CIPP-E exam

SCENARIO Please use the following to answer the next question: Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees are located there. The company offers its services to Canadians only: Its website is...

According to Article 14 of the GDPR, how long does a controller have to provide a data subject with necessary privacy information, if that subject’s personal data has been obtained from other sources?A . As soon as possible after obtaining the personal data.B . As soon as possible after the...

Which sentence best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?A . Employees must sign an ad hoc contractual agreement each time personal data is exported.B . All employees are subject to the rules in their entirety, regardless of where the...

A worker in a European Union (EU) member state has ceased his employment with a company. What should the employer most likely do in regard to the worker’s personal data?A . Destroy sensitive information and store the rest per applicable data protection rules.B . Store all of the data in...

The Planet 49 CJEU Judgement applies to?A . Cookies used only by third parties.B . Cookies that are deemed technically necessary.C . Cookies regardless of whether the data accessed is personal or not.D . Cookies where the data accessed is considered as personal data only.View AnswerAnswer: C Explanation: Reference: https://www.twobirds.com/en/news/articles/2019/global/planet49-cjeu-rules-on-cookie-consent

Under which of the following conditions does the General Data Protection Regulation NOT apply to the processing of personal data? A. When the personal data is processed only in non-electronic form B. When the personal data is collected and then pseudonymised by the controller C. When the personal data is...

A company in France suffers a robbery over the weekend owing to a faulty alarm system. When it is determined that the break-in involves the loss of a substantial amount of data, the company decides on a CCTV system to monitor for future incidents. Company technicians install cameras in the...

Limitation of liability. […] Consent By completing this registration form, you attest that you are at least 16 years of age, and that you consent to the processing of your personal data by Vigotron for the purpose of using the M-Health app. Although you are entitled to opt out of...

Which change was introduced by the 2009 amendments to the e-Privacy Directive 2002/58/EC?A . A voluntary notification for personal data breaches applicable to all data controllers.B . A voluntary notification for personal data breaches applicable to electronic communication providers.C . A mandatory notification for personal data breaches applicable to all...

Which of the following is NOT recognized as being a common characteristic of cloud-computing services?A . The service’s infrastructure is shared among the supplier’s customers and can be located in a number of countries.B . The supplier determines the location, security measures, and service standards applicable to the processing.C ....