CIPP-E exam

Which statement is correct when considering the right to privacy under Article 8 of the European Convention on Human Rights (ECHR)? The right to privacy is an absolute rightA . The right to privacy has to be balanced against other rights under the ECHRB . The right to freedom of...

Which sentence BEST summarizes the concepts of “fairness,” “lawfulness” and “transparency”, as expressly required by Article 5 of the GDPR?A . Fairness and transparency refer to the communication of key information before collecting data; lawfulness refers to compliance with government regulations.B . Fairness refers to limiting the amount of data...

Under the GDPR, who would be LEAST likely to be allowed to engage in the collection, use, and disclosure of a data subject’s sensitive medical information without the data subject’s knowledge or consent?A . A member of the judiciary involved in adjudicating a legal dispute involving the data subject and...

A key component of the OECD Guidelines is the “Individual Participation Principle”. What parts of the General Data Protection Regulation (GDPR) provide the closest equivalent to that principle?A . The lawful processing criteria stipulated by Articles 6 to 9B . The information requirements set out in Articles 13 and 14C...

How does the GDPR now define “processing”?A . Any act involving the collecting and recording of personal data.B . Any operation or set of operations performed on personal data or on sets of personal data.C . Any use or disclosure of personal data compatible with the purpose for which the...

A U.S.-based online shop uses sophisticated software to track the browsing behavior of its European customers and predict future purchases. It also shares this information with third parties. Under the GDPR, what is the online shop’s PRIMARY obligation while engaging in this kind of profiling?A . It must solicit informed...

Tanya is the Data Protection Officer for Curtains Inc., a GDPR data controller. She has recommended that the company encrypt all personal data at rest. Which GDPR principle is she following?A . AccuracyB . Storage LimitationC . Integrity and confidentialityD . Lawfulness, fairness and transparencyView AnswerAnswer: C Explanation: Reference: https://www.icaew.com/technical/technology/data/data-protection/data-protection-articles/do-i-have-to-encrypt-personal-data-to-comply-with-dpa-2018

Under the GDPR, where personal data is not obtained directly from the data subject, a controller is exempt from directly providing information about processing to the data subject if?A . The data subject already has information regarding how his data will be usedB . The provision of such information to...

Article 5(1)(b) of the GDPR states that personal data must be “collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes.” Based on Article 5(1)(b), what is the impact of a member state’s interpretation of the word “incompatible”?A . It dictates the...

Assuming that the “without undue delay” provision is followed, what is the time limit for complying with a data access request?A . Within 40 days of receiptB . Within 40 days of receipt, which may be extended by up to 40 additional daysC . Within one month of receipt, which...