New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Selected CIPP-E Certified Information Privacy Professional Questions Answers

Page: 14 / 19
Total 268 questions

Certified Information Privacy Professional/Europe (CIPP/E) Questions and Answers

Question 53

SCENARIO

Please use the following to answer the next question:

Brady is a computer programmer based in New Zealand who has been running his own business for two years. Brady’s business provides a low-cost suite of services to customers throughout the European Economic Area (EEA). The services are targeted towards new and aspiring small business owners. Brady’s company, called Brady Box, provides web page design services, a Social Networking Service (SNS) and consulting services that help people manage their own online stores.

Unfortunately, Brady has been receiving some complaints. A customer named Anna recently uploaded her plans for a new product onto Brady Box’s chat area, which is open to public viewing. Although she realized her mistake two weeks later and removed the document, Anna is holding Brady Box responsible for not noticing the error through regular monitoring of the website. Brady believes he should not be held liable.

Another customer, Felipe, was alarmed to discover that his personal information was transferred to a third- party contractor called Hermes Designs and worries that sensitive information regarding his business plans may be misused. Brady does not believe he violated European privacy rules. He provides a privacy notice to all of his customers explicitly stating that personal data may be transferred to specific third parties in fulfillment of a requested service. Felipe says he read the privacy notice but that it was long and complicated

Brady continues to insist that Felipe has no need to be concerned, as he can personally vouch for the integrity of Hermes Designs. In fact, Hermes Designs has taken the initiative to create sample customized banner advertisements for customers like Felipe. Brady is happy to provide a link to the example banner ads, now posted on the Hermes Designs webpage. Hermes Designs plans on following up with direct marketing to these customers.

Brady was surprised when another customer, Serge, expressed his dismay that a quotation by him is being used within a graphic collage on Brady Box’s home webpage. The quotation is attributed to Serge by first and last name. Brady, however, was not worried about any sort of litigation. He wrote back to Serge to let him know that he found the quotation within Brady Box’s Social Networking Service (SNS), as Serge himself had posted the quotation. In his response, Brady did offer to remove the quotation as a courtesy.

Despite some customer complaints, Brady’s business is flourishing. He even supplements his income through online behavioral advertising (OBA) via a third-party ad network with whom he has set clearly defined roles. Brady is pleased that, although some customers are not explicitly aware of the OBA, the advertisements contain useful products and services.

Based on the scenario, what is the main reason that Brady should be concerned with Hermes Designs’ handling of customer personal data?

Options:

A.

The data is sensitive.

B.

The data is uncategorized.

C.

The data is being used for a new purpose.

D.

The data is being processed via a new means.

Question 54

After leaving the EU under the terms of Brexit, the United Kingdom will seek an adequacy determination. What is the reason for this?

Options:

A.

The Insurance Commissioner determined that an adequacy determination is required by the Data Protection Act.

B.

Adequacy determinations automatically lapse when a Member State leaves the EU.

C.

The UK is now a third country because it’s no longer subject to the GDPR.

D.

The UK is less trustworthy now that its not part of the Union.

Question 55

After detecting an intrusion involving the theft of unencrypted personal data, who shall the breached company notify first under GDPR requirements?

Options:

A.

Any parents of children whose personal data was compromised.

B.

Any affected customers whose data was compromised.

C.

A competent supervisory authority.

D.

A local law enforcement agency

Question 56

An online company’s privacy practices vary due to the fact that it offers a wide variety of services. How could it best address the concern that explaining them all would make the policies incomprehensible?

Options:

A.

Use a layered privacy notice on its website and in its email communications.

B.

Identify uses of data in a privacy notice mailed to the data subject.

C.

Provide only general information about its processing activities and offer a toll-free number for more information.

D.

Place a banner on its website stipulating that visitors agree to its privacy policy and terms of use by visiting the site.

Page: 14 / 19
Total 268 questions