for the purpose of fraud prevention?
As per the GDPR, which legal basis would be the most appropriate for an online shop that wishes to process personal data for the purpose of fraud prevention?A . Protection of the interests of the data subjects.B . Performance of a contactC . Legitimate interestD . ConsentView AnswerAnswer: C
What is the most realistic step the company could take to address their security concerns and comply with the personal data processing principles set out in Article 5 of the GDPR?
A company in France suffers a robbery over the weekend owing to a faulty alarm system. When it is determined that the break-in involves the loss of a substantial amount of data, the company decides on a CCTV system to monitor for future incidents. Company technicians install cameras in the...
There are three domains of security covered by Article 32 of the GDPR that apply to both the controller and the processor. These include all of the following EXCEPT?
There are three domains of security covered by Article 32 of the GDPR that apply to both the controller and the processor. These include all of the following EXCEPT?A . Consent management and withdrawal.B . Incident detection and response.C . Preventative security.D . Remedial security.View AnswerAnswer: A
What is the company first required to do?
A company has collected personal data tor direct marketing purpose on the basis of consent. It is now considering using this data to develop new products through analytics. What is the company first required to do?A . Obtain specific consent for the new processingB . Only inform the data subjects...