- All Exams Instant Download
Under the GDPR, which of Company B’s actions would NOT be likely to trigger a potential enforcement action?
SCENARIO Please use the following to answer the next question: Due to rapidly expanding workforce, Company A has decided to outsource its payroll function to Company B. Company B is an established payroll service provider with a sizable client base and a solid reputation in the industry. Company B’s payroll...
What is the consequence if a processor makes an independent decision regarding the purposes and means of processing it carries out on behalf of a controller?
What is the consequence if a processor makes an independent decision regarding the purposes and means of processing it carries out on behalf of a controller?A . The controller will be liable to pay an administrative fineB . The processor will be liable to pay compensation to affected data subjectsC...
How is the retention of communications traffic data for law enforcement purposes addressed by European data protection law?
How is the retention of communications traffic data for law enforcement purposes addressed by European data protection law?A . The ePrivacy Directive allows individual EU member states to engage in such data retention.B . The ePrivacy Directive harmonizes EU member states’ rules concerning such data retention.C . The Data Retention...
When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?
When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?A . Documenting due diligence steps taken in the pre-contractual stage.B . Conducting a risk assessment to analyze possible outsourcing threats.C . Requiring that...
With the issue of consent, the GDPR allows member states some choice regarding what?
With the issue of consent, the GDPR allows member states some choice regarding what?A . The mechanisms through which consent may be communicatedB . The circumstances in which silence or inactivity may constitute consentC . The age at which children must be required to obtain parental consentD . The timeframe...
What is one major goal that the OECD Guidelines, Convention 108 and the Data Protection Directive (Directive 95/46/EC) all had in common but largely failed to achieve in Europe?
What is one major goal that the OECD Guidelines, Convention 108 and the Data Protection Directive (Directive 95/46/EC) all had in common but largely failed to achieve in Europe?A . The establishment of a list of legitimate data processing criteriaB . The creation of legally binding data protection principlesC ....
With regard to TripBliss Inc.’s use of website cookies, which of the following statements is correct?
SCENARIO Please use the following to answer the next question: TripBliss Inc. is a travel service company which has lost substantial revenue over the last few years. Their new manager, Oliver, suspects that this is partly due to the company’s outdated website. After doing some research, he meets with a...
Which of the following would require designating a data protection officer?
Which of the following would require designating a data protection officer?A . Processing is carried out by an organization employing 250 persons or more.B . Processing is carried out for the purpose of providing for-profit goods or services to individuals in the ED . The core activities of the controller...
Which of the following would most likely NOT be covered by the definition of “personal data” under the GDPR?
Which of the following would most likely NOT be covered by the definition of “personal data” under the GDPR?A . The payment card number of a Dutch citizenB . TheD . social security number of an American citizen living in FranceE . The unlinked aggregated data used for statistical purposes...
Which of the following would NOT be relevant when determining if a processing activity would be considered profiling?
Which of the following would NOT be relevant when determining if a processing activity would be considered profiling?A . If the processing is to be performed by a third-party vendorB . If the processing involves data that is considered personal dataC . If the processing of the data is done...
