New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Pass CIPP-E Exam Guide

Page: 6 / 19
Total 268 questions

Certified Information Privacy Professional/Europe (CIPP/E) Questions and Answers

Question 21

Under the GDPR, who would be LEAST likely to be allowed to engage in the collection, use, and disclosure of a data subject’s sensitive medical information without the data subject’s knowledge or consent?

Options:

A.

A member of the judiciary involved in adjudicating a legal dispute involving the data subject and concerning the health of the data subject.

B.

A public authority responsible for public health, where the sharing of such information is considered necessary for the protection of the general populace.

C.

A health professional involved in the medical care for the data subject, where the data subject’s life hinges on the timely dissemination of such information.

D.

A journalist writing an article relating to the medical condition in QUESTION, who believes that the publication of such information is in the public interest.

Question 22

Which sentence BEST summarizes the concepts of “fairness,” “lawfulness” and “transparency”, as expressly required by Article 5 of the GDPR?

Options:

A.

Fairness and transparency refer to the communication of key information before collecting data; lawfulness refers to compliance with government regulations.

B.

Fairness refers to limiting the amount of data collected from individuals; lawfulness refers to the approval of company guidelines by the state; transparency solely relates to communication of key information before collecting data.

C.

Fairness refers to the security of personal data; lawfulness and transparency refers to the analysis of ordinances to ensure they are uniformly enforced.

D.

Fairness refers to the collection of data from diverse subjects; lawfulness refers to the need for legal rules to be uniform; transparency refers to giving individuals access to their data.

Question 23

In which scenario is a Controller most likely required to undertake a Data Protection Impact Assessment?

Options:

A.

When the controller is collecting email addresses from individuals via an online registration form for marketing purposes.

B.

When personal data is being collected and combined with other personal data to profile the creditworthiness of individuals.

C.

When the controller is required to have a Data Protection Officer.

D.

When personal data is being transferred outside of the EEA.

Question 24

MagicClean is a web-based service located in the United States that matches home cleaning services to customers. It otters its services exclusively in the United States It uses a processor located in France to optimize its data. Is MagicClean subject to the GDPR?

Options:

A.

Yes, because MagicClean is processing data in the EU

B.

Yes. because MagicClean's data processing agreement with the French processor is an establishment in the EU

C.

No, because MagicClean is located m the United States only.

D.

No. because MagicClean is not offering services to EU data subjects.

Page: 6 / 19
Total 268 questions