CIPP-E exam

SCENARIO Please use the following to answer the next question: TripBliss Inc. is a travel service company which has lost substantial revenue over the last few years. Their new manager, Oliver, suspects that this is partly due to the company’s outdated website. After doing some research, he meets with a...

SCENARIO Please use the following to answer the next question: Anna and Frank both work at Granchester University. Anna is a lawyer responsible for data protection, while Frank is a lecturer in the engineering department. The University maintains a number of types of records: - Student records, including names, student...

Which aspect of the GDPR will likely have the most impact on the consistent implementation of data protection laws throughout the European Union?A . That it essentially functions as a one-stop shop mechanismB . That it takes the form of a Regulation as opposed to a DirectiveC . That it...

Which institution has the power to adopt findings that confirm the adequacy of the data protection level in a non-EU country?A . The European ParliamentB . The European CommissionC . The Article 29 Working PartyD . The European CouncilView AnswerAnswer: B Explanation: Reference: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

What is one major goal that the OECD Guidelines, Convention 108 and the Data Protection Directive (Directive 95/46/EC) all had in common but largely failed to achieve in Europe?A . The establishment of a list of legitimate data processing criteriaB . The creation of legally binding data protection principlesC ....

What type of data lies beyond the scope of the General Data Protection Regulation?A . PseudonymizedB . AnonymizedC . EncryptedD . MaskedView AnswerAnswer: B Explanation: Reference: https://www.datainspektionen.se/other-lang/in-english/the-general-data-protection-regulation-gdpr/the-purposes-and-scope-of-the-general-data-protection-regulation/

What is the consequence if a processor makes an independent decision regarding the purposes and means of processing it carries out on behalf of a controller?A . The controller will be liable to pay an administrative fineB . The processor will be liable to pay compensation to affected data subjectsC...

When collecting personal data in a European Union (EU) member state, what must a company do if it collects personal data from a source other than the data subjects themselves?A . Inform the subjects about the collectionB . Provide a public notice regarding the dataC . Upgrade security to match...

How is the retention of communications traffic data for law enforcement purposes addressed by European data protection law?A . The ePrivacy Directive allows individual EU member states to engage in such data retention.B . The ePrivacy Directive harmonizes EU member states’ rules concerning such data retention.C . The Data Retention...

When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?A . Documenting due diligence steps taken in the pre-contractual stage.B . Conducting a risk assessment to analyze possible outsourcing threats.C . Requiring that...