- All Exams Instant Download
When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?
When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?A . Documenting due diligence steps taken in the pre-contractual stage.B . Conducting a risk assessment to analyze possible outsourcing threats.C . Requiring that...
Why does the Spanish supervisory authority notify the French supervisory authority when it opens an investigation into T-Craze based on Sofia’s complaint?
SCENARIO Please use the following to answer the next question: T-Craze, a German-headquartered specialty t-shirt company, was successfully selling to large German metropolitan cities. However, after a recent merger with another German-based company that was selling to a broader European market, T-Craze revamped its marketing efforts to sell to a...
In addition to notifying employees about the purpose of the monitoring, the potential uses of their data and their privacy rights, what information should Building Block have provided them before implementing the security measures?
SCENARIO Please use the following to answer the next question: Building Block Inc. is a multinational company, headquartered in Chicago with offices throughout the United States, Asia, and Europe (including Germany, Italy, France and Portugal). Last year the company was the victim of a phishing attack that resulted in a...
In the Planet 49 case, what was the man judgement of the Coon of Justice of the European Union (CJEU) regarding the issue of cookies?
In the Planet 49 case, what was the man judgement of the Coon of Justice of the European Union (CJEU) regarding the issue of cookies?A . If the cookies do not track personal data, then pre-checked boxes are acceptable.B . If the ePrivacy Directive requires consent for cookies, then the...
In which case would a controller who has undertaken a DPIA most likely need to consult with a supervisory authority?
In which case would a controller who has undertaken a DPIA most likely need to consult with a supervisory authority? A. Where the DPIA identifies that personal data needs to be transferred to other countries outside of the EEA. B. Where the DPIA identifies high risks to individuals’ rights and...
Which sentence best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?
Which sentence best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?A . Employees must sign an ad hoc contractual agreement each time personal data is exported.B . All employees are subject to the rules in their entirety, regardless of where the...
What is the main task of the European Data Protection Board?
What is the main task of the European Data Protection Board?A . To assess adequacy of data protection in third countriesB . To ensure consistent application of the GDPR.C . To proactively prevent disputes between national supervisory authorities.D . To publish guidelines tor data subjects on how to property enforce...
If Who-R-U adopts the We-Track-U pilot plan, why is it likely to be subject to the territorial scope of the GDPR?
SCENARIO Please use the following to answer the next question: Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees are located there. The company offers its services to Canadians only: Its website is...
Which of the following is NOT recognized as being a common characteristic of cloud-computing services?
Which of the following is NOT recognized as being a common characteristic of cloud-computing services?A . The service’s infrastructure is shared among the supplier’s customers and can be located in a number of countries.B . The supplier determines the location, security measures, and service standards applicable to the processing.C ....
Based on GDPR Article 35, which of the following situations would trigger the need to complete a DPIA?
Based on GDPR Article 35, which of the following situations would trigger the need to complete a DPIA?A . A company wants to combine location data with other data in order to offer more personalized service for the customer.B . A company wants to use location data to infer information...
