Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Sure Pass Exam CIPP-E PDF

Page: 17 / 19
Total 268 questions

Certified Information Privacy Professional/Europe (CIPP/E) Questions and Answers

Question 65

SCENARIO

Please use the following to answer the next question:

ProStorage is a multinational cloud storage provider headquartered in the Netherlands. Its CEO. Ruth Brown, has developed a two-pronged strategy for growth: 1) expand ProStorage s global customer base and 2) increase ProStorage's sales force by efficiently onboarding effective teams. Enacting this strategy has recently been complicated by Ruth's health condition, which has limited her working hours, as well as her ability to travel to meet potential customers. ProStorage's Human Resources department and Ruth's Chief of Staff now work together to manage her schedule and ensure that she is able to make all her medical appointments The latter has become especially crucial after Ruth's last trip to India, where she suffered a medical emergency and was hospitalized m New Delhi Unable to reach Ruths family, the hospital reached out to ProStorage and was able to connect with her Chief of Staff, who in coordination with Mary, the head of HR. provided information to the doctors based on accommodate on requests Ruth made when she started a: ProStorage

In support of Ruth's strategic goals of hiring more sales representatives, the Human

Resources team is focused on improving its processes to ensure that new

employees are sourced, interviewed, hired, and onboarded efficiently. To help with

this, Mary identified two vendors, HRYourWay, a German based company, and

InstaHR, an Australian based company. She decided to have both vendors go

through ProStorage's vendor risk review process so she can work with Ruth to

make the final decision. As part of the review process, Jackie, who is responsible

for maintaining ProStorage's privacy program (including maintaining controller

BCRs and conducting vendor risk assessments), reviewed both vendors but

completed a transfer impact assessment only for InstaHR. After her review of both

vendors, she determined that InstaHR satisfied more of the requirements as it

boasted a more established privacy program and provided third-party attestations,

whereas HRYourWay was a small vendor with minimal data protection operations.

Thus, she recommended InstaHR.

ProStorage's marketing team also worked to meet the strategic goals of the

company by focusing on industries where it needed to grow its market share. To

help with this, the team selected as a partner UpFinance, a US based company

with deep connections to financial industry customers. During ProStorage's

diligence process, Jackie from the privacy team noted in the transfer impact

assessment that UpFinance implements several data protection measures

including end-to-end encryption, with encryption keys held by the customer.

Notably, UpFinance has not received any government requests in its 7 years of

business. Still, Jackie recommended that the contract require UpFinance to notify

ProStorage if it receives a government request for personal data UpFinance

processes on its behalf prior to disclosing such data.

What transfer mechanism did ProStorage most likely rely on to transfer Ruth's

medical information to the hospital?

Options:

A.

Ruth's implied consent.

B.

Protecting the vital interest of Ruth.

C.

Performance of a contract with Ruth.

D.

Protecting against legal liability from Ruth.

Question 66

Which of the following does NOT have to be included in the records most processors must maintain in relation to their data processing activities?

Options:

A.

Name and contact details of each controller on behalf of which the processor is acting.

B.

Categories of processing carried out on behalf of each controller for which the processor is acting.

C.

Details of transfers of personal data to a third country carried out on behalf of each controller for which the processor is acting.

D.

Details of any data protection impact assessment conducted in relation to any processing activities carried out by the processor on behalf of each controller for which the processor is acting.

Question 67

What is true if an employee makes an access request to his employer for any personal data held about him?

Options:

A.

The employer can automatically decline the request if it contains personal data about a third person.

B.

The employer can decline the request if the information is only held electronically.

C.

The employer must supply all the information held about the employee.

D.

The employer must supply any information held about an employee unless an exemption applies.

Question 68

A company plans to transfer employee health information between two of its entities in France. To maintain the security of the processing, what would be the most important security measure to apply to the health data transmission?

Options:

A.

Inform the data subject of the security measures in place.

B.

Ensure that the receiving entity has signed a data processing agreement.

C.

Encrypt the transferred data in transit and at rest.

D.

Conduct a data protection impact assessment.

Page: 17 / 19
Total 268 questions