CIPP-E exam

What obligation does a data controller or processor have after appointing a data protection officer?A . To ensure that the data protection officer receives sufficient instructions regarding the exercise of his or her defined tasks.B . To provide resources necessary to carry out the defined tasks of the data protection...

A company wishes to transfer personal data to a country outside of the European Union/EEA In order to do so, they are planning an assessment of the country's laws and practices, knowing that these may impinge upon the transfer safeguards they intend to use All of the following factors would...

A company has collected personal data tor direct marketing purpose on the basis of consent. It is now considering using this data to develop new products through analytics. What is the company first required to do?A . Obtain specific consent for the new processingB . Only inform the data subjects...

Which of the following is NOT an explicit right granted to data subjects under the GDPR? A. The right to request access to the personal data a controller holds about them. B. The right to request the deletion of data a controller holds about them. C. The right to opt-out...

SCENARIO Please use the following to answer the next question: Due to rapidly expanding workforce, Company A has decided to outsource its payroll function to Company B. Company B is an established payroll service provider with a sizable client base and a solid reputation in the industry. Company B’s payroll...

Which EU institution is vested with the competence to propose new data protection legislation on its own initiative?A . The European CouncilB . The European ParliamentC . The European CommissionD . The Council of the European UnionView AnswerAnswer: C Explanation: Reference: https://www.tandfonline.com/doi/full/10.1080/13600834.2019.1573501

SCENARIO Please use the following to answer the next question: Jane Stan's her new role as a Data Protection Officer (DPO) at a Malta-based company that allows anyone to buy and sell cryptocurrencies via its online platform. The company stores and processes the personal data of its customers in a...

There are three domains of security covered by Article 32 of the GDPR that apply to both the controller and the processor. These include all of the following EXCEPT?A . Consent management and withdrawal.B . Incident detection and response.C . Preventative security.D . Remedial security.View AnswerAnswer: A

According to Art 23 GDPR, which of the following data subject rights can NOT be restricted?A . Right to restriction of processing.B . Right to erasure ("Right to be forgotten").C . Right to lodge a complaint with a supervisory authority.D . Right not to be subject to automated individual decision-makingView...

It a company receives an anonymous email demanding ransom for the stolen personal data of its clients, what must the company do next, per GDPR requirements'3A . Notify the police and Tile a criminal complaint about the incidentB . Start an investigation to understand the incident's possible scope, duration and...