CIPP-E exam

SCENARIO Please use the following to answer the next question: T-Craze, a German-headquartered specialty t-shirt company, was successfully selling to large German metropolitan cities. However, after a recent merger with another German-based company that was selling to a broader European market, T-Craze revamped its marketing efforts to sell to a...

A company in France suffers a robbery over the weekend owing to a faulty alarm system. When it is determined that the break-in involves the loss of a substantial amount of data, the company decides on a CCTV system to monitor for future incidents. Company technicians install cameras in the...

SCENARIO Please use the following to answer the next question: Joe started the Gummy Bear Company in 2000 from his home in Vermont, USA. Today, it is a multi-billion-dollar candy company operating in every continent. All of the company’s IT servers are located in Vermont. This year Joe hires his...

SCENARIO Please use the following to answer the next question: Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees arelocated there. The company offers its services to Canadians only: Its website is in...

Under the GDPR, where personal data is not obtained directly from the data subject, a controller is exempt from directly providing information about processing to the data subject if?A . The data subject already has information regarding how his data will be usedB . The provision of such information to...

When would a data subject NOT be able to exercise the right to portability?A . When the processing is necessary to perform a task in the exercise of authority vested in the controller.B . When the processing is carried out pursuant to a contract with the data subject.C . When...

What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?A . ECHR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot.B . CJEU can force...

Which change was introduced by the 2009 amendments to the e-Privacy Directive 2002/58/EC?A . A voluntary notification for personal data breaches applicable to all data controllers.B . A voluntary notification for personal data breaches applicable to electronic communication providers.C . A mandatory notification for personal data breaches applicable to all...

A worker in a European Union (EU) member state has ceased his employment with a company. What should the employer most likely do in regard to the worker’s personal data?A . Destroy sensitive information and store the rest per applicable data protection rules.B . Store all of the data in...

Which of the following describes a mandatory requirement for a group of undertakings that wants to appoint a single data protection officer?A . The group of undertakings must obtain approval from a supervisory authority.B . The group of undertakings must be comprised of organizations of similar sizes and functions.C ....