CIPP-E V3

According to Article 14 of the GDPR, how long does a controller have to provide a data subject with necessary privacy information, if that subject’s personal data has been obtained from other sources?A . As soon as possible after obtaining the personal data.B . As soon as possible after the...

WP29’s “Guidelines on Personal data breach notification under Regulation 2016/679’’ provides examples of ways to communicate data breaches transparently. Which of the following was listed as a method that would NOT be effective for communicating a breach to data subjects?A . A postal notificationB . A direct electronic messageC ....

Which GDPR requirement will present the most significant challenges for organizations with Bring Your Own Device (BYOD) programs?A . Data subjects must be sufficiently informed of the purposes for which their personal data is processed.B . Processing of special categories of personal data on a large scale requires appointing a...

If a French controller has a car-sharing app available only in Morocco, Algeria and Tunisia, but the data processing activities are carried out by the appointed processor in Spain, the GDPR will apply to the processing of the personal data so long as?A . The individuals are European citizens or...

There are three domains of security covered by Article 32 of the GDPR that apply to both the controller and the processor. These include all of the following EXCEPT?A . Consent management and withdrawal.B . Incident detection and response.C . Preventative security.D . Remedial security.View AnswerAnswer: A

What ruling did the Planet 49 CJEU judgment make regarding the issue of pre-ticked boxes?A . They are allowed if determined to be technically necessary.B . They do not amount to valid consent under any circumstances.C . They are allowed if recorded In the register of processing activities.D . They...

According to the E-Commerce Directive 2000/31/EC, where is the place of “establishment” for a company providing services via an Internet website confirmed by the GDPR?A . Where the technology supporting the website is locatedB . Where the website is accessedC . Where the decisions about processing are madeD . Where...

Under the GDPR, which of the following is true in regard to adequacy decisions involving cross-border transfers? A. The European Commission can adopt an adequacy decision for individual companies. B. The European Commission can adopt, repeal or amend an existing adequacy decision. C. EU member states are vested with the...

The Planet 49 CJEU Judgement applies to?A . Cookies used only by third parties.B . Cookies that are deemed technically necessary.C . Cookies regardless of whether the data accessed is personal or not.D . Cookies where the data accessed is considered as personal data only.View AnswerAnswer: C Explanation: Reference: https://www.twobirds.com/en/news/articles/2019/global/planet49-cjeu-rules-on-cookie-consent

Which of the following describes a mandatory requirement for a group of undertakings that wants to appoint a single data protection officer?A . The group of undertakings must obtain approval from a supervisory authority.B . The group of undertakings must be comprised of organizations of similar sizes and functions.C ....