Corey CIPP/E Study Guide Questions and Answers(RATED A)

When do you need a DPO? - ANSWER-If the core activity of the processor or controller includes; • Regular and systematic processing on a large scale • Processing special categories of data on a large scale • Monitoring of a large scale geographical area • Processing by public bodies other than courts When do controllers and processors have to keep records (Article 30)? - ANSWER-If they have 250 or more employees or The processing is likely to result in a risk to data subjects or Processing is not occasional Processing includes special categories When do you not need a DPIA even if you are doing a processing that involves high risk? - ANSWER-For legal obligation purpose (employment) or for execution of a public task (tax) Which institution is eligible to approve Binding Corporate Rules? - ANSWER-Supervisory Authority What are the Privacy Shield self-certification requirements? - ANSWER-Commit to adhere to the Privacy Shield Principles and publicise the commitment, publicly disclose privacy policy, implement the principles, Renew certification annually Why can't a US financial institution be eligible for Privacy Shield? - ANSWER-Because it is not under the enforcement authority of Federal Trade Commission What is the current list of adequate countries and the period to review the adequacy? - ANSWER-Uruguay, Argentina, Can