CIPP-E V3

Which of the following is NOT recognized as being a common characteristic of cloud-computing services?A . The service’s infrastructure is shared among the supplier’s customers and can be located in a number of countries.B . The supplier determines the location, security measures, and service standards applicable to the processing.C ....

Which of the following would NOT be relevant when determining if a processing activity would be considered profiling?A . If the processing is to be performed by a third-party vendorB . If the processing involves data that is considered personal dataC . If the processing of the data is done...

SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the...

SCENARIO Please use the following to answer the next question: Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees are located there. The company offers its services to Canadians only: Its website is...

Which of the following Convention 108+ principles, as amended in 2018, is NOT consistent with a principle found in the GDPR? A. The obligation of companies to declare data breaches. B. The requirement to demonstrate compliance to a supervisory authority. C. The necessity of the bulk collection of personal data...

Which of the following is the weakest lawful basis for processing employee personal data?A . Processing based on fulfilling an employment contract.B . Processing based on employee consent.C . Processing based on legitimate interests.D . Processing based on legal obligation.View AnswerAnswer: B Explanation: Reference: https://www.itgovernance.co.uk/blog/gdpr-lawful-bases-for-processing-with-examples

A worker in a European Union (EU) member state has ceased his employment with a company. What should the employer most likely do in regard to the worker’s personal data?A . Destroy sensitive information and store the rest per applicable data protection rules.B . Store all of the data in...

Which marketing-related activity is least likely to be covered by the provisions of Privacy and Electronic Communications Regulations (Directive 2002/58/EC)? A. Advertisements passively displayed on a website. B. The use of cookies to collect data about an individual. C. A text message to individuals from a company offering concert tickets...

Article 29 Working Party has emphasized that the GDPR forbids “forum shopping”, which occurs when companies do what?A . Choose the data protection officer that is most sympathetic to their business concerns.B . Designate their main establishment in member state with the most flexible practices.C . File appeals of infringement...

Which of the following was the first to implement national law for data protection in 1973?A . FranceB . SwedenC . GermanyD . United KingdomView AnswerAnswer: B Explanation: Reference: https://scandinavianlaw.se/pdf/47-18.pdf