CIPP-E exam

Company X has entrusted the processing of their payroll data to Provider Y. Provider Y stores this encrypted data on its server. The IT department of Provider Y finds out that someone managed to hack into the system and take a copy of the data from its server. In this...

Under Article 80(1) of the GDPR, individuals can elect to be represented by not-for-profit organizations in a privacy group litigation or class action. These organizations are commonly known as?A . Law firm organizations.B . Civil society organizations.C . Human rights organizations.D . Constitutional rights organizations.View AnswerAnswer: B Explanation: Reference: https://gdpr-info.eu/art-80-gdpr/

SCENARIO Please use the following to answer the next question: Building Block Inc. is a multinational company, headquartered in Chicago with offices throughout the United States, Asia, and Europe (including Germany, Italy, France and Portugal). Last year the company was the victim of a phishing attack that resulted in a...

Which of the following describes a mandatory requirement for a group of undertakings that wants to appoint a single data protection officer?A . The group of undertakings must obtain approval from a supervisory authority.B . The group of undertakings must be comprised of organizations of similar sizes and functions.C ....

What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?A . ECHR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot.B . CJEU can force...

What type of data lies beyond the scope of the General Data Protection Regulation?A . PseudonymizedB . AnonymizedC . EncryptedD . MaskedView AnswerAnswer: B Explanation: Reference: https://www.datainspektionen.se/other-lang/in-english/the-general-data-protection-regulation-gdpr/the-purposes-and-scope-of-the-general-data-protection-regulation/

Which mechanism, new to the GDPR, now allows for the possibility of personal data transfers to third countries under Article 42?A . Approved certifications.B . Binding corporate rules.C . Law enforcement requests.D . Standard contractual clauses.View AnswerAnswer: A Explanation: Reference: https://www.anonos.com/gdpr-chapter-5-transfers-of-personal-data-to-third-countries-or-international-organisations

According to the E-Commerce Directive 2000/31/EC, where is the place of “establishment” for a company providing services via an Internet website confirmed by the GDPR?A . Where the technology supporting the website is locatedB . Where the website is accessedC . Where the decisions about processing are madeD . Where...

Which of the following Convention 108+ principles, as amended in 2018, is NOT consistent with a principle found in the GDPR? A. The obligation of companies to declare data breaches. B. The requirement to demonstrate compliance to a supervisory authority. C. The necessity of the bulk collection of personal data...

What is one major goal that the OECD Guidelines, Convention 108 and the Data Protection Directive (Directive 95/46/EC) all had in common but largely failed to achieve in Europe?A . The establishment of a list of legitimate data processing criteriaB . The creation of legally binding data protection principlesC ....