Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CIPP-E Exam Dumps - Certified Information Privacy Professional/Europe (CIPP/E)

Go to page:
Question # 4

SCENARIO

Please use the following to answer the next question:

Liem, an online retailer known for its environmentally friendly shoes, has recently expanded its presence in Europe. Anxious to achieve market dominance, Liem teamed up with another eco friendly company, EcoMick, which sells accessories like belts and bags. Together the companies drew up a series of marketing campaigns designed to highlight the environmental and economic benefits of their products. After months of planning, Liem and EcoMick entered into a data sharing agreement to use the same marketing database, MarketIQ, to send the campaigns to their respective contacts.

Liem and EcoMick also entered into a data processing agreement with MarketIQ, the terms of which included processing personal data only upon Liem and EcoMick’s instructions, and making available to them all information necessary to demonstrate compliance with GDPR obligations.

Liem and EcoMick then procured the services of a company called JaphSoft, a marketing optimization firm that uses machine learning to help companies run successful campaigns. Clients provide JaphSoft with the personal data of individuals they would like to be targeted in each campaign. To ensure protection of its

clients’ data, JaphSoft implements the technical and organizational measures it deems appropriate. JaphSoft works to continually improve its machine learning models by analyzing the data it receives from its clients to determine the most successful components of a successful campaign. JaphSoft then uses such models in providing services to its client-base. Since the models improve only over a period of time as more information is collected, JaphSoft does not have a deletion process for the data it receives from clients. However, to ensure compliance with data privacy rules, JaphSoft pseudonymizes the personal data by removing identifying

information from the contact information. JaphSoft’s engineers, however, maintain all contact information in the same database as the identifying information.

Under its agreement with Liem and EcoMick, JaphSoft received access to MarketIQ, which included contact information as well as prior purchase history for such contacts, to create campaigns that would result in the most views of the two companies’ websites. A prior Liem customer, Ms. Iman, received a marketing campaign

from JaphSoft regarding Liem’s as well as EcoMick’s latest products. While Ms. Iman recalls checking a box to receive information in the future regarding Liem’s products, she has never shopped EcoMick, nor provided her personal data to that company.

Why would the consent provided by Ms. Iman NOT be considered valid in regard to JaphSoft?

A.

She was not told which controller would be processing her personal data.

B.

She only viewed the visual representations of the privacy notice Liem provided.

C.

She did not read the privacy notice stating that her personal data would be shared.

D.

She has never made any purchases from JaphSoft and has no relationship with the company.

Full Access
Question # 5

According to the E-Commerce Directive 2000/31/EC, where is the place of “establishment” for a company providing services via an Internet website confirmed by the GDPR?

A.

Where the technology supporting the website is located

B.

Where the website is accessed

C.

Where the decisions about processing are made

D.

Where the customer’s Internet service provider is located

Full Access
Question # 6

A company in France suffers a robbery over the weekend owing to a faulty alarm system. When it is determined that the break-in involves the loss of a substantial amount of data, the company decides on a CCTV system to monitor for future incidents. Company technicians install cameras in the entrance of the building, hallways and offices. Footage is recorded continuously, and is monitored by the home office in the United States. What is the most realistic step the company could take to address their security concerns and comply with the personal data processing principles set out in Article 5 of the GDPR?

A.

Seek informed consent from company employees.

B.

Have cameras recording during work hours only.

C.

Retain captured footage for no more than 30 days.

D.

Restrict camera placement to building entrances only.

Full Access
Question # 7

In addition to the European Commission, who can adopt standard contractual clauses, assuming that all required conditions are met?

A.

Approved data controllers.

B.

The Council of the European Union.

C.

National data protection authorities.

D.

The European Data Protection Supervisor.

Full Access
Question # 8

Article 9 of the GDPR lists exceptions to the general prohibition against processing biometric data. Which of the following is NOT one of these exceptions?

A.

The processing is done by a non-profit organization and the results are disclosed outside the organization.

B.

The processing is necessary to protect the vital interests of the data subject when he or she is incapable of giving consent.

C.

The processing is necessary for the establishment, exercise or defense of legal claims when courts are acting in a judicial capacity.

D.

The processing is explicitly consented to by the data subject and he or she is allowed by Union or Member State law to lift the prohibition.

Full Access
Go to page: