CIPP-E exam

SCENARIO Please use the following to answer the next question: Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees arelocated there. The company offers its services to Canadians only: Its website is in...

What obligation does a data controller or processor have after appointing a data protection officer?A . To ensure that the data protection officer receives sufficient instructions regarding the exercise of his or her defined tasks.B . To provide resources necessary to carry out the defined tasks of the data protection...

As per the GDPR, which legal basis would be the most appropriate for an online shop that wishes to process personal data for the purpose of fraud prevention?A . Protection of the interests of the data subjects.B . Performance of a contactC . Legitimate interestD . ConsentView AnswerAnswer: C

A company in France suffers a robbery over the weekend owing to a faulty alarm system. When it is determined that the break-in involves the loss of a substantial amount of data, the company decides on a CCTV system to monitor for future incidents. Company technicians install cameras in the...

There are three domains of security covered by Article 32 of the GDPR that apply to both the controller and the processor. These include all of the following EXCEPT?A . Consent management and withdrawal.B . Incident detection and response.C . Preventative security.D . Remedial security.View AnswerAnswer: A

A company has collected personal data tor direct marketing purpose on the basis of consent. It is now considering using this data to develop new products through analytics. What is the company first required to do?A . Obtain specific consent for the new processingB . Only inform the data subjects...

A worker in a European Union (EU) member state has ceased his employment with a company. What should the employer most likely do in regard to the worker’s personal data?A . Destroy sensitive information and store the rest per applicable data protection rules.B . Store all of the data in...

Limitation of liability. […] Consent By completing this registration form, you attest that you are at least 16 years of age, and that you consent to the processing of your personal data by Vigotron for the purpose of using the M-Health app. Although you are entitled to opt out of...

Which EU institution is vested with the competence to propose new data protection legislation on its own initiative?A . The European CouncilB . The European ParliamentC . The European CommissionD . The Council of the European UnionView AnswerAnswer: C Explanation: Reference: https://www.tandfonline.com/doi/full/10.1080/13600834.2019.1573501

What is a reason the European Court of Justice declared the Data Retention Directive invalid in 2014?A . The requirements affected individuals without exception.B . The requirements were financially burdensome to EU businesses.C . The requirements specified that data must be held within the EU.D . The requirements had limitations...