CIPP-E exam

Which marketing-related activity is least likely to be covered by the provisions of Privacy and Electronic Communications Regulations (Directive 2002/58/EC)? A. Advertisements passively displayed on a website. B. The use of cookies to collect data about an individual. C. A text message to individuals from a company offering concert tickets...

Article 29 Working Party has emphasized that the GDPR forbids “forum shopping”, which occurs when companies do what?A . Choose the data protection officer that is most sympathetic to their business concerns.B . Designate their main establishment in member state with the most flexible practices.C . File appeals of infringement...

Which of the following was the first to implement national law for data protection in 1973?A . FranceB . SwedenC . GermanyD . United KingdomView AnswerAnswer: B Explanation: Reference: https://scandinavianlaw.se/pdf/47-18.pdf

Based on GDPR Article 35, which of the following situations would trigger the need to complete a DPIA?A . A company wants to combine location data with other data in order to offer more personalized service for the customer.B . A company wants to use location data to infer information...

After detecting an intrusion involving the theft of unencrypted personal data, who shall the breached company notify first under GDPR requirements?A . Any parents of children whose personal data was compromised.B . Any affected customers whose data was compromised.C . A competent supervisory authority.D . A local law enforcement agencyView...

For which of the following operations would an employer most likely be justified in requesting the data subject’s consent?A . Posting an employee’s bicycle race photo on the company’s social media.B . Processing an employee’s health certificate in order to provide sick leave.C . Operating a CCTV system on company...

Which of the following is NOT an explicit right granted to data subjects under the GDPR? A. The right to request access to the personal data a controller holds about them. B. The right to request the deletion of data a controller holds about them. C. The right to opt-out...

A well-known video production company, based in Spain but specializing in documentaries filmed worldwide, has just finished recording several hours of footage featuring senior citizens in the streets of Madrid. Under what condition would the company NOT be required to obtain the consent of everyone whose image they use for...

SCENARIO Please use the following to answer the next question: Dynaroux Fashion (‘Dynaroux’) is a successful international online clothing retailer that employs approximately 650 people at its headquarters based in Dublin, Ireland. Ronan is their recently appointed data protection officer, who oversees the company’s compliance with the General Data Protection...

Which of the following is NOT considered a fair processing practice in relation to the transparency principle?A . Providing a multi-layered privacy notice, in a website environment.B . Providing a QR code linking to more detailed privacy notice, in a CCTV sign.C . Providing a hyperlink to the organization’s home...