- All Exams Instant Download
In light of the requirements of Article 32 of the GDPR (related to the Security of Processing), which practice should the company institute?
SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the...
Which of the following is NOT one of these exceptions?
Article 9 of the GDPR lists exceptions to the general prohibition against processing biometric data. Which of the following is NOT one of these exceptions?A . The processing is done by a non-profit organization and the results are disclosed outside the organization.B . The processing is necessary to protect the...
Under Article 82 of the GDPR ("Right to compensation and liability-), which party is liable for the damage caused by the data breach?
SCENARIO Please use the following to answer the next question: Jack worked as a Pharmacovigiliance Operations Specialist in the Irish office of a multinational pharmaceutical company on a clinical trial related to COVID-19. As part of his onboarding process Jack received privacy training He was explicitly informed that while he...
Under the GDPR, which of the following is true in regard to adequacy decisions involving cross-border transfers?
Under the GDPR, which of the following is true in regard to adequacy decisions involving cross-border transfers?A . The European Commission can adopt an adequacy decision for individual companies.B . The European Commission can adopt, repeal or amend an existing adequacy decision.C . EU member states are vested with the...
According to the GDPR, how is pseudonymous personal data defined?
According to the GDPR, how is pseudonymous personal data defined?A . Data that can no longer be attributed to a specific data subject without the use of additional information kept separately.B . Data that can no longer be attributed to a specific data subject, with no possibility of re-identifying the...
The Customer for Life plan may conflict with which GDPR provision?
SCENARIO Please use the following to answer the next question: Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees are located there. The company offers its services to Canadians only: Its website is...
In which case would a controller who has undertaken a DPIA most likely need to consult with a supervisory authority?
In which case would a controller who has undertaken a DPIA most likely need to consult with a supervisory authority? A. Where the DPIA identifies that personal data needs to be transferred to other countries outside of the EEA. B. Where the DPIA identifies high risks to individuals’ rights and...
When does the GDPR provide more latitude for a company to process data beyond its original collection purpose?
When does the GDPR provide more latitude for a company to process data beyond its original collection purpose?A . When the data has been pseudonymized.B . When the data is protected by technological safeguards.C . When the data serves legitimate interest of third parties.D . When the data subject has...
Under the cooperation mechanism, what should the lead authority (the CNIL) do after it has formed its view on the matter?
SCENARIO Please use the following to answer the next question: Javier is a member of the fitness club EVERFIT. This company has branches in many EU member states, but for the purposes of the GDPR maintains its primary establishment in France. Javier lives in Newry, Northern Ireland (part of the...
What is the company first required to do?
A company has collected personal data tor direct marketing purpose on the basis of consent. It is now considering using this data to develop new products through analytics. What is the company first required to do?A . Obtain specific consent for the new processingB . Only inform the data subjects...
