- All Exams Instant Download
Which sentence BEST summarizes the concepts of “fairness,” “lawfulness” and “transparency”, as expressly required by Article 5 of the GDPR?
Which sentence BEST summarizes the concepts of “fairness,” “lawfulness” and “transparency”, as expressly required by Article 5 of the GDPR?A . Fairness and transparency refer to the communication of key information before collecting data; lawfulness refers to compliance with government regulations.B . Fairness refers to limiting the amount of data...
Under which of the following conditions does the General Data Protection Regulation NOT apply to the processing of personal data?
Under which of the following conditions does the General Data Protection Regulation NOT apply to the processing of personal data?A . When the personal data is processed only in non-electronic formB . When the personal data is collected and then pseudonymised by the controllerC . When the personal data is...
In this scenario, whom does Provider Y have the obligation to notify?
Company X has entrusted the processing of their payroll data to Provider Y. Provider Y stores this encrypted data on its server. The IT department of Provider Y finds out that someone managed to hack into the system and take a copy of the data from its server. In this...
Why is this company obligated to comply with the GDPR?
SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the...
What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?
What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?A . ECHR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot.B . CJEU can force...
If TripBliss Inc. decides not to report the incident to the supervisory authority, what would be their BEST defense?
SCENARIO Please use the following to answer the next question: TripBliss Inc. is a travel service company which has lost substantial revenue over the last few years. Their new manager, Oliver, suspects that this is partly due to the company’s outdated website. After doing some research, he meets with a...
Under what circumstances would the GDPR apply to personal data that exists in physical form, such as information contained in notebooks or hard copy files?
Under what circumstances would the GDPR apply to personal data that exists in physical form, such as information contained in notebooks or hard copy files?A . Only where the personal data is produced as a physical output of specific automated processing activities, such as printing, labelling, or stamping.B . Only...
Under the GDPR, who would be LEAST likely to be allowed to engage in the collection, use, and disclosure of a data subject’s sensitive medical information without the data subject’s knowledge or consent?
Under the GDPR, who would be LEAST likely to be allowed to engage in the collection, use, and disclosure of a data subject’s sensitive medical information without the data subject’s knowledge or consent?A . A member of the judiciary involved in adjudicating a legal dispute involving the data subject and...
In light of the requirements of Article 32 of the GDPR (related to the Security of Processing), which practice should the company institute?
SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the...
Article 5(1)(b) of the GDPR states that personal data must be “collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes.” Based on Article 5(1)(b), what is the impact of a member state’s interpretation of the word “incompatible”?
Article 5(1)(b) of the GDPR states that personal data must be “collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes.” Based on Article 5(1)(b), what is the impact of a member state’s interpretation of the word “incompatible”?A . It dictates the...
