A Review Of 100% Guarantee CIPP-E Dumps

NEW QUESTION 1
The GDPR requires controllers to supply data subjects with detailed information about the processing of their data. Where a controller obtains data directly from data subjects, which of the following items of information does NOT legally have to be supplied?

• A. The recipients or categories of recipients.
• B. The categories of personal data concerned.
• C. The rights of access, erasure, restriction, and portability.
• D. The right to lodge a complaint with a supervisory authority.

Answer: B

NEW QUESTION 2
SCENARIO
Please use the following to answer the next question:
Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees are located there. The company offers its services to Canadians only: Its website is in English and French, it accepts only Canadian currency, and it blocks internet traffic from outside of Canada (although this solution doesn’t prevent all non-Canadian traffic). It also declines to process orders that request the DNA report to be sent outside of Canada, and returns orders that show a non-Canadian return address.
Bob, the President of Who-R-U, thinks there is a lot of interest for the product in the EU, and the company is exploring a number of plans to expand its customer base.
The first plan, collegially called We-Track-U, will use an app to collect information about its current Canadian customer base. The expansion will allow its Canadian customers to use the app while traveling abroad. He suggests that the company use this app to gather location information. If the plan shows promise, Bob proposes to use push notifications and text messages to encourage existing customers to pre-register for an EU version of the service. Bob calls this work plan, We-Text-U. Once the company has gathered enough pre- registrations, it will develop EU-specific content and services.
Another plan is called Customer for Life. The idea is to offer additional services through the company’s app, like storage and sharing of DNA information with other applications and medical providers. The company’s contract says that it can keep customer DNA indefinitely, and use it to offer new services and market them to customers. It also says that customers agree not to withdraw direct marketing consent. Paul, the marketing director, suggests that the company should fully exploit these provisions, and that it can work around customers’ attempts to withdraw consent because the contract invalidates them.
The final plan is to develop a brand presence in the EU. The company has already begun this process. It is in the process of purchasing the naming rights for a building in Germany, which would come with a few offices that Who-R-U executives can use while traveling internationally. The office doesn’t include any technology or infrastructure; rather, it’s simply a room with a desk and some chairs.
On a recent trip concerning the naming-rights deal, Bob’s laptop is stolen. The laptop held unencrypted DNA reports on 5,000 Who-R-U customers, all of whom are residents of Canada. The reports include customer name, birthdate, ethnicity, racial background, names of relatives, gender, and occasionally health information.
The Customer for Life plan may conflict with which GDPR provision?

• A. Article 6, which requires processing to be lawful.
• B. Article 7, which requires consent to be as easy to withdraw as it is to give.
• C. Article 16, which provides data subjects with a rights to rectification.
• D. Article 20, which gives data subjects a right to data portability.

Answer: B

NEW QUESTION 3
SCENARIO
Please use the following to answer the next question:
T-Craze, a German-headquartered specialty t-shirt company, was successfully selling to large German metropolitan cities. However, after a recent merger with another German-based company that was selling to a broader European market, T-Craze revamped its marketing efforts to sell to a wider audience. These efforts included a complete redesign of its logo to reflect the recent merger, and improvements to its website meant to capture more information about visitors through the use of cookies.
T-C raze also opened various office locations throughout Europe to help expand its business. While Germany Target, a renowned marketing firm based in the Philippines, to run its latest marketing campaign. After thorough research, Right Target determined that T-Craze is most successful with customers between the ages of 18 and 22. Thus, its first campaign targeted university students in several European capitals, which yielded nearly 40% new customers for T-Craze in one quarter. Right Target also ran subsequent campaigns for T- Craze, though with much less success.
The last two campaigns included a wider demographic group and resulted in countless unsubscribe requests, including a large number in Spain. In fact, the Spanish data protection authority received a complaint from Sofia, a mid-career investment banker. Sofia was upset after receiving a marketing communication even after unsubscribing from such communications from the Right Target on behalf of T-Craze.
What is the best option for the lead regulator when responding to the Spanish supervisory authority’s notice that it plans to take action regarding Sofia’s complaint?

• A. Accept, because it did not receive any complaints.
• B. Accept, because GDPR permits non-lead authorities to take action for such complaints.
• C. Reject, because Right Target’s processing was conducted throughout Europe.
• D. Reject, because GDPR does not allow other supervisory authorities to take action if there is a lead authority.

Answer: D

NEW QUESTION 4
Why is advisable to avoid consent as a legal basis for an employer to process employee data?

• A. Employee data can only be processed if there is an approval from the data protection officer.
• B. Consent may not be valid if the employee feels compelled to provide it.
• C. An employer might have difficulty obtaining consent from every employee.
• D. Data protection laws do not apply to processing of employee data.

Answer: A

NEW QUESTION 5
A grade school is planning to use facial recognition to track student attendance. Which of the following may provide a lawful basis for this processing?

• A. The school places a notice near each camera.
• B. The school gets explicit consent from the students.
• C. Processing is necessary for the legitimate interests pursed by the school.
• D. A state law requires facial recognition to verify attendance.

Answer: A

NEW QUESTION 6
Which of the following was the first to implement national law for data protection in 1973?

