CIPP-E exam

Tanya is the Data Protection Officer for Curtains Inc., a GDPR data controller. She has recommended that the company encrypt all personal data at rest. Which GDPR principle is she following?A . AccuracyB . Storage LimitationC . Integrity and confidentialityD . Lawfulness, fairness and transparencyView AnswerAnswer: C Explanation: Reference: https://www.icaew.com/technical/technology/data/data-protection/data-protection-articles/do-i-...

SCENARIO Please use the following to answer the next question: Dynaroux Fashion (‘Dynaroux’) is a successful international online clothing retailer that employs approximately 650 people at its headquarters based in Dublin, Ireland. Ronan is their recently appointed data protection officer, who oversees the company’s compliance with the General Data Protection...

SCENARIO Please use the following to answer the next question: Zandelay Fashion (‘Zandelay’) is a successful international online clothing retailer that employs approximately 650 people at its headquarters based in Dublin, Ireland. Martin is their recently appointed data protection officer, who oversees the company’s compliance with the General Data Protection...

SCENARIO Please use the following to answer the next question: Jack worked as a Pharmacovigiliance Operations Specialist in the Irish office of a multinational pharmaceutical company on a clinical trial related to COVID-19. As part of his onboarding process Jack received privacy training He was explicitly informed that while he...

After detecting an intrusion involving the theft of unencrypted personal data, who shall the breached company notify first under GDPR requirements?A . Any parents of children whose personal data was compromised.B . Any affected customers whose data was compromised.C . A competent supervisory authority.D . A local law enforcement agencyView...

Which GDPR requirement will present the most significant challenges for organizations with Bring Your Own Device (BYOD) programs?A . Data subjects must be sufficiently informed of the purposes for which their personal data is processed.B . Processing of special categories of personal data on a large scale requires appointing a...

Based on GDPR Article 35, which of the following situations would trigger the need to complete a DPIA?A . A company wants to combine location data with other data in order to offer more personalized service for the customer.B . A company wants to use location data to infer information...

Which of the following would NOT be relevant when determining if a processing activity would be considered profiling?A . If the processing is to be performed by a third-party vendorB . If the processing involves data that is considered personal dataC . If the processing of the data is done...

What are the obligations of a processor that engages a sub-processor? A. The processor must give the controller prior written notice and perform a preliminary audit of the sub- processor. B. The processor must obtain the controller’s specific written authorization and provide annual reports on the sub-processor’s performance. C. The...

Which of the following does NOT have to be included in the records most processors must maintain in relation to their data processing activities?A . Name and contact details of each controller on behalf of which the processor is acting.B . Categories of processing carried out on behalf of each...