CIPP-E exam

What type of data lies beyond the scope of the General Data Protection Regulation?A . PseudonymizedB . AnonymizedC . EncryptedD . MaskedView AnswerAnswer: B Explanation: Reference: https://www.datainspektionen.se/other-lang/in-english/the-general-data-protection-regulation-gdpr/the-purposes-and-scope-of-the-general-data-protection-regulation/

Which GDPR requirement will present the most significant challenges for organizations with Bring Your Own Device (BYOD) programs?A . Data subjects must be sufficiently informed of the purposes for which their personal data is processed.B . Processing of special categories of personal data on a large scale requires appointing a...

Which of the following is the weakest lawful basis for processing employee personal data?A . Processing based on fulfilling an employment contract.B . Processing based on employee consent.C . Processing based on legitimate interests.D . Processing based on legal obligation.View AnswerAnswer: B Explanation: Reference: https://www.itgovernance.co.uk/blog/gdpr-lawful-bases-for-processing-with-examples

According to Art 23 GDPR, which of the following data subject rights can NOT be restricted?A . Right to restriction of processing.B . Right to erasure ("Right to be forgotten").C . Right to lodge a complaint with a supervisory authority.D . Right not to be subject to automated individual decision-makingView...

Which statement is correct when considering the right to privacy under Article 8 of the European Convention on Human Rights (ECHR)?A . The right to privacy is an absolute rightB . The right to privacy has to be balanced against other rights under the ECHRC . The right to freedom...

What ruling did the Planet 49 CJEU judgment make regarding the issue of pre-ticked boxes?A . They are allowed if determined to be technically necessary.B . They do not amount to valid consent under any circumstances.C . They are allowed if recorded In the register of processing activities.D . They...

Under Article 58 of the GDPR, which of the following describes a power of supervisory authorities in European Union (EU) member states?A . The ability to enact new laws by executive order.B . The right to access data for investigative purposes.C . The discretion to carry out goals of elected...

A news website based m (he United Slates reports primarily on North American events The website is accessible to any user regardless of location, as the website operator does not block connections from outside of the U.S. The website offers a pad subscription that requires the creation of a user...

In which of the following cases would an organization MOST LIKELY be required to follow both ePrivacy and data protection rules? A. When creating an untargeted pop-up ad on a website. B. When calling a potential customer to notify her of an upcoming product sale. C. When emailing a customer...

When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?A . Documenting due diligence steps taken in the pre-contractual stage.B . Conducting a risk assessment to analyze possible outsourcing threats.C . Requiring that...