• A. France
• B. Sweden
• C. Germany
• D. United Kingdom

Answer: B

NEW QUESTION 7
Select the answer below that accurately completes the following: “The right to compensation and liability under the GDPR…

• A. …provides for an exemption from liability if the data controller (or data processor) proves that it is not in any way responsible for the event giving rise to the damage.”
• B. …precludes any subsequent recourse proceedings against other controllers or processors involved in the same processing.”
• C. ...can only be exercised against the data controller, even if a data processor was involved in the same processing.”
• D. …is limited to a maximum amount of EUR 20 million per event of damage or loss.”

Answer: B

NEW QUESTION 8
An organisation receives a request multiple times from a data subject seeking to exercise his rights with respect to his own personal data. Under what condition can the organisation charge the data subject for processing the request?

• A. Only where the organisation can show that it is reasonable to do so because more than one request was made.
• B. Only to the extent this is allowed under the restrictions on data subjects’ rights introduced under Art 23 of GDPR.
• C. Only where the administrative costs of taking the action requested exceeds a certain threshold.
• D. Only if the organisation can demonstrate that the request is clearly excessive or misguided.

Answer: D

NEW QUESTION 9
SCENARIO
Please use the following to answer the next question:
T-Craze, a German-headquartered specialty t-shirt company, was successfully selling to large German metropolitan cities. However, after a recent merger with another German-based company that was selling to a broader European market, T-Craze revamped its marketing efforts to sell to a wider audience. These efforts included a complete redesign of its logo to reflect the recent merger, and improvements to its website meant to capture more information about visitors through the use of cookies.
T-C raze also opened various office locations throughout Europe to help expand its business. While Germany continued to host T-Craze’s headquarters and main product-design office, its French affiliate became responsible for all marketing and sales activities. The French affiliate recently procured the services of Right Target, a renowned marketing firm based in the Philippines, to run its latest marketing campaign. After thorough research, Right Target determined that T-Craze is most successful with customers between the ages of 18 and 22. Thus, its first campaign targeted university students in several European capitals, which yielded nearly 40% new customers for T-Craze in one quarter. Right Target also ran subsequent campaigns for T- Craze, though with much less success.
The last two campaigns included a wider demographic group and resulted in countless unsubscribe requests, including a large number in Spain. In fact, the Spanish data protection authority received a complaint from Sofia, a mid-career investment banker. Sofia was upset after receiving a marketing communication even after unsubscribing from such communications from the Right Target on behalf of T-Craze.
Why does the Spanish supervisory authority notify the French supervisory authority when it opens an investigation into T-Craze based on Sofia’s complaint?

• A. T-Craze has a French affiliate.
• B. The French affiliate procured the services of Right Target.
• C. T-Craze conducts its marketing and sales activities in France.
• D. The Spanish supervisory authority is providing a courtesy notification not required under the GDPR.

Answer: C

NEW QUESTION 10
A company in France suffers a robbery over the weekend owing to a faulty alarm system. When it is determined that the break-in involves the loss of a substantial amount of data, the company decides on a CCTV system to monitor for future incidents. Company technicians install cameras in the entrance of the building, hallways and offices. Footage is recorded continuously, and is monitored by the home office in the United States. What is the most realistic step the company could take to address their security concerns and comply with the personal data processing principles set out in Article 5 of the GDPR?

• A. Seek informed consent from company employees.
• B. Have cameras recording during work hours only.
• C. Retain captured footage for no more than 30 days.
• D. Restrict camera placement to building entrances only.

Answer: A

NEW QUESTION 11
Which of the following would MOST likely trigger the extraterritorial effect of the GDPR, as specified by Article 3?

• A. The behavior of suspected terrorists being monitored by EU law enforcement bodies.
• B. Personal data of EU citizens being processed by a controller or processor based outside the EU.
• C. The behavior of EU citizens outside the EU being monitored by non-EU law enforcement bodies.
• D. Personal data of EU residents being processed by a non-EU business that targets EU customers.

Answer: B

NEW QUESTION 12
Which change was introduced by the 2009 amendments to the e-Privacy Directive 2002/58/EC?

• A. A voluntary notification for personal data breaches applicable to all data controllers.
• B. A voluntary notification for personal data breaches applicable to electronic communication providers.
• C. A mandatory notification for personal data breaches applicable to all data controllers.
• D. A mandatory notification for personal data breaches applicable to electronic communication providers.

Answer: D

NEW QUESTION 13
To which of the following parties does the territorial scope of the GDPR NOT apply?

• A. All member countries of the European Economic Area.
• B. All member countries party to the Treaty of Lisbon.
• C. All member countries party to the Paris Agreement.
• D. All member countries of the European Union.

Answer: A

NEW QUESTION 14
Under the GDPR, which of the following is true in regard to adequacy decisions involving cross-border
transfers?

• A. The European Commission can adopt an adequacy decision for individual companies.
• B. The European Commission can adopt, repeal or amend an existing adequacy decision.
• C. EU member states are vested with the power to accept or reject a European Commission adequacy decision.
• D. To be considered as adequate, third countries must implement the EU General Data Protection Regulation into their national legislation.

Answer: A

NEW QUESTION 15
Pursuant to Article 4(5) of the GDPR, data is considered “pseudonymized” if?

• A. It cannot be attributed to a data subject without the use of additional information.
• B. It cannot be attributed to a person under any circumstances.
• C. It can only be attributed to a person by the controller.
• D. It can only be attributed to a person by a third party.

Answer: A

NEW QUESTION 16
......