CIPP-E exam

According to Article 14 of the GDPR, how long does a controller have to provide a data subject with necessary privacy information, if that subject’s personal data has been obtained from other sources?A . As soon as possible after obtaining the personal data.B . As soon as possible after the...

Article 29 Working Party has emphasized that the GDPR forbids “forum shopping”, which occurs when companies do what?A . Choose the data protection officer that is most sympathetic to their business concerns.B . Designate their main establishment in member state with the most flexible practices.C . File appeals of infringement...

What is the main task of the European Data Protection Board?A . To assess adequacy of data protection in third countriesB . To ensure consistent application of the GDPR.C . To proactively prevent disputes between national supervisory authorities.D . To publish guidelines tor data subjects on how to property enforce...

A company wishes to transfer personal data to a country outside of the European Union/EEA In order to do so, they are planning an assessment of the country's laws and practices, knowing that these may impinge upon the transfer safeguards they intend to use All of the following factors would...

SCENARIO Please use the following to answer the next question: Due to rapidly expanding workforce, Company A has decided to outsource its payroll function to Company B. Company B is an established payroll service provider with a sizable client base and a solid reputation in the industry. Company B’s payroll...

SCENARIO Please use the following to answer the next question: Brady is a computer programmer based in New Zealand who has been running his own business for two years. Brady’s business provides a low-cost suite of services to customers throughout the European Economic Area (EEA). The services are targeted towards...

SCENARIO Please use the following to answer the next question: Building Block Inc. is a multinational company, headquartered in Chicago with offices throughout the United States, Asia, and Europe (including Germany, Italy, France and Portugal). Last year the company was the victim of a phishing attack that resulted in a...

SCENARIO Please use the following to answer the next question: Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees are located there. The company offers its services to Canadians only: Its website is...

Which of the following is NOT recognized as being a common characteristic of cloud-computing services?A . The service’s infrastructure is shared among the supplier’s customers and can be located in a number of countries.B . The supplier determines the location, security measures, and service standards applicable to the processing.C ....

What type of data lies beyond the scope of the General Data Protection Regulation?A . PseudonymizedB . AnonymizedC . EncryptedD . MaskedView AnswerAnswer: B Explanation: Reference: https://www.datainspektionen.se/other-lang/in-english/the-general-data-protection-regulation-gdpr/the-purposes-and-scope-of-the-general-data-protection-regulation/