Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CIPP-E Exam Dumps - Certified Information Privacy Professional/Europe (CIPP/E)

Go to page:
Question # 73

In which situation would a data controller most likely be able to justify the processing of the data of a child without parental consent?

A.

When the data is to be processed for market research.

B.

When providing preventive or counselling services to the child.

C.

When providing the child with materials purely for educational use.

D.

When a legitimate business interest makes obtaining consent impractical.

Full Access
Question # 74

To comply with the GDPR and the EU Court of Justice's decision in Schrems II, the European Commission issued what are commonly referred to as the new standard contractual clauses (SCCs). As a result, businesses must do all of the following EXCEPT?

A.

Consider the new optional docking clause, which expressly permits adding new parties to the SCCs.

B.

Migrate all contracts entered into before September 27, 2021, that use the old SCCs to the new SCCs by December 27, 2022.

C.

Take steps to flow down the new SCCs to relevant parts of their supply chain using the new SCCs as of September 27, 2021, if the business is a data importer.

D.

Implement the new SCCs in the U.K. following Brexit, as the U.K. Information Commissioner's Office does not have the authority to publish its own set of SCCs.

Full Access
Question # 75

The European Parliament jointly exercises legislative and budgetary functions with which of the following?

A.

The European Commission.

B.

The Article 29 Working Party.

C.

The Council of the European Union.

D.

The European Data Protection Board.

Full Access
Question # 76

Which of the following is NOT recognized as a common characteristic of cloud computing services?

A.

The service's infrastructure is shared among the supplier's customers and can be located in a number of countries.

B.

The supplier determines the location, security measures, and service standards applicable to the processing.

C.

The supplier allows customer data to be transferred around the infrastructure according to capacity.

D.

The supplier assumes the vendor's business risk associated with data processed by the supplier.

Full Access
Question # 77

The transparency principle is most directly related to which of the following rights?

A.

Right to object

B.

Right to be informed.

C.

Right to be forgotten.

D.

Right to restriction of processing.

Full Access
Question # 78

SCENARIO

Please use the following to answer the next question:

Jane Stan's her new role as a Data Protection Officer (DPO) at a Malta-based company that allows anyone to buy and sell cryptocurrencies via its online platform. The company stores and processes the personal data of its customers in a dedicated data center located m Malta |EU).

People wishing to trade cryptocurrencies are required to open an online account on the platform. They then must successfully pass a KYC due diligence procedure aimed at preventing money laundering and ensuring compliance with applicable financial regulations.

The non-European customers are also required to waive all their GDPR rights by reading a disclaimer written in bold and belong a checkbox on a separate page in order to get their account approved on the platform.

The customers must likewise accept the terms of service of the platform. The terms of service also include a privacy policy section, saying, among other things, that if a

What is potentially wrong with the backup system operated in the AWS cloud?

A.

The AWS servers are located in the EU but in a country different than the location of the corporate headquarters.

B.

It is unlawful to process any personal data in a cloud unless the cloud is certified as GOPR-compliant by a competent supervisory authority.

C.

The data storage period has to be revised, and a data processing agreement w*h AWS must be signed

D.

AWS is a U S company, and no personal data of European residents may be transferred to it without explicit written consent from data subjects.

Full Access
Question # 79

The Murla HB Club should have carried out a DPIA before the installation of the new access system AND at what other time?

A.

After the complaint of the supporter

B.

Periodically, when new risks were foreseen

C.

At the end of every match of the season.

D.

After the AEPD notification of the investigation.

Full Access
Question # 80

SCENARIO

Please use the following to answer the next question:

T-Craze, a German-headquartered specialty t-shirt company, was successfully selling to large German metropolitan cities. However, after a recent merger with another German-based company that was selling to a broader European market, T-Craze revamped its marketing efforts to sell to a wider audience. These efforts included a complete redesign of its logo to reflect the recent merger, and improvements to its website meant to capture more information about visitors through the use of cookies.

T-Craze also opened various office locations throughout Europe to help expand its business. While Germany

Target, a renowned marketing firm based in the Philippines, to run its latest marketing campaign. After thorough research, Right Target determined that T-Craze is most successful with customers between the ages of 18 and 22. Thus, its first campaign targeted university students in several European capitals, which yielded nearly 40% new customers for T-Craze in one quarter. Right Target also ran subsequent campaigns for T- Craze, though with much less success.

The last two campaigns included a wider demographic group and resulted in countless unsubscribe requests, including a large number in Spain. In fact, the Spanish data protection authority received a complaint from Sofia, a mid-career investment banker. Sofia was upset after receiving a marketing communication even after unsubscribing from such communications from the Right Target on behalf of T-Craze.

What is the best option for the lead regulator when responding to the Spanish supervisory authority’s notice that it plans to take action regarding Sofia’s complaint?

A.

Accept, because it did not receive any complaints.

B.

Accept, because GDPR permits non-lead authorities to take action for such complaints.

C.

Reject, because Right Target’s processing was conducted throughout Europe.

D.

Reject, because GDPR does not allow other supervisory authorities to take action if there is a lead authority.

Full Access
Go to page: