CIPP/E Practice Questions with correct answers graded A+

CIPP/E Practice Questions Which statement is correct when considering the right to privacy under article 8 of the European Convention on Human Rights? - correct answers The right to privacy has to be balanced against other rights under the ECHR What is the one major goal that the OECD Guidelinges, Convention 108, and the Directive all had in common but largely failed to achieve in Europe? - correct answers The restriction of cross-border data flow Which EU institution is vested with the competence to propose new data protection legislation on its own initiative? - correct answers Commission Which institution has the power to adopt findings that confirm the adequacy of the data protection level in a non-EU country? - correct answers European Commission What type of data lies beyond the scope of the GDPR? - correct answers Anonymised What is the consequence if a processor makes an independent decision regarding the purposes and means of processing it carries out on behalf of a controller? - correct answers The processor will be considered to be a controller With the issue of consent, the GDPR allows member states some choice regarding what? - correct answers The age which children must be required to obtain parental consent Which sentence BEST summarizes the concepts of Fairness, lawfullness, and transparency, as expressly required by Article 5 of the GDPR? - correct answers Fairness and transparency refer to the communication of key information before collecting data; lawfulness refers to compliance with government regulations Assuming that the "without undue delay" provison is followed, what is the time limit for complying with a data access request? - correct answers 1 month + additional 2 months Company X has entrusted the processing of their payroll data provider to Y. Provider Y stores this encrypted data on its server. The IT department of Provider Y finds out that someone managed to hack into the system and take a copy of the data from its server. In this scenario, whom does Provider Y have the obligation to notify? - correct answers Company X Which of the following would require designationg a data protection officer? - correct answers The core activites of the controller or processor consist of processing operations that require systematic monitoring of data subjects on a large scale. (public authority or large scal sensitive data would apply as well) When is a data sharing agreement MOST likely to be needed? - correct answers When personal data is being shared between commercial orgs acting as joint data controllers An employee of company X has just noticed a memory stick containing records of client data, including their names, addresses and full contact details has disappeared. The data on the stick is unencrypted and in clear text. It is uncertain what has happened to the stick as this stage, but it likely was lost during the travel of an employee. What should the company do? - correct answers Notify as soon as possible the data protection supervisory authority that a data breach may have taken place The GDPR specifies fines that may be levied against data controllers for certain infringements. Which of the following infringements would be subject to the less severe administrative fine of up to 10 million Euros? - correct answers Failure to implement technical and organisational measures to ensure data protection is enshrined by design and default Why is it advisable to avoid consent as a legal basis for an employer to process employee data? - correct answers Consent may not be valid if the employee feels compelled to provide it What is true about an employee who makes an access request to his employer for any personal data held about him? - correct answers The employer must supply all the information held about the employee unless there is an exemption Discover which employees are accessing cloud services and from which devices and apps Lock down the data in those apps and devices Monitor and analyse the apps and devices for compliance Manage application life cycles