CIPP-E exam

Which of the following regulates the use of electronic communications services within the European Union?A . Regulator (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015.B . Regulation (EU) 2017/1953 of the European Parliament and of the Council of 25 October 2017.C . Directive 2002/58'EC...

WP29’s “Guidelines on Personal data breach notification under Regulation 2016/679’’ provides examples of ways to communicate data breaches transparently. Which of the following was listed as a method that would NOT be effective for communicating a breach to data subjects?A . A postal notificationB . A direct electronic messageC ....

Which EU institution is vested with the competence to propose new data protection legislation on its own initiative?A . The European CouncilB . The European ParliamentC . The European CommissionD . The Council of the European UnionView AnswerAnswer: C Explanation: Reference: https://www.tandfonline.com/doi/full/10.1080/13600834.2019.1573501

Which mechanism, new to the GDPR, now allows for the possibility of personal data transfers to third countries under Article 42?A . Approved certifications.B . Binding corporate rules.C . Law enforcement requests.D . Standard contractual clauses.View AnswerAnswer: A Explanation: Reference: https://www.anonos.com/gdpr-chapter-5-transfers-of-personal-data-to-third-countries-or-international-organisations

An entity’s website stores text files on EU users’ computer and mobile device browsers. Prior to doing so, the entity is required to provide users with notices containing information and consent under which of the following frameworks?A . General Data Protection Regulation 2016/679.B . E-Privacy Directive 2002/58/EC.C . E-Commerce Directive...

SCENARIO Please use the following to answer the next question: Javier is a member of the fitness club EVERFIT. This company has branches in many EU member states, but for the purposes of the GDPR maintains its primary establishment in France. Javier lives in Newry, Northern Ireland (part of the...

What are the obligations of a processor that engages a sub-processor? A. The processor must give the controller prior written notice and perform a preliminary audit of the sub- processor. B. The processor must obtain the controller’s specific written authorization and provide annual reports on the sub-processor’s performance. C. The...

As per the GDPR, which legal basis would be the most appropriate for an online shop that wishes to process personal data for the purpose of fraud prevention?A . Protection of the interests of the data subjects.B . Performance of a contactC . Legitimate interestD . ConsentView AnswerAnswer: C

Under which of the following conditions does the General Data Protection Regulation NOT apply to the processing of personal data?A . When the personal data is processed only in non-electronic formB . When the personal data is collected and then pseudonymised by the controllerC . When the personal data is...

Which of the following is NOT considered a fair processing practice in relation to the transparency principle?A . Providing a multi-layered privacy notice, in a website environment.B . Providing a QR code linking to more detailed privacy notice, in a CCTV sign.C . Providing a hyperlink to the organization’s home...