Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CIPP-E Exam Dumps - Certified Information Privacy Professional/Europe (CIPP/E)

Go to page:
Question # 17

SCENARIO

Please use the following to answer the next question:

WonderkKids provides an online booking service for childcare. Wonderkids is based in France, but hosts its website through a company in Switzerland. As part of their service, WonderKids will pass all personal data provided to them to the childcare provider booked through their system. The type of personal data collected on the website includes the name of the person booking the childcare, address and contact details, as well as information about the children to be cared for including name, age, gender and health information. The privacy statement on Wonderkids’ website states the following:

“WonderkKids provides the information you disclose to us through this website to your childcare provider for scheduling and health and safety reasons. We may also use your and your child’s personal information for our own legitimate business purposes and we employ a third-party website hosting company located in Switzerland to store the data. Any data stored on equipment located in Switzerland meets the European Commission provisions for guaranteeing adequate safeguards for you and your child’s personal information. We will only share you and your child’s personal information with businesses that we see as adding real value to you. By providing us with any personal data, you consent to its transfer to affiliated businesses and to send you promotional offers.”

“We may retain you and your child’s personal information for no more than 28 days, at which point the data will be depersonalized, unless your personal information is being used for a legitimate business purpose beyond 28 days where it may be retained for up to 2 years.”

“We are processing you and your child’s personal information with your consent. If you choose not to provide certain information to us, you may not be able to use our services. You have the right to: request access to

you and your child’s personal information; rectify or erase you or your child’s personal information; the right to correction or erasure of you and/or your child’s personal information; object to any processing of you and your child’s personal information. You also have the right to complain to the supervisory authority about our data processing activities.”

What additional information must Wonderkids provide in their Privacy Statement?

A.

How often promotional emails will be sent.

B.

Contact information of the hosting company.

C.

Technical and organizational measures to protect data.

D.

The categories of recipients with whom data will be shared.

Full Access
Question # 18

What is true if an employee makes an access request to his employer for any personal data held about him?

A.

The employer can automatically decline the request if it contains personal data about a third person.

B.

The employer can decline the request if the information is only held electronically.

C.

The employer must supply all the information held about the employee.

D.

The employer must supply any information held about an employee unless an exemption applies.

Full Access
Question # 19

Which change was introduced by the 2009 amendments to the e-Privacy Directive 2002/58/EC?

A.

A voluntary notification for personal data breaches applicable to all data controllers.

B.

A voluntary notification for personal data breaches applicable to electronic communication providers.

C.

A mandatory notification for personal data breaches applicable to all data controllers.

D.

A mandatory notification for personal data breaches applicable to electronic communication providers.

Full Access
Question # 20

A German data subject was the victim of an embarrassing prank 20 years ago. A newspaper website published an article about the prank at the time, and the article is still available on the newspaper’s website. Unfortunately, the prank is the top search result when a user searches on the victim’s name. The data subject requests that SearchCo delist this result. SearchCo agrees, and instructs its technology team to avoid scanning or indexing the article. What else must SearchCo do?

A.

Notify the newspaper that its article it is delisting the article.

B.

Fully erase the URL to the content, as opposed to delist which is mainly based on data subject’s name.

C.

Identify other controllers who are processing the same information and inform them of the delisting request.

D.

Prevent the article from being listed in search results no matter what search terms are entered into the search engine.

Full Access
Question # 21

According to the GDPR, what is the main task of a Data Protection Officer (DPO)?

A.

To create and maintain records of processing activities.

B.

To conduct Privacy Impact Assessments on behalf of the controller or processor.

C.

To monitor compliance with other local or European data protection provisions.

D.

To create procedures for notification of personal data breaches to competent supervisory authorities.

Full Access
Question # 22

A U.S.-based online shop uses sophisticated software to track the browsing behavior of its European customers and predict future purchases. It also shares this information with third parties. Under the GDPR, what is the online shop’s PRIMARY obligation while engaging in this kind of profiling?

A.

It must solicit informed consent through a notice on its website

B.

It must seek authorization from the European supervisory authorities

C.

It must be able to demonstrate a prior business relationship with the customers

D.

It must prove that it uses sufficient security safeguards to protect customer data

Full Access
Question # 23

In which of the following cases, cited as an example by a WP29 guidance, would conducting a single data protection impact assessment to address multiple processing operations be allowed?

A.

A medical organization that wants to begin genetic testing to support earlier research for which they have performed a DPIA.

B.

A data controller who plans to use a new technology product that has already undergone a DPIA by the product’s provider.

C.

A marketing team that wants to collect mailing addresses of customers for whom they already have email addresses.

D.

A railway operator who plans to evaluate the same video surveillance in all the train stations of his company.

Full Access
Question # 24

According to the GDPR, when should the processing of photographs be considered processing of special categories of personal data?

A.

When processed with the intent to publish information regarding a natural person on publicly accessible media.

B.

When processed with the intent to proceed to scientific or historical research projects.

C.

When processed with the intent to uniquely identify or authenticate a natural person.

D.

When processed with the intent to comply with a law.

Full Access
Go to page: