CIPP-E exam

SCENARIO Please use the following to answer the next question: Liem, an online retailer known for its environmentally friendly shoes, has recently expanded its presence in Europe. Anxious to achieve market dominance, Liem teamed up with another eco friendly company, EcoMick, which sells accessories like belts and bags. Together the...

Company X has entrusted the processing of their payroll data to Provider Y. Provider Y stores this encrypted data on its server. The IT department of Provider Y finds out that someone managed to hack into the system and take a copy of the data from its server. In this...

Data retention in the EU was underpinned by a legal framework established by the Data Retention Directive (2006/24/EC). Why is the Directive no longer part of EU law?A . The Directive was superseded by the EU Directive on Privacy and Electronic Communications.B . The Directive was superseded by the General...

In which situation would a data controller most likely be able to justify the processing of the data of a child without parental consent?A . When the data is to be processed for market research.B . When providing preventive or counselling services to the child.C . When providing the child...

What is the MAIN reason GDPR Article 4(22) establishes the concept of the “concerned supervisory authority”?A . To encourage the consistency of local data processing activity.B . To give corporations a choice about who their supervisory authority will be.C . To ensure the GDPR covers controllers that do not have...

In the Planet 49 case, what was the man judgement of the Coon of Justice of the European Union (CJEU) regarding the issue of cookies?A . If the cookies do not track personal data, then pre-checked boxes are acceptable.B . If the ePrivacy Directive requires consent for cookies, then the...

There are three domains of security covered by Article 32 of the GDPR that apply to both the controller and the processor. These include all of the following EXCEPT?A . Consent management and withdrawal.B . Incident detection and response.C . Preventative security.D . Remedial security.View AnswerAnswer: A

SCENARIO Please use the following to answer the next question: Zandelay Fashion (‘Zandelay’) is a successful international online clothing retailer that employs approximately 650 people at its headquarters based in Dublin, Ireland. Martin is their recently appointed data protection officer, who oversees the company’s compliance with the General Data Protection...

A U.S. company’s website sells widgets. Which of the following factors would NOT in itself subject the company to the GDPR?A . The widgets are offered in EU and priced in euro.B . The website is in English and French, and is accessible in France.C . An affiliate office is...

A U.S.-based online shop uses sophisticated software to track the browsing behavior of its European customers and predict future purchases. It also shares this information with third parties. Under the GDPR, what is the online shop’s PRIMARY obligation while engaging in this kind of profiling?A . It must solicit informed